Category: Software Development


Why DevSecOps is the Next Hot Trend in the IT Industry

By Amine Mekkaoui,

What is DevOps? – is a software development method which refers to the “combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at a faster pace.” However, there is a new method coming into place that addresses the issues of code quality and reliability assurance.

What is DevSecOps? is known as the philosophy and a cultural shift in the software industry that aims to bake security practices into the rapid-release cycles that are typical of modern application development and deployment, also known as the DevOps process. This further development of the DevOps method is expected to bridge the gap that usually exists between development and security teams by automating security processes allowing security and reliability issues to be tackled more quickly and effectively. 

“Speed of delivery” and “secure code” are the language in which DevSecOps operates. While these are seemingly opposing goals, it is, in fact, a necessary response to the bottleneck effect of older security models on the modern continuous delivery pipeline. To put it simply, when everyone on a DevOps team is also focusing on security, that is DevSecOps.

Unlike traditional software development where developers buy time for the code to go through quality assurance and security testing by releasing new versions of their application every few months, DevSecOps is the “attempt to correct that and fully integrate security testing into the continuous integration (CI) and continuous delivery (CD) pipelines.” Basically, the misalignment of security processes and disintegration of these with the organization’s goal and current needs would never lead to the right thing.


DevSecOps offers benefits from speed and reliability to improved collaboration and security. It gives business operators the mindset of a cooperative system that is supplied with tools and processes that are helpful with security decision making.

The DevSecOps Approach

Many companies have tapped the opportunities that come along automated security. However, most of the time, the results might not be immediately apparent because of so-called “security debt”, or the vulnerabilities that developers chose to ignore and not fix. In comparison to DevOps, DevSecOps views security teams as a valuable asset that help prevent slowdowns rather than a hindrance to agility. Here are six important components of a DevSecOps approach:

  • Code analysis refers to the quick identification of vulnerabilities using code in small chunks;

  • Change management refers to submission to any type of change, regardless if it’s good or bad in nature, in order to increase speed and efficiency;

  • Compliance monitoring encourages the organization to be in a constant state of compliance and ready for an audit any time;

  • Threat investigation refers to a quicker response to potential emerging threats by identifying it with each code update;

  • Vulnerability assessment follows after code analysis where potential vulnerabilities are identified and quickly responded to and patched;

  • Security training refers to training software and IT engineers with common guidelines for set routine.

It is important to note that in a DevSecOps environment, automated testing is performed throughout the development cycle. In an article released by McKinsey, they cited that the approach will have implications for each stage of the product life cycle:

  • Planning. Development teams are aware of their security and reliability responsibilities so they start to quickly model threats and risks to make the product secure, reliable, and compliant; thereby observing best practices and speeding up the planning and design process;

  • Coding. Constant development of their knowledge on  secure and resilient coding practices is on the top of the mind of the team. This is to ensure improvement in code quality. The team takes advantage of services and reusable coding patterns in order to build the functionality needed to meet resiliency and security requirements;

  • Reviewing. The team takes the role of a specialist group to scrutinize a product for potential and emerging security vulnerabilities. They review the code as often as possible through automated and manual checks, as part of the regular agile sprint;

  • Testing. Automated security tests are run alongside automated functional and performance tests. This is to ensure that testing is consistent and efficient and that security requirements are explicit. Conducted automatically every cycle are common security tests such as penetration testing;

  • Deployment. Via well-engineered automated processes, code is delivered to production hosting environments that invoke through APIs; thereby speeding up the process;

  • Operations. Automated processes including but not limited to real-time monitoring, evidence attestation, and compliance validation, are used to increase efficiency while the software is in production. Resolutions are immediately identified, prioritized, and monitored in the event that defects or vulnerabilities are discovered.

According to CSO Insider, the three key things to establish a DevSecOps environment are (1) Security testing is done by the development team; (2) Issues found during that testing is managed by the development team; and (3) Fixing those issues stays within the development team. Using the ruggedizing process, combined with components previously mentioned, security becomes a higher priority. 

Security is needed by all businesses and business processes, and a dedicated team must be created in order to establish business understanding. This team shall be trained in tooling to discover flaws, run continuous testing, and generate forecasts to help business operators make effective decisions.

DevSecOps offers benefits from speed and reliability to improved collaboration and security. It gives business operators the mindset of a cooperative system that is supplied with tools and processes that are helpful with security decision making. Moreover, its automated and consistent nature help in managing complex or changing systems efficiently and with reduced risk.

