Fabian Lim presented on how DevSecOps is implemented at GovTech Nectar in Singapore. Nectar provides a Platform as a Service (PaaS) for government agencies, with shared responsibilities for security between Nectar and users. Nectar is responsible for the security of the PaaS infrastructure, while users are responsible for securing their applications. Nectar enables DevSecOps through a culture that embraces failure and feedback, hiring developers, security and operations staff, implementing agile processes like sprints with security involvement, and using DevOps tools to automate security in the software development lifecycle.
14. #RSAC
Project A
Project C Project D
Project B
Time:
Years to
fulfil
Cost:
$$$$$$$$$
Manpower:
High
Overhead
Common Data:
Repeated, not
shared
Resources:
Isolated,
under utilized
Breaking Silos
Security:
✓ Compliant
:)
22. #RSAC
Principles
Business Risk Driven; not Compliance Driven
Collaboration; not Division
Responsibility Sharing; not Dismissal
Test Hypothesis; not Delay
Doing Right Things Fast; not ‘Quick and Dirty’