Prakash Sethuraman, chief information security officer at CloudBees, said federal agencies looking to address the complexity of software security and compliance should advance the adoption of automation and continuous authorizations to operate.
“In the world of microservices, public cloud-native applications and high-frequency releases, ATOs that periodically assess the suitability of a process are no longer valid,” Sethuraman wrote.
He noted that agencies seeking to deliver continuous ATOs should pursue compliance in real time for software supply chains.
“Deployments of software to production should be automatically prevented if the required criteria are not met,” Sethuraman said.
“When security and compliance are transparent and continuous, the DevSecOps ecosystem creates a safety net that operates in real time to prevent security missteps and ultimately helps boost the productivity and creativity of development teams,” he added.
Sethuraman cited the three questions ATO users should answer to address cybersecurity challenges facing software developers and discussed the need for agencies to ensure security as they go for speed when it comes to app development.