Security
Compass, a software security company that provides organizations with the knowledge, training and technology to make software
secure, today announced it has expanded on operational security (OpSec)
requirements available in the SD Elements' knowledge library, with support for
Microsoft Azure and other application deployment environments. As the leading
policy-to-procedure platform, SD Elements makes it easy for agile development
teams to manage the security considerations of the entire technology stack -
both the software itself, as well as the OpSec requirements of the Web server,
application server, database server, and operating system.
Since announcing in October 2017 Amazon Web Services
(AWS) as the initial set of OpSec requirements available SD Elements, Security
Compass has expanded its content library to include support for the Apache
Tomcat Server, Apache HTTP Server, Microsoft IIS Server, and Microsoft Azure.
Support for the MySQL Database Server is coming soon.
Application security (AppSec) and OpSec unite in SD
Elements to embed security into the software development lifecycle (SDLC)
earlier on, helping to eliminate potential threats and vulnerabilities, before
code is written. This helps to maintain a safe production environment. Whereas
AppSec builds security into the development process, OpSec protects
applications in their runtime environments by ensuring that configuration and
deployment settings are secure. Together, organizations can leverage the
efficiencies of DevOps, without sacrificing security, to realize the greater
benefits of DevSecOps.
"SD Elements provides engineering teams with a
holistic solution for managing software security requirements in a DevSecOps
environment, allowing them to release and maintain software with more
efficiency and fewer flaws," said Ehsan Foroughi, VP of Product at
Security Compass. "These production-environment capabilities, combined
with our existing AppSec and just-in-time training, enable agile organizations
to achieve a continuous and comprehensive software security program, which
allows for better risk management and data protection."
Key features and functionality of the SD Elements OpSec
extension include:
- Secures the
production environments of applications, also known as the "configure and
deploy" stage of the DevOps cycle.
- Can be used
to manage the security requirements of the deployment configuration settings
alongside the requirements for the application itself to achieve DevSecOps.
- Features
industry-standard benchmarks for securing application deployments from the
Center for Internet Security
The new
content from Security Compass is being welcomed by existing
clients. An executive sponsor for the AppSec program at a Fortune 50
company remarked, "We rolled out SD Elements based on the promise that our
software teams wouldn't run into any more issues. It worked as expected on the
application side, but there were still issues from the deployment and
configuration side. The new OpSec coverage allowed us to stand by our original
promise by covering the operational aspect of the deployment hardening."