Cybersecurity, Zero Trust, and Shift Left Security are concepts that safeguard our digital society from threats. The Agile Software Assurance Maturity Model (ASAMM) is a robust framework for software development that integrates modern methodologies, such as DevOps and Agile, with Zero Trust principles, including continuous verification, strict access policies, automated policy enforcement, and micro-segmentation. This study examines how Zero Trust principles and the core Zero Trust Measures can be incorporated into Agile methodologies. By doing so, organizations can enhance security and development efficiency, making security integral to each development iteration. Over 50 organizations, representing well over 1000 DevOps/Agile teams, were assessed using the ASAMM Framework to obtain a representative sample. Through an action-based research methodology focused on practical improvements that can be applied immediately, we offer new insights, including the need to mature verification, perspectives on Dev versus Ops, and recommendations for academics and practitioners. The maturity model, which uses a zero-to-three scale, helps organizations identify risks and embed security throughout the development process. We conclude by deriving essential Zero Trust practices from earlier academic research.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Zero Trust in Agile Development

  • Barry Derksen,
  • Yuri Bobbert

摘要

Cybersecurity, Zero Trust, and Shift Left Security are concepts that safeguard our digital society from threats. The Agile Software Assurance Maturity Model (ASAMM) is a robust framework for software development that integrates modern methodologies, such as DevOps and Agile, with Zero Trust principles, including continuous verification, strict access policies, automated policy enforcement, and micro-segmentation. This study examines how Zero Trust principles and the core Zero Trust Measures can be incorporated into Agile methodologies. By doing so, organizations can enhance security and development efficiency, making security integral to each development iteration. Over 50 organizations, representing well over 1000 DevOps/Agile teams, were assessed using the ASAMM Framework to obtain a representative sample. Through an action-based research methodology focused on practical improvements that can be applied immediately, we offer new insights, including the need to mature verification, perspectives on Dev versus Ops, and recommendations for academics and practitioners. The maturity model, which uses a zero-to-three scale, helps organizations identify risks and embed security throughout the development process. We conclude by deriving essential Zero Trust practices from earlier academic research.