Security is a priority from Day 1 and never ceases
Whatever outcome clients seek – modernizing, innovating, migrating – our teams ensure that security, compliance, and privacy requirements are analyzed, evaluated, documented, and prioritized throughout all phases.
Product Definition
During this phase, by integrating and identifying the following attributes of the products or systems, security and privacy are intentionally woven into the design.
- Target Market and Product Needs
- Product Requirements
- System Security Plan Requirements
Product Engineering
Trility’s security professionals work with software developers, systems architects, and key stakeholders to make sure the solution has the appropriate controls. Based on the client’s needs and constraints, some of the automated security analysis tools and defined operational methods and controls we use to test and validate product security every day are listed below.
- Test-Driven Development and Test-Driven Infrastructure
- Pair Programming and Pull Requests
- Static and Dynamic Analysis
- Vulnerability Scanning
- Configuration Scanning
- Penetration Testing
- Performance Testing
- Policy as Code
Product Operations
Security does not stop at install. It must take place from the first sales call and throughout the customer’s life. Our teams help equip our clients to continue to assess new threats and vulnerabilities and respond appropriately to them as they emerge.
We practice some of these key tenants in this phase to help maintain security.
- Single Prioritized Backlog
- Product Breakout Meetings
- Continuous Audit and Reporting
- Continuous Delivery