Information Security Assessment in DevOps for a Retail Company
A company in the retail industry approached Mobius Consulting to conduct a high-level assessment of their security in DevOps.
The objectives of the project were to conduct an assessment that included a review of the design and implementation of key information security controls within each of the DevOps bowtie phases to identify gaps in the control environment, which would assist in maturing DevSecOps.
Our team of specialist Digital Risk Consultants used the Mobius approach to meet those objectives:
- Performed workshops with the Dev team to understand the current state of controls across the DevOps phases.
- Conducted a high-level assessment of the state of security in DevOps.
- Reviewed governance artefacts related to security in DevOps (committees, policies, roles and responsibilities, etc).
- Assessed controls across the DevOps pipelines, taking into consideration tools in use (or that can be potentially utilised) and potential areas to automate security.
- Based on the assessment, Mobius drafted a report indicating gaps that exist, together with any improvement recommendations, and developed a remediation roadmap plan to help guide the IT, IT Security and DevOps teams in their adoption and embedment of security into DevOps.
As a result of the success of the project, the client gained an understanding of their DevSecOps maturity and could focus on efforts and initiatives to improve the security in their DevOps environment.
Contact Mobius Consulting to assess your security posture.