Let’s use a practical example from a private user to illustrate the above. The app in our example is a household budgeting tool that can be used on a smartphone. The app allows a user to record, categorize, color-code, and prioritize various incomes and expenditures. In this case, very little sensitive data comes into play, so there is not much to take into account in terms of security.
However, let’s say that a new function is added to the app, in which receipts can be scanned and automatically recorded. In this case, since there is a lot of data to process and to be evaluated on servers, secure communication and processing take on a much more important role. If this security aspect is only taken into account in retrospect, then it can take half a year for the new function to be deployed.
Let’s say that another function is to be added to the app. In this case, expenditures are to be integrated into the app directly from the user’s online banking account. This implies the processing of extremely sensitive data, and the integration of such a solution while also adhering to high security standards could eventually take over a year. By that time, the competition will already have gained a lot of ground, and your own product may no longer be interesting to the market.
However, if the security aspect is directly taken into account during programming and development through DevSecOps, then the time needed to release the new function, without compromising the security of the product, can be shortened significantly. Often, security is improved in the process, since it can be integrated directly into the programming, and does not take the form of a security patch to be slapped on to an already-existing product. As such, the company benefits from shorter version cycles and the user benefits from consistent software updates.