Download
Condividi
Marc Walzer
Responsabile della sicurezza e della protezione dei dati presso Sherpany

Discussing security in a world of rapid changes and continuous delivery: DevSecCon London

Information Security has always been an important topic, and it gets more and more attention every day from different industries. Currently, tech businesses are demanding quick software releases cycles for new updates and features, leaving security in the background. It tends to be managed as an afterthought and put into a reduced timeframe.

Security, however, should not be sacrificed for the sake of a speedy delivery. This is where DevSecOps comes in place.

But, what is DevSecOps?

DevSecOps is an approach that relies on the intense collaboration between development, security and IT-operations. The three core competencies together create ways to build security into the development process in a continuous manner, without neither impacting critical deadlines, nor delaying a software's release cycles.

In order to be able to react fast to the rapidly changing requirements and deliver a highly secure service, Sherpany follows the DevSecOps approach. With greatly skilled developers, security quality gates already early in the development lifecycle, automated security assessments and external assurance, Sherpany delivers a very high level of security for all information stored in the Sherpany Boardroom software.

Nevertheless, we strongly believe that it's essential to acknowledge industry trends and learn about best practices to overcome internal challenges. That is why security team members from Sherpany have attended this year's DevSecCon conference in London, which took place during the month of October.

The DevOpsCon event

The DevOpsCon conference is a platform for leading experts to showcase their ideas in order to give different perspectives on common topics of the industry. This year's edition gathered 22 expert speakers and 350 attendees from different countries, industries and backgrounds. They all met in the heart of London for two days of intense discussions and exchange of ideas on best practices, current trends and innovative approaches.

"Attending the conference allowed me to get a better grasp of the trends in the field. It was also a great opportunity to meet people that shared valuable know-how, and had a lot of insightful, experience-based learnings for all those participating." explains André Carpinteiro, DevSecOps Engineer at Sherpany

Of all presentations, one stood out because of its fascinating concept. Matthew Pendlebury, Senior Security Consultant, MWR InfoSecurity, and expert in organisational defensive security, talked about "attack aware application".

The concept reveals that if an application is “attack aware” it does not rely solely on external components, such as antivirus software, firewall solutions or intrusion detection systems to detect malicious activity. What it can do, however, is to detect an attack by itself, and even react to it appropriately. The concept brings to light a big advantage: this type of behaviour can result in another layer of security in order to protect the sensitive information.

DevOpsCon London's agenda offered other insightful talks about threat modelling, security automation and instrumentation and many other topics. The event brought together experts from the fields of DevOps and Security ensuring an environment of learning and support for participants to make sure that their development and delivery cycles are secure. This added to the successful outcome of the event and made the team from Sherpany excited to attend this year's conference.


For more information on the subject, we invite you to read about the importance of software security at Sherpany.

Marc Walzer
Responsabile della sicurezza e della protezione dei dati presso Sherpany
Marc Walzer è in possesso di un diploma di MSc (Master of Science) in scienze applicate (FFHS) nel settore ‘Ricerca Sistemi Informativi’. In Sherpany è responsabile della sicurezza delle informazioni e garantisce il corretto trattamento dei vostri dati personali.

Marc ha scritto anche di Weak TLS Encryption: a wide-spread risk

Approfondimenti e Risorse

facebooktwittergoogle-plus2linkedin2envelopsearch

Approfondimenti e Risorse

Sherpany fornisce business news, articoli di esperti, interviste esclusive, casi-studio e best practice sulla digitalizzazione e sull'evoluzione delle riunioni del CdA, delle direzioni aziendali e delle segreterie societarie.

Gli esempi di contenuti riguardano:

  • Board portal e software di gestione delle riunioni
  • Digitalizzazione delle riunioni
  • Governance e compliance
  • Leadership

Contatta Sherpany

Siamo lieti di fornirti maggiori informazioni su come il portale Sherpany sia allo stesso tempo conforme e sicuro. Compila il modulo e ci metteremo in contatto con te al più presto.

*Campo obbligatorio.

La newsletter non è al momento disponibile in italiano, La preghiamo di iscriversi ad una delle seguenti lingue: