Op-Ed: Strengthening application security with Policy-as-Code
Today’s businesses are not short on policy mandates and principles meant to define governance objectives for all parts of the organisation, including application and software development life cycles.
While these policies may be well documented and reviewed annually during required awareness training, they are not always easily adopted into the day-to-day workflows of developers on the engineering frontlines, however.
While documentation is critical for keeping organisations aligned on the latest policies and guidelines, it is often too abstract or unactionable in practice. For organisations to build trust into their development workflows and processes, they need to consider implementing governance objectives directly into the software development life cycle (SDLC) to reduce the likelihood of malicious or accidental cyber events.
The crucial next step to aligning development, security, and operational objectives at scale is implementing policy-as-code or the practice of programmatically applying an organisation’s risk management objectives to its development ecosystem. This tactic enables more efficient and…
