Name: Top 5 Reasons Why Effective SLDC Security Controls Are So Difficult
Start: 2022-06-28T17:00:00Z
End: 2022-06-28T17:00:50.000Z
Location: BrightTALK
Rating: 0

With software supply chain attacks like SolarWinds, Kaseya, and Codecov regularly making mainstream news headlines, it’s no wonder that auditors are beginning to look more carefully at the security controls within the software development life cycle (SDLC). This is a problem for many organizations because security teams often have gaps in visibility and basic security and governance practices across the DevOps tooling and infrastructure used in modern development practices.

Understanding how an environment’s posture matches compliance requirements, implementing requisite security controls, and generating evidence for attestation is a huge, often manual task. This problem is made more difficult because most organizations have multiple engineering teams, each with their own software delivery pipeline and related tooling. This situation can turn regular audits into a nightmare for AppSec professionals.
In this webinar you’ll learn:

- Why modern software development practices make compliance harder for security teams
- How to easily map SDLC security posture to compliance requirements
- How to implement consistent security controls across DevOps tools and Infrastructure

Simple SDLC Security Mistakes that Can Cost you Big During Compliance

DevOps has been around for more than a decade. However, security teams still struggle to react to the drastic changes it brought to the SDLC. The influx of tooling needed to facilitate DevOps also brought with it added attack surface, complexity, and a lack of visibility; all of which have left security teams on their heels. Attackers have taken notice and shifted their attack priorities from production environments to the software delivery pipelines which build those applications.

Interestingly, the techniques used to cause software supply chains are frequently less sophisticated than we see elsewhere in security. It’s often the basics of security—like enforcing separation of duties, least privilege—which weren’t properly implemented across the SDLC, that cause breaches. It turns out that implementing consistent security controls in modern software development environments can be a big challenge.

In this webinar you’ll learn:
- Why security struggles to keep up with the pace of engineering
- Why effective security controls are so hard to implement across the SDLC
- How security teams can harden their tooling against software supply chain attacks

Why Security Teams Fail to Implement Effective Security Controls Across the SDLC

Top 5 Reasons Why Effective SLDC Security Controls Are So Difficult

IT Security

appsec

DevOps

Application Security

Governance

Compliance

devsec

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Top 5 Reasons Why Effective SLDC Security Controls Are So Difficult

Presented by

About this talk

More from this channel