Cisco Systems - Secure DevOps
Company: Cisco Systems, San Jose, CA, USA
Company Description: Cisco Systems, Inc. (known as Cisco) is an American multinational technology conglomerate headquartered in San José, California, in the center of Silicon Valley, that develops, manufactures, and sells networking hardware, telecommunications equipment, and other high-technology services and products.Cisco is the largest networking company in the world, NASDAQ-100
Nomination Category: Products & Product Management Categories
Nomination Sub Category: Best New Product or Service of the Year - Software - IT Service Management Solution
Nomination Title: Secure DevOps
Tell the story about this nominated product or service (up to 650 words). Describe its function, features, benefits, and performance to date.
Cisco IT's Developer Experience has been the core initiative to drive innovation and enable Fast IT. Security is also one of the top 5 Company wide initiatives this year and every year. Customers protection and data protection is the cornerstone of Cisco's business edge.
Today Security threats and vulnerabilites keep every CIO(Chief Information Officer) and CISO(Chief Information Security Officer) up at night.The Application is the apperture to the kingdom of security and the crown jewels of a company and its data.Security is IT's toughest problem to solve without compromising speed and agility. Cisco IT's CD(Continous Delivery) Technology & Architecture -Security Enablement Services Team, took on the daunting challenge of building security into the IT DevOps pipeline and brought it to fruition embedding vital Application Security capabilities into it. Without high level levels of automation, and process maturity developers will refute the security controls, as their focus is on the delivery of features.
Using Agile, and continuously decreasing process complexity and increasing developer maturity along with Technology transformation as the CI/CD pipeline, this team architected a secure DevOps pipeline, that embeds static security analysis from code build to dynamic security analysis as a pre-deployment step, with release automation. Working with our security vendor partners in CheckMarx & IBM, Cisco IT now houses a bleeding edge secure DevOps platform, that both automates, simplies, but also takes Cisco towards a cognitive secure world.Today a developer takes under 1 hour to run his/her static security scans and less than 8 hours to run their dynamic security scan in the pipeline.Overall the cost of fixing vulnerabilities have come down, due to early detection by 30%. Vulnerability detection and coverage is for all of the 1700+ Cisco IT applications.
1.Developer productivity and Security awareness has increased by 76%
2.Cisco IT's 2000+ applications and 700+ softwares today go into Production securely.
3. 10+ Bootcamps geographically have been delivered to educate 4000+ developers
4. Cisco Product Engineering is also adopting & leveraging our IT Service to leverage the Secure Devops pipeline as part of the product security baseline. More than 500 Cisco products run through this pipeline.
5.Comprehensive OWASP top vulnerabilties capture from multiple tools, by IT service & function.
In bullet-list form, briefly summarize up to ten (10) of the chief features and benefits of the nominated product or service.
1.The security scans are 100% automated and have reduced the time spent in pen-testing
2.Cisco IT is able to benchmark security as a pillar of quality for all its releases in the current fiscal year, tying it to releases and tracking softwares by versions in production
3.Security posture data about the applications are built into the Continuous Delivery Insights by vendors and functions and lines of Code
4.Time spent on governance has reduced due to the quality of vulnerability data available to the auditors, along with Gating for Security posture benchmarks tobehit
5.Clear mapping & tracking of vulnerabilities detected at Code and at Development, to post -QA and pre-deployment of the application into Production
6. Recognized as the Secure DevOps pioneer and invited to multiple forums to speak about the Cisco story, including DevOps.com, IBM InteConnect 2016 & 2017 and other developer summits.