DevSecOps is real - What we learned by matching our appsec testing to our continuous release cycles

Presented at AppSec USA 2017, Sept. 22, 2017, 1:30 p.m. (45 minutes).

SaaS-first businesses like Salesforce, Box, Hubspot, Wix, ServiceNow, and Workday are taking over. It's actually becoming risky for enterprise software companies NOT to adopt the SaaS technology and business model. There's a real fear of being left behind. Over the next 10-20 years, every software company will be a SaaS company.   As a software-as-a-service company, Egnyte is innovating fast. It's all about speed of innovation, design, and usability. The faster you can go, the less you spend on product development, and the fewer person hours are required to deliver a complete solution. Every iteration is an opportunity to deliver greater business value.   The problem with buying a SaaS solution from someone you don't know is trust. When you don't have a long-term, heavily invested relationship with your customers (as in the old-school IT-driven, on-premise local data center implementation model), how do you signal quality? Elements like security and regulatory compliance must be maintained, but the way they are implemented can't slow the business down.   At Egnyte, we publish new software updates, features, and enhancements every two weeks. Secure software is business critical, and application security is what really matters. When it comes to software security, I am reasonably confident in our internal release criteria, which includes quality assurance and regression tests, automated security checks, as well as regular periodic software security assessment scans on our public-facing and production applications. But automated tools can't find everything. Human powered security testing is necessary, and on-demand specialization wins.   Join Kris Lahiri, CISO of Egnyte, for an in depth discussion of the evolution of his software security program - what he tried, what worked, what didn't, and how he's planning to move forward. This session is a must-see for any security leader responsible for application security at a Saas company.

Presenters:

  • Kris Lahiri - Chief Security Officer - Egnyte Inc
    Kris is a co-founder of Egnyte. He is responsible for Egnyte's security and compliance, as well as the core infrastructure, including storage and data center operations. Prior to Egnyte, Kris spent many years in the design and deployment of large-scale infrastructures for Fortune 100 customers of Valdero and KPMG Consulting. Kris has a B.Tech in Engineering from the Indian Institute of Technology, Varanasi, and an MS from the University of Cincinnati.

Links:

Similar Presentations: