The successful integration of security into the DevOps process is often a complex and transformational shift for many organizations. Because of this, our holistic approach to maturity evaluates the three key areas of people, processes, and technology to develop and implement successful and holistic programs. We help organizations understand their current state, define their vision state, develop a strategy aligned to business needs, and ultimately deliver an actionable roadmap to a mature and successful DevSecOps program.
We begin by evaluating the current state of the organization’s DevOps or DevSecOps program, including strategy, culture, organizational structure, how CI/CD processes are implemented, and the technologies used. From there, we identify risks and areas of improvement, and make actionable recommendations to improve the maturity. We offer the optional ability to benchmark your organization against frameworks such as Building Security In Maturity Model (BSIMM).
The three phases of the Secure CI/CD methodology include:
- Workshop & discovery: Evaluation of the current state of your DevOps or software development lifecycle program, including strategy, culture, organizational structure, how CI/CD processes are implemented, and the technologies used, including the cloud infrastructure where your CI/CD pipeline resides, whether that be Azure, AWS, GCP, or a combination.
- Analysis & reporting: Analysis of findings and evaluation of secure software development processes against Coalfire’s Secure CI/CD framework and best practices to determine gaps and opportunities for improvement between current state and target maturity future state.
- Vision & roadmap: Development and delivery of a detailed report with findings and actionable recommendations for maturing the program, including key considerations for people, processes, and technology.