DevSecOps / DevOps
Leaving the classic software methodologies behind, a new set of practices have emerged in the last decade to provide a better method for software development and management. As a result, in addition to supporting specific phases of the development and operation lifecycle of a software with tools, we began to fully automate processes by using automated systems such as CI/CD, as well as embracing cloud technology.
Satisfying the security concerns felt nowadays in computing, DevSecOps doesn’t just integrate development and operations, but adds security aspects to each step of the software production and provisioning of IT services process, including:
- applying threat modelling policies
- test driven development
- static code analysis via rule-based engines and AI
- regular code reviews
- automated integration testing
- automated penetration testing
- automated validation
- proper logging
- using threat intelligence and monitoring tools
The Health Data Exchange
We use DevSecOps and Agile methodologies in projects where we need to cooperate with our clients on a daily basis and react to change requests as quickly as possible. Health Data Exchange is one of these projects.
Health Data Exchange users can manage and sell their own medical records produced by the National Healthcare Service UK, via mobile applications. With security being a key importance when handling such sensitive personal data, the DevSecOps and the Agile methodologies used helped us to achieve our primary goals with ease.