https://www.darkreading.com/attacks-breaches/the-case-for-mardevsecops/a/d-id/1333136
By Jim Kaskade
Commentary
Dark Reading
10/30/2018
Why security must lead the integration of marketing into the collaborative
security and development model in the cloud.
Over the past several years, organizations have done themselves a favor by
integrating security into cloud operations, aka DevOps. Evolving DevOps
into DevSecOps by weaving security in with software development and
administration has proven to be a no-brainer, especially as the firewall
boundary extends beyond the traditional edge with public cloud services.
Because of the organizationally wide consumption of cloud services,
DevSecOps is empowering not only the developer community but also
marketing organizations. It's showing that cloud can be the force that
breaks down silos and delivers on companies' need for speed. The shadow IT
that has been supporting marketing behind the scenes can finally come
together in the light of day under a single force — MarDevSecOps.
MarDevSecOps may not roll off the tongue, and we're not advocating that
shadow IT persist with such a term. However, organizations now need to
involve marketing in the development process more than ever — especially
if they want to make sure consumer-facing digital products and services
can withstand hacking and phishing attempts, and are free of dangerous
vulnerabilities, while adhering to the European Union's General Data
Protection Regulation (GDPR) and other emerging global privacy
regulations. It will be up to security to make sure this incorporation of
marketing goes smoothly.
Security personnel are already realizing that their vantage point puts
them at an important nexus where all of these stakeholders meet. Earlier
this year, the CISO of a major consumer packaged goods company told me
that "trust is the new currency." The comment came up in the context of
the GDPR's mandate to obtain consumers' explicit consent before marketing
to them electronically. But he meant it to encompass the notion that all
customer activity must be kept secure, private, and compliant with privacy
regulations.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
