Security Compass announced it has expanded on operational security (OpSec) requirements available in the SD Elements’ knowledge library, with support for Microsoft Azure and other application deployment environments.
SD Elements makes it easy for development teams to manage the security considerations of the entire technology stack – both the software itself, as well as the OpSec requirements of the Web server, application server, database server, and operating system.
Since announcing in October 2017 Amazon Web Services (AWS) as the initial set of OpSec requirements available SD Elements, Security Compass has expanded its content library to include support for the Apache Tomcat Server, Apache HTTP Server, Microsoft IIS Server, and Microsoft Azure. Support for the MySQL Database Server is coming soon.
Application security (AppSec) and OpSec unite in SD Elements to embed security into the software development lifecycle (SDLC) earlier on, helping to eliminate threats and vulnerabilities, before code is written. This helps to maintain a safe production environment.
Whereas AppSec builds security into the development process, OpSec protects applications in their runtime environments by ensuring that configuration and deployment settings are secure.
Together, organizations can leverage the efficiencies of DevOps, without sacrificing security, to realize the greater benefits of DevSecOps.
“SD Elements provides engineering teams with a holistic solution for managing software security requirements in a DevSecOps environment, allowing them to release and maintain software with more efficiency and fewer flaws,” said Ehsan Foroughi, VP of Product at Security Compass.
“These production-environment capabilities, combined with our existing AppSec and just-in-time training, enable agile organizations to achieve a continuous and comprehensive software security program, which allows for better risk management and data protection.”
Features and functionality of the SD Elements OpSec extension include:
- Secures the production environments of applications, also known as the “configure and deploy” stage of the DevOps cycle.
- Can be used to manage the security requirements of the deployment configuration settings alongside the requirements for the application itself to achieve DevSecOps.
- Features industry-standard benchmarks for securing application deployments from the Center for Internet Security
The new content from Security Compass is being welcomed by existing clients.
An executive sponsor for the AppSec program at a Fortune 50 company remarked, “We rolled out SD Elements based on the promise that our software teams wouldn’t run into any more issues. It worked as expected on the application side, but there were still issues from the deployment and configuration side. The new OpSec coverage allowed us to stand by our original promise by covering the operational aspect of the deployment hardening.”