Development Security Operations (DevSecOps) is the shift of technology and software security to the beginning of the development cycle. DevSecOps is aimed at enhancing delivery outcome frequency and lead times with improved engineering practices that integrate development, security, and operation teams' methods and goals.
There are four types of information technology work, according to The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win:
- Business projects
- Internal projects
- Operational changes
- Unplanned work
DevSecOps requires that Operations and Security teams work with Development from the absolute beginning of any project. This means that regardless of the type of work, security is a main focus of the project work. The result is better security which is catered and built in to the product or service, in contrast to security layers added on top of existing technology.