title of presentation · cutting edge solutions in: digital bi & analytics quality assurance...
TRANSCRIPT
Sogeti Finland Oy
DevSecOpsAri Vorne, Senior Security Solution Architect
Riku Rytkönen, Senior Consultant, Sales+358 50 410 4990
2Sogeti - Security Operations Center for Customers October © 2018 Sogeti. All rights reserved.
Sogeti – Digital assurance with passion for technologyStrong technology and engineering expertise, part of Capgemini group
Years of experience - delivering expertise you can count on
Cutting edge solutions in:
▪ Digital
▪ BI & Analytics
▪ Quality Assurance & Testing,
▪ Cybersecurity
▪ Cloud
▪ Digital Manufacturing
Countries with global presence in Europe, India, the U.S.
40+ countries through Capgemini group
Cyber Security Specialists worldwide
Sogetians worldwide
Strong global alliances with e.g. Microsoft,
IBM and Micro Focus
190 000+ 50 27 000+
15 3000+SolutionLeaders
Alliances
Old World VS New World
Analysis Design Implementation Security Testing
AutomationIntegration into existingdevelopment tooling /
processes
SpeedRoundtrip analysis (Submit
& Retrieve scan Results)
DevSecOps
Phase 0:
New idea Idea feasibilitystudy
RequirementsBusiness impactPrivacy impact
Safetygate 0GO/NO GO
Feasibility study
Client approved components
RequirementsBusiness impactPrivacy impact
Coding & development Securigate 1
Code review
Security report:Static analysis
Open source analysis
Code fixes
Relase Canditate
BUILD
Lisence risk andrequirements update
SASTOSS
SW repository
New Approved
code
Code for
build
ApplicationCanditate
Buildinfo
CONSULTINGRisk assessment (BIA)Security requirements
Personal impact analysis (PIA)
STATIC, MOBILE & OPEN SOURCE STATIC SECURITY TOOLS +CONSULTING / SUPPORT
Sogeti consultant + BlackDuck OSS as a service
IBM Application Cloud security
(+ Sogeti consultant )
Approved Open source
Repository and librariesOpen source
Pretest Approval
Phase 1:
Coding
Securigate 1Code review
Security report:Static analysis
Open source analysis
Relase Canditate
BUILD
SW repository
New Approved
code
Code for
build
ApplicationCanditate
TestingDAST
Buildinfo
Security Report:Dynamic analysis
Securitygate 2Release review
Productionrelease
Approved Open source
Repository and libraries
Phase 2:
Build & test
Productionrelease
Install on Production platform
Full Application
DAST
FinalSecurityReport:
Dynamic analysis
Fix platform
On production
Safetygate 3Production review
GO/NO GO
Non accepted
risk
ApprovedFor
Production
Phase 3:
Go live
Sogeti’s security and privacy by design as a service
Client approved components
New idea Idea feasibilitystudy
RequirementsBusiness impactPrivacy impact
Safetygate 0GO/NO GO
Coding & development Securigate 1
Code review
Security report:Static analysis
Open source analysis
Code fixes
Relase Canditate
BUILD
Lisence risk andrequirements update
SASTOSS
SW repository
New Approved
code
Code for
build
ApplicationCanditate
TestingDAST
Buildinfo
Security Report:Dynamic analysis
Code & design fixes
Securitygate 2Release review
Productionrelease
Install on Production platform
Full Application
DAST
FinalSecurityReport:
Dynamic analysis
Fix platform
Last fixes if any
On production
CONSULTINGRisk assessment (BIA)Security requirements
Personal impact analysis (PIA)
STATIC, MOBILE & OPEN SOURCE STATIC SECURITY TOOLS +CONSULTING / SUPPORT
DYNAMIC, MOBILE SECURITY TOOLS +CONSULTING / SUPPORT
Op
tio
n:
Re
gu
lar
Op
era
tio
na
lA
pp
lica
tio
n S
ecu
rity
au
dit
s
SOGETI SECURITY BY DESING AS A SERVICE
Sogeti consultant + BlackDuck OSS as a service
IBM Application Cloud security
(+ Sogeti consultant )
IBM Application Cloud security or
MicroFocus Fortify as a service(+ Sogeti consultant )
BlackDuck OSS reports +IBM Application Cloud
security or
MicroFocus Fortify as a service
Penetration testing by Sogeti consultant(s)
SOGETI’s Security & privacy by design as a service (Secure Software Development LifeCycle)
DevSecOpsSafetygate 3
Production reviewGO/NO GO
Approved Open source
Repository and librariesOpen source
Pretest Approval
Tools & service:
Non accepted
risk
ApprovedFor
Production