A survey conducted by ZeroNorth revealed that having a security champion within their application development allowed organizations to strengthen the security of their apps and improve the relationship between security and DevOps teams.
Although the initiative is quite recent, organizations that have already adopted such programs report that it has reinforced the security skills and knowledge of developers as well as enhancing immensely their application security.
In order for this to be successful, however, it is necessary that security champions have a unique passion for security and are supported by corporate security leadership and engineering leadership. Moreover, having good cooperation between security champions and corporate security teams is vital to set priorities and be trained in the best practices possible.
Security champions are likely to become an essential force that brings together DevOps and security teams. Hence, security champions can be some kind of ambassador for the security teams among developers. At the same time, it enhances the confidence security professionals have in developers as there is a definite shift towards DevSecOps.
Collaboration between DevOps and Security teams is vital for organizations to remain on top of the competition and tackle cyberthreats. More and more businesses are embracing the best DevSecOps practices, especially as the need for a security champion is becoming more urgent than ever.
However, finding a security champion with the appropriate application development expertise remains a challenge.