Mastek Blog

Bhavin Shah

Agile and DevSecOps Practice Lead

Recent Posts

Why SecOps is needed now more than ever?

26-May-2022 17:41:37 / by Bhavin Shah posted in #DevSecOps #SecOps #IAST #DAST #SAST #RASP

0 Comments

Impacts of changing landscape

    1. Two years into the deadly and disruptive global pandemic, not only are we continuing to see more attacks, we’re also seeing more actual breaches which results in significant financial losses, reduction in getting new business, losing trust with existing customers.
    2. In today's scenario, most of the organizations has adopted agile methods for software development which has shortened Go-To-Market by deploying changes quickly to production environment. A security vulnerability leak could cause significant damage in no time and cost of such incident might outweigh the security budget
    3. Implementing security keeps getting harder with more threats, complexity, fewer people and hence we see lot more cyberattacks and breaches
    4. Top 3 attacks of 2021:
      1. SolarWinds attack had 18000 customers impacted
      2. REvil hit Apple supplier Quanta with a $50 million ransomware attack
      3. Apache Log4j, a zero-day vulnerability attempted exploit of more than 48% of corporate networks globally.
    5. 2022 so far:
      1. The war in Eastern Europe has triggered cyber warfare (criminal ransomware, hacktivist or other disruptive attacks against government or critical infrastructure) with potential disruptive activities and information operations with the goal of eroding popular sentiment and political will.
    6. Major causes for vulnerabilities:
      1. Current trend as per Trend Micro:
        1. 80% of application code is open source
        2. 2.5x increase in open source vulnerabilities in the last 3 years
        3. 78% of vulnerabilities are found in in-direct dependencies
      2. As per Gartner, through 2023, at least 99% of cloud security failures will be the customer’s fault, mainly in the form of cloud resource misconfiguration.
    7. A 2021 report suggests that because healthcare organizations are less likely to back up their data than those in other industries, they are more prone to paying the demands of ransomware actors. Please refer to Figure 1 for its trend.

 

Read More

Transform, Package & Deploy faster and secure with DevSecOps

29-Jul-2021 07:47:52 / by Bhavin Shah posted in DevOps culture, AppDev, Devact, DevSecOps, Security, Automation

1 Comment




Do you practice DevOps?

It is time to take complete advantage of its agility and responsiveness by including security as an integral part of the entire app life cycle.

Integrate and automate security in your DevOps practice

Many organizations aim to shorten their system’s development life cycle and provide continuous delivery with high software quality. Where DevOps combine a system’s software development and IT operations, the Security team catches the bug & vulnerability during the development stage so that the end sure won’t be facing any errors after the release of the application. It safeguards the application release and the company’s reputation in the public market.
Read More
Content not found

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

see all

Recent Posts