 As technology-driven businesses evolve at a drastic pace, continuous threat modeling and management of system builds become essential. So, if your organization hasn’t explored the concept of DevSecOps, the time to do so is now. Best to get a partner onboard in your security transformation, too. Croyten works on building information and security infrastructures to help businesses thrive and safe from cyberattacks. You may check our website to know more about our services.

Changing the Industries: AI in Action

By Amine Mekkaoui,

Changing the Industries AI in Action by Croyten

Artificial intelligence has many great applications that are changing the world, not just of technology, but all kinds of markets. At present, the evolution of AI and its continuous rise is clearly overwhelming but at the same time promising. The healthcare industry is a good starting point to understand where AI is now. An advanced AI platform can access 200 million pages of structured + unstructured content at a given time, and with the aging of the Baby Boomer generation, the demand for doctors might be 90x higher than supply by 2025 (Folick, 2019).

Moreover, one of the most common applications of AI today is in the field of speech recognition. Alexa, Siri, Cortana and Google Assistant, and more personal virtual assistants, can understand speech and respond to it accordingly. According to Auer-Welsbach (2017), the biggest breakthrough in speech recognition thus far has come from IBM, which has managed to reduce the error rate in conversational speech recognition to 5.5% (relative to the human error rate is of 5.1%).

The rise of artificial intelligence (both in theory and in practice) has revolutionized computer science and the workplace. While it is starting to raise questions towards its promise for the future of, not just the workforce, but humanity, artificial intelligence seems to be doing and offering more good than harm, only if leveraged properly.

Here are some more examples of AI succeeding in practice in various industries:

1. Consumer Goods

Coca-Cola, the largest beverage company in the world is further winning the global market has embraced new technology and puts that data into practice to support new product development, capitalize on artificial intelligence bots and even trialing augmented reality in bottling plants.

Meanwhile, despite being the leading brewery in the world for 150 years, Heineken is looking to catapult their success specifically in the United States by leveraging the vast amount of data they collect. From data-driven marketing to the Internet of Things to improving operations through data analytics, Heineken looks to AI augmentation and data to improve its operations, marketing, advertising and customer service.

2. Culinary Arts

AI-enabled Chef Watson from IBM offers a glimpse of how artificial intelligence can become a sous-chef in the kitchen to help develop recipes and advise their human counterparts on food combinations to create completely unique flavors. Working together, AI and humans can create more in the kitchen than working alone.

3. Financial Services

American Express is leveraging its data flows to develop apps that can connect a cardholder with products or services and special offers. They rely heavily on data analytics and machine learning algorithms to help detect fraud in near real time, therefore saving millions in losses. 

4. Health Care

Neuroscience is the inspiration and foundation for Google’s DeepMind, creating a machine that can mimic the thought processes of our own brains. While DeepMind has successfully beaten humans at games, what’s really intriguing are the possibilities for healthcare applications such as reducing the time it takes to plan treatments and using machines to help diagnose ailments.

It’s true. We’re living through an extraordinary moment in technological history. The rise of artificial intelligence (both in theory and in practice) has revolutionized computer science and the workplace. While it is starting to raise questions towards its promise for the future of, not just the workforce, but humanity, artificial intelligence seems to be doing and offering more good than harm, only if leveraged properly.

Croyten paces itself alongside the use of AI to better its services in providing cybersecurity. With its state-of-the-art software solutions, our company takes a unique and innovative approach to help companies plan, protect, and prevent. If you need assistance in building up your organization become at par in an AI-driven market, contact us and feel free to check out our website at croyten.com.

Knowing More: The Rise of AI

By Amine Mekkaoui,

Knowing More The Rise of AI by Croyten

In 1956, at Dartmouth University, Artificial Intelligence was first introduced. It was taken with  a lot of optimism. In fact, some people at the conference believed robots and AI machines would be doing the work of humans by the mid-1970s. During that same conference, AI was described as an attempt to model how the human brain works and, based on this knowledge, create more advanced computers. The scientists expected that to understand how the human mind works and digitalize it shouldn’t take too long. After all, it only took the  brightest minds of that time an intensive 2-months of brainstorming session only.

In an interesting turn of events, that did not happen. Instead, a phenomenon referred to as “The AI Winter” did, and it happened twice. AI has ostensibly lasted into the 2000s, when IBM’s Watson peaked a lot of interest in artificial intelligence again.

More than 60 years after it survived its lowest points and after John McCarthy coined the term “artificial intelligence” to describe the science and engineering of making machines intelligent, it