EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Select your location
Local sites
Discover how the EY-IBM alliance with Red Hat helps clients stay aligned with the pace of customer demand through embracing a culture of DevSecOps, which lies at the heart of digital transformation
DevSecOps – short for development, security and operations – automates the integration of security at every phase of the software development lifecycle, from initial design through integration, testing, deployment and software delivery. DevSecOps allows a company to safeguard its information, automate manual processes, and ease the compliance and auditing processes along the way. Embedding security into the software development cycle maintains speed to market while building trust. Configuration is applied in an auditable way, providing self-documenting evidence of compliance. Market pressures dictate an integrated model and effective teaming that requires cross-functional coordination to protect the business. DevSecOps brings a unified approach to this effort that delivers secure products at pace.
Top four areas of concern as DevSecOps efforts shift toward the cloud include: data security (45%), cloud security management (36%), supply chain security risks (33%), and protecting public cloud assets (29%).” 1
Integrating security with DevSecOps – and shifting left
EY-IBM alliance with Red Hat
Together, EY US, IBM and Red Hat, are developing innovative solutions to help provide the sustainability and resiliency that helps companies operate and lead both today, and in the years to come, as they reframe their future amidst an unpredictable and rapidly evolving environment.
DevSecOps is about built-in security, not security that functions as a perimeter around apps and data. If security remains at the end of the development pipeline, organizations adopting DevOps can find themselves back to the long development cycles they were trying to avoid in the first place.
As software developers start opting for shorter, more agile software development life cycles that take a few days or even a few hours, they need an integrated security approach that offers protection without becoming a hindrance as necessary updates are launched and applications are moved quickly through to production.
Increasing technology capabilities to enable automation and interoperability between systems through a centralized platform has enabled a methodology to solve broader business challenges in a leading practice known as DevSecOps, which:
- Enables the business to rapidly realize business value and experiment with innovation. Product teams are able to reduce time to market with increased stability and predictability of technology success.
- DevSecOps capabilities improve and support secure development and require verification in a fast-moving CI/CD pipeline.
- Effective and efficient DevSecOps processes, procedures and automation underpin and support DevSecOps.
- Provides automated deployment and compliance monitoring for risk management processes, e.g., risk identification, risk analysis, risk acceptance and risk improvement.
Our latest thinking
Why private equity cybersecurity is urgent now
Private equity cybersecurity strategy is critical in investment diligence, deal announcements, value creation and exit. Read more.
30 Mar 2023
John Hauser