CISO Summit No 19: Application Security, Docker, DevOps, and Agility: Which Security Measures, Architecture and Design is needed?

Traditionally, Development and Operation were two separate streams of activities, separated by long and intense testing, to guarantee a near incident free and secure operation. Time-to-market is a key issue and defines from the business side the performance and flexibility of a company at the market. The goal to speed up the entire process from development until production is from all business lines accepted and paramount for business success. Security requirements are different for various applications. We have attracted two keynotes presenting critical applications in the rail and financial sector, both taking advantage of innovative combination between develop- ment and operation, while maintaining a very high level of security.

Olaf Zanger will present Smartrail 4.0, a concept of complete digitization of railway operation. In this case study the engineering process is predominant, including all quality and safety requirements. Smartrail 4.0 is using agile methods, and Olaf will present how the safety process can be adapted for secure software develop- ment. The main goal is to provide the highest possible software quality in a “mandatory fail-safe system”.

Christian Reinhard and Arno Aukia will present the Finnova secure banking operation platform, which is based on DevOps in development and operation: Agile development processes, container platforms and tools used for operational security engineering are core topics. From the technology partner, the focus is on DevOps pipe- line and technology, and from the core banking application side, the focus is on the experience of setting up these systems, testing it, and handling risk assessment and security issues.

At this 19th Swiss CISO Summit we offer a forward looking topic, which is often the blind spot in the eyes of the security office. I am convinced, that the topic is very important and that we need to advance the security in the agile DevOps issues, and a sound understanding of risks.