During this virtual session, we first heard Greenyard’s take on the concept, then we had an open discussion for our members' insights, questions and experiences. To ensure an uninhibited discussion, this X-change was open to digital technology users only (not providers).
The presentations from this X-change, and a link to the recording of the event, are available for our members (after log-in).
Case: Security by Design: beyond the code
Johan Stronkhorst, Group ICT Security Manager at Greenyard, opened the event and set the scene. Greenyard is a global B2B company, mostly supplying the retail market in Western Europe.
As cyber-attack paths are constantly changing, Greenyard believes fresh approaches are always necessary. Johan shared some new trends:
These trends have their effect on the IT security strategy (slide 5).
In the DevSecOps concept, there are still many legacy systems, which makes the concept reactive. In the search for a more proactive approach, Greenyard moved from creating applications simply for the sake of the defined purpose, to having applications that are capable of monitoring.
For Greenyard, security means that data and information is available and secured, at all times. This availability is a key driver in Greenyard's security strategy, and business data flows define the monitoring of the infrastructure.
With this proactive approach, the dataflows can be observed, analysed and monitored from end to end in the critical business processes (slide 7).
However, even with the DevSecOps approach and a proactive mindset, it is important to keep an eye on the business risks, Johan emphasises. Incorporate risk mitigation in your solutions (Business Impact Analysis).
In practice, this means:
With a proactive #DevSecOps approach, the dataflows can be observed, analysed and monitored from end to end in the critical business processess. Johan Stronkhorst shares his insights from #Greenyard.#ITSecurity #CyberSecurity #SecuritybyDesign #KnowledgeSharing @VieilChat pic.twitter.com/gK98UaEiF9— @beltug (@Beltug) June 11, 2020
Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).
Beltug gathers a lot of information. Here you find the advantages of Beltug membership
The Beltug Team
Click here to login