Cybersecurity DevOps workshop
by Peter Hinchliffe Director
Posted on July 18, 2019
Security isn’t just the responsibility of the IT department or security team, every user has a responsibility to be aware and practice the right security behaviours. The developer community is a key group in this and key as organisation move to being more digital.
Recently we’ve seen the Government’s digital initiative, for all businesses, launching Making Tax Digital from HMRC in April 2019, through to mass adoption of cloud applications, hosting and online tools to name but a few. Businesses need to be aware that any asset within their organisation could be at risk from cyberattacks.
With NXT's commitment to customers to ensure end-to-end applications and products are secure, we ran a digital security workshop hosted by EY’s UK Cybersecurity team.
The two hour interactive session involved:
- An overview of the latest web trends and agile application methodologies
- An agency perspective of working with IT and Marketing teams in delivering applications
- An agency perspective on security and using 3rd party products, services and DevOps within the cloud
- An overview from EY of the top 5 application security vulnerabilities
- EY’s Security by Design methodology and the associated “threat pillars”
- Discussions regarding OWASP exploitation fixes
- Discussions around practical toolkits that could be employed by application developers
Both teams quizzed each other on security weak-points that potentially exist and how they can be resolved. The key take-away from NXT’s perspective was that security and threat risk should be a consistent milestone that’s always addressed, checked and agreed from conception through to delivery of any project. It should always be a collaborative conversation with both agency and customer and not, a one size fits all approach, depending on the company’s risk profile.
EY’s Associate Partner for UK Cybersecurity Gavin Cartwright said:
“The workshop explored how teams work through application and DevOps processes. The application development market is constantly evolving so designing security in from the start and aligning these with specialist cloud applications becomes vital to stay ahead of the latest threat vulnerabilities.”
NXT’s development team who attended, all agreed that it gave us a great update on the latest risks and how we should consider security throughout our development sprints.
Thanks again to all who participated!
About the Author
Peter heads up our client liaison side of NXT, supporting everything from new business and strategy opportunities, client and project liaison, through to project training and handover. Peter's key interests lie in digital marketing and technical development strategy and planning. Keep track of Peter's updates on the NXT Twitter feed. Don't follow his personal account unless you are into rugby, football, golf, F1, carp fishing or general customer service complaints to brands.