How to deliver better application security, faster
Join us for this special edition of the QA Financial Digital Forum
There's a revolution underway, as financial firms change the way they organise and deliver secure apps and software platforms. The adoption of DevOps delivery methodologies can enable banks and insurance companies to shift their penetration and security testing to the left; embedding it in their CI/CD process from the outset. That saves time and money, and means shorter delivery times.
However, app security has never been more challenging, or more close scrutinised by regulators. DevSecOps has to be embraced not just by testers and developers, but by stakeholders in the firm including change managers, operational risk managers and, of course, the C-suite. That means the technical detail of DevSecOps has to be more widely understood.
Matthew Crabbe, CEO and Founder – QA Media
What does built-in security look like? What amount of security controls are necessary within a given app? Automating repeated tasks is also key, since running manual security checks in the pipeline can be time intensive. This talk will focus on the coexistence of Dev, Sec and Ops in an application security framework and it will also delve into common challenges in embedding traditional security controls in a CD pipeline.
This session will consider two questions facing every major financial firm: what is best practice in embedding security in the SDLC? And, as the move to the Cloud continues, how can firms create an enterprise view of data management that incorporates their investment in test environments? Our keynote will discuss the potential and limitations of a DevSecOps framework, and identify which controls financial firms should be putting into place to position themselves to develop a mature and robust security framework.
Our expert speaker will focus on two critical topics. First how financial firms are managing compliance requirements for security and data protection and, secondly, the evolution of IT risk management as more financial firms move to the Cloud and software-as-a-service models. How are financial firms managing third party vendors in this new environment, and are they closer to agreeing industry standards with regulators?