SAN FRANCISCO--New Context Services, Inc., the leading provider of Lean Security for software and infrastructure development, today announced the forthcoming publication of the book “Lean Security” by New Context CEO, Daniel Riedel, and New Context vice president of security services, Andrew Storms.
Lean Security applies the “lean” management concept to the world of cybersecurity. New Context has now implemented Lean Security practices and processes with its clients in the United States and abroad, and its experiences with these implementations inform the book’s subject matter and takeaways.
“The 'lean' concept has proved incredibly effective for organizations from manufacturing facilities to startups,” said Riedel. “When these principles are harnessed for security, the result is a cohesive environment that ensures continued innovation within a secure framework. Considering that cyberattacks will never cease to exist, this is the only viable model for the future.”
Storms added: “It’s been a long-standing misconception that it is nearly impossible for a company’s software development team to meet the trifecta of being able to push code to production faster, develop more secure code and still reduce costs within the software development lifecycle. Our Lean Security practices buck that notion and are proving to be an effective model for our clients to meet their strategic goals.”
The book is co-authored by longtime security journalist Ericka Chickowski and will be published later this year. Available via www.leansecurity.com, it will explore the five principles of Lean Security, which include:
- Environmental Awareness: In order to adopt Lean Security principles, everyone - from engineers to architects, line-of-business managers to the C-suite - must keep IT security considerations in mind throughout the entire development lifecycle.
- Automate or Die: Just as with DevOps, automation is the keystone to Lean Security. In order to establish a continuous delivery pipeline, organizations must develop an entire automated tool chain to push bite-sized pieces of code to production through automated integration, test and deployment. Automated security testing and approval processes must be built into this tool chain to achieve Lean Security.
- Measure Everything: Feedback is crucial for developing quality applications and eliminating waste from the engineering process. As a result, developers, security teams and operations personnel need to be able to measure application and related infrastructure performance on a continuous basis in order to constantly improve the application accordingly.
- Simplify Engineering: Complexity is the enemy in development. It makes code messier, more expensive and less secure. The goal of Lean Security is to simplify engineering through more savvy use of third-party components and less frequent reinvention of the wheel.
- Lean Security Is Not Invisible Security: Security should never be opaque to the user. Users are increasingly aware of security risks today, and it is incumbent upon engineers to show them that security measures are baked into their software.
“If we shift software engineers’ thinking to focus on building security deep into their developmental practices, then we stand a better chance of maintaining operational resiliency when we run,” said Craig Rosen, CSO of FireEye. “I’m excited about Lean Security because it is a model that creates a sustainable environment where engineers, product and finance people can cultivate innovation together amid an increasingly turbulent and dangerous threat landscape.”
Doug Rhoades, director of information security at Sempra Energy, added: “As someone who understands how Andrew and Daniel work and build infrastructure, I'm excited to see them push Lean Security against the current status quo. Cybersecurity is one of the biggest challenges facing critical infrastructure, and it's key that everyone involved in the development process is included and that it is automated into the business infrastructure. Lean Security does both.”
New Context currently provides Lean Security consulting and services to financial services, energy, infrastructure protection and healthcare organizations. Its partners include thrv, Apigee and Delphix, among others.
About New Context
New Context delivers Lean Security™ through hands-on technical and management consulting. We are a team of experts with extensive backgrounds in information security and scalable, secure application development. Our tools and processes streamline development frameworks to ensure transparent and secure IT software development within DevOps processes. New Context is headquartered in San Francisco.