While many security teams find that Agile development poses challenges, some organizations have found that Agile can actually improve security rather than hamper it. An article from CSO explains how executives at the Aetna insurance company, the State of Texas, and other organizations utilize Agile methods as a helpful part of their security processes.
From the article:
The Lone Star State has also switched to agile development for its Texas.gov online portal, and security had to adapt as well, according to CISO Tim Virtue.
Instead of waiting six months for problems to get fixed in the next development cycle, they now get fixed in two weeks, Virtue told attendees at the CSO50 conference earlier this year.
He has also seen improvements in employee motivation, retention and recruitment. Cycle time for vulnerability management and remediation was cut in half and the time it took to deliver new security services was cut by 90 percent.
“We’re fixing problems before they become problems,” he said. “That gives us more time to deal with innovation and other things out there.”
Read the full article: Agile security lessons from Aetna and the State of Texas | CSO