SAN FRANCISCO–(Business Wire)–New Context Services, Inc., the leading provider of Lean Security for software and infrastructure development, today announced the forthcoming publication of the book “Lean Security” by New Context CEO, Daniel Riedel, and New Context vice president of security services, Andrew Storms.

Lean Security applies the “lean” management concept to the world of cybersecurity. New Context has now implemented Lean Security practices and processes with its clients in the United States and abroad, and its experiences with these implementations inform the book’s subject matter and takeaways.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

“The ‘lean’ concept has proved incredibly effective for organizations from manufacturing facilities to startups,” said Riedel. “When these principles are harnessed for security, the result is a cohesive environment that ensures continued innovation within a secure framework. Considering that cyberattacks will never cease to exist, this is the only viable model for the future.”

Storms added: “It’s been a long-standing misconception that it is nearly impossible for a company’s software development team to meet the trifecta of being able to push code to production faster, develop more secure code and still reduce costs within the software development lifecycle. Our Lean Security practices buck that notion and are proving to be an effective model for our clients to meet their strategic goals.”

The book is co-authored by longtime security journalist Ericka Chickowski and will be published later this year. Available via www.leansecurity.com, it will explore the five principles of Lean Security, which include:

• Environmental Awareness: In order to adopt Lean Security principles, everyone – from engineers to architects, line-of-business managers to the C-suite – must keep IT security considerations in mind throughout the entire development lifecycle.
• Automate or Die: Just as with DevOps, automation is the keystone to Lean Security. In order to establish a continuous delivery pipeline, organizations must develop an entire automated tool chain to push bite-sized pieces of code to production through automated integration, test and deployment. Automated security testing and approval processes must be built into this tool chain to achieve Lean Security.
• Measure Everything: Feedback is crucial for developing quality applications and eliminating waste from the engineering process. As a result, developers, security teams and operations personnel need to be able to measure application and related infrastructure performance on a continuous basis in order to constantly improve the application accordingly.
• Simplify Engineering: Complexity is the enemy in development. It makes code messier, more expensive and less secure. The goal of Lean Security is to simplify engineering through more savvy use of third-party components and less frequent reinvention of the wheel.
• Lean Security Is Not Invisible Security: Security should never be opaque to the user. Users are increasingly aware of security risks today, and it is incumbent upon engineers to show them that security measures are baked into their software.

“If we shift software engineers’ thinking to focus on building security deep into their developmental practices, then we stand a better chance of maintaining operational resiliency when we run,” said Craig Rosen, CSO of FireEye. “I’m excited about Lean Security because it is a model that creates a sustainable environment where engineers, product and finance people can cultivate innovation together amid an increasingly turbulent and dangerous threat landscape.”

Doug Rhoades, director of information security at Sempra Energy, added: “As someone who understands how Andrew and Daniel work and build infrastructure, I’m excited to see them push Lean Security against the current status quo. Cybersecurity is one of the biggest challenges facing critical infrastructure, and it’s key that everyone involved in the development process is included and that it is automated into the business infrastructure. Lean Security does both.”

New Context currently provides Lean Security consulting and services to financial services, energy, infrastructure protection and healthcare organizations. Its partners include thrv, Apigee and Delphix, among others.

About New Context

New Context delivers Lean Security™ through hands-on technical and management consulting. We are a team of experts with extensive backgrounds in information security and scalable, secure application development. Our tools and processes streamline development frameworks to ensure transparent and secure IT software development within DevOps processes. New Context is headquartered in San Francisco.

Web | http://www.newcontext.com/
Twitter | @newcontext
LinkedIn | New Context

View source version on businesswire.com:http://www.businesswire.com/news/home/20160216006671/en/

for New Context
Brenda Patterson, 440-623-9581
brenda@shevrushpr.com