Skip to main content
Feb 13, 2019

Part 3: App Security Should Be An Integral Part Of Your DevSecOps Process — Not An Afterthought

Situations When DevSecOps Won’t Work

Though DevSecOps is getting more popular by the day, and has many benefits to an organization, there are certain projects which aren’t suitable for DevSecOps.

Typically, a successful DevSecOps process should be reserved for those applications running in a zero-trust environment, i.e. applications that are deployed into the outside world, via app stores or available on the public web.

What kind of applications or projects are not suitable for DevSecOps?

Legacy applications should typically be avoided when considering projects/applications to put through your organizations DevSecOps team. Typically, these applications should be assessed using a formal Pen Test. Often the source code for these applications may not be readily available or were written by a third party. As such they should be assessed by an external team for serious violations and remediated when resources and time permit.

Applications that will be running within your organizations security perimeter or behind it’s physical walls without access to the outside world should be avoided. These applications may contain weaknesses or not fall in line with traditional secure coding practices, but the risk of these weaknesses being exploited is significantly less as they most likely would never be available to a potential attacker. As such the stringent requirements made for your public facing applications can be deferred and you can prioritize your DevSecOps efforts on protecting your most critical applications.

For internal applications, you may want to consider another approach to ensure secure deployment and a level of protection via an application management solution. Arxan offers a solution which does not require a device management solution. With an app beta testing solution, deployment solutions for any device, and the ability to customize compliance or security policies, it provides an easy way to manage and secure internal apps without having to utilize your new DevSecOps process.

To learn more how to streamline and optimize your DevSecOps process, read the next post.

Chris Mizell

Chris has spent 10 years in the application security space, with experience securing embedded, mobile and desktop-based applications. His work has spanned multiple industries including automotive, aviation, and financial services.

More from the Blog
Jan 30, 2019

Part 1: App Security Should Be an Integral Part of Your DevSecOps Process — Not an Afterthought

What are the key considerations and components of DevSecOps? The intention of DevSecOps is to build the mindset that everyon ...
Read more
Feb 06, 2019

Part 2: App Security Should Be An Integral Part Of Your DevSecOps Process — Not an Afterthought

How to start implementing a DevSecOps process As you may have read in our
Read more
Feb 20, 2019

Part 4: App Security Should Be An Integral Part Of Your DevSecOps Process — Not An Afterthought

How Arxan can help streamline and optimize your DevSecOps process One of the most important factors to keep in mind when dep ...
Read more