[The content of this article has been produced by our advertising partner.]
In an increasingly interconnected world, technological innovations can bring about new opportunities that come with great risks. From artificial intelligence to cloud computing, companies are now relying on digital solutions to drive value and enhance customer experience. However, by being one of the firsts to jump on the bandwagon of this rapid evolution, companies can unwillingly expose themselves to cybersecurity threats and create an expanded attack surface for cyber criminals and hackers.
Cathay is tackling this challenge head-on by embracing a DevSecOps approach to security with the support of Amazon Web Services Professional Services (AWS ProServe). As one of the world’s leading premium travel lifestyle brands, Cathay seeks to set new benchmarks in the aviation industry, ensuring that safety and compliance are upheld at every layer of operations as they soar to new heights.
The traditional approach of software development treated cybersecurity as an afterthought, addressing vulnerabilities later in the lifecycle and testing them separately. With the delivery teams often facing tight deadlines, the reactive approach only led to two less-than-ideal scenarios when a security issue was detected: the launch either had to be delayed, or vulnerabilities were forced to be fixed at a later date.
However, with the implementation of DevSecOps, a security-enhanced version of the DevOps model, automated security assessments are introduced throughout the continuous integration and continuous delivery (CI/CD) pipeline. By “shifting left” and implementing an early feedback loop, the way of work is no longer the same. Vulnerabilities can be identified and resolved during the coding phase, long before actual deployment.
Key enablers of this shift are Amazon Inspector and CodePipeline, automated tools that facilitate continuous vulnerability assessments and delivery pipelines respectively. The automated nature ensures that security never takes a backseat, even when the team is under the pressure of time. Any code that is completed will be scanned for vulnerabilities, so they can be flagged and fixed before moving on to the next stage.