Portal de Periódicos da CAPES

DevSecOps PRACTICES FOR AN AGILE AND SECURE IT SERVICE MANAGEMENT

2019; Allied Academies; Volume: 22; Issue: 4 Linguagem: Inglês

1524-7252

Mounia Zaydi, Bouchaib Nassereddine,

Cybercrime and Law Enforcement Studies

Without appropriate consideration of security best practices, the continuous delivery of IT services facilitated by DevOps is risky. On the other hand, SecOps offers the possibility to reduce security risks if security is integrated into the continuous delivery pipeline according to best practices. The purpose of this paper is to investigate how DevSecOps culture can be applied in IT service management. We interviewed representatives of five Middle East and North Africa (MENA) organizations that are adopting SecOps in their ITSM daily activities. We note that the majority of respondents expressed the potential of common DevSecOps such as automated monitoring to improve ITSM. This research provides novel findings of a possible relation between DevSecOps practices and IT service management controls as well as on “why” and “how” can these practices help ITSM. The novelty of the findings brings advantages for academics, and due to the exploratory nature of this research, it extends the body of knowledge. It also provides contributions for practitioners, by showing how these practices can be applied and the result of the implementation of these practices.