Security Compass extends support for operational security; now includes requirements for Microsoft Azure, AWS, Apache



Security Compass, a software security company, announced on Wednesday it has expanded on operational security (OpSec) requirements available in the SD Elements’ knowledge library, with support for Microsoft Azure and other application deployment environments.

As an important policy-to-procedure platform, SD Elements makes it easy for agile development teams to manage the security considerations of the entire technology stack – both the software itself, as well as the OpSec requirements of the Web server, application server, database server, and operating system.

Security Compass ihelps users to proactively manage cybersecurity risk without slowing down their business. Offering Advisory Services, Training, and SD Elements, its policy-to-procedure platform for security and compliance. Security Compass enables organizations to rapidly and efficiently deliver technology that’s secure by design. Security Compass serves large businesses in North America. The privately held company is headquartered in Toronto, Canada with global offices in the United States and India.

Application security (AppSec) and OpSec unite in SD Elements to embed security into the software development lifecycle (SDLC) earlier on, helping to eliminate potential threats and vulnerabilities, before code is written. This helps to maintain a safe production environment. Whereas AppSec builds security into the development process, OpSec protects applications in their runtime environments by ensuring that configuration and deployment settings are secure. Together, organizations can leverage the efficiencies of DevOps, without sacrificing security, to realize the greater benefits of DevSecOps.

Application-security practices protect software from attacks and privacy breaches by reducing vulnerabilities in the code. Alternatively, operational security practices protect software in its production environment by improving monitoring, security analysis, and risk assessment.

In a DevOps environment, the deployment and configuration stages of production are often programmed into the software. Previously, software was configured manually by IT staff. Now, certain technologies allow the software to control its own configuration and server settings. Notable groups of technologies in this area include cloud-based infrastructure technologies, deployment management tools, and container technologies. SD Elements supports these three advanced technologies.

The key features and functionality of the SD Elements OpSec extension secures the production environments of applications, also known as the “configure and deploy” stage of the DevOps cycle. It can be used to manage the security requirements of the deployment configuration settings alongside the requirements for the application itself to achieve DevSecOps, and features industry-standard benchmarks for securing application deployments from the Center for Internet Security.

The new content from Security Compass is being welcomed by existing clients.  

Since announcing in October 2017, Amazon Web Services (AWS) as the initial set of OpSec requirements available SD Elements, Security Compass has expanded its content library to include support for the Apache Tomcat Server, Apache HTTP Server, Microsoft IIS Server, and Microsoft Azure. Support for the MySQL Database Server is coming soon.

“SD Elements provides engineering teams with a holistic solution for managing software security requirements in a DevSecOps environment, allowing them to release and maintain software with more efficiency and fewer flaws,” said Ehsan Foroughi, VP of Product at Security Compass. “These production-environment capabilities, combined with our existing AppSec and just-in-time training, enable agile organizations to achieve a continuous and comprehensive software security program, which allows for better risk management and data protection.”

 

Leave a Reply

WWPI – Covering the best in IT since 1980