Implementing DevSecOps in Regulated vs Unregulated Industries
January 14, 2022
Each business’s cyber security department must implement a unique DevSecOps gameplan specific to the industry in which they exist. For example, a team working to install software at Yankee Stadium will face factors which cause them to approach their operations differently than a team working for a network of department stores.
A key factor in determining the correct gameplan is whether the industry in which the DevSecOps team exists experiences strict government regulations. Specific regulations may help inform a C-suite executives’ priorities and their willingness to buy into DevSecOps recommendations.
Identifying Obstacles in a Regulated Space
Rohit Parchuri, Chief Information Security Officer at Yext, addresses this “regulated vs unregulated” discussion during the latest episode of The Secure Developer podcast. Parchuri, a former DevSecOps leader in the healthcare industry, said a regulated space like healthcare requires work from the “inside out.”
For regulated industries, Parchuri says “you’re not delivering a lot of features or security enhancements, but you are managing your vendors and partners a little bit more than you would on the product side of the house.” He pointed to the Protected Healthcare Information (PHI) within a healthcare space and the antiquated systems in which they usually exist. The lift it takes to convert that information out of the old system — and the vendors desire to continue using that system — is a major difference compared to a product facing operation which doesn’t have the same regulatory rigor. (Hear Parchuri expand on this topic at the 6:11 mark of the podcast.)
While DevSecOps in regulated and unregulated spaces operate differently, there are best practices that apply across both disciplines. Selecting the correct framework, fostering a collaborative team culture, and recruiting the right personnel for the job are all components of an ideal development security team.
For more on cyber security in regulated vs. unregulated spaces and tips for building your DevSecOps team, check out Ep. 104 of The Secure Developer podcast, “Implementing DevSecOps in Regulated vs Unregulated Industries.”
Senior Manager, Global Communities at Snyk
About Sam Hepburn
Sam has spent the past decade in London becoming a well-known face of the tech startup scene. Working with a variety of organisations within London and now globally building some of the largest tech communities in the world. Her main aim is to create environments for individuals to feel welcome and for communities to flourish.
She’s currently leading the community team at Snyk.io including DevSecCon helping developers adopt security into their development workflows. She is the producer of The Secure Developer podcast and on the Steering committee for Devoxx UK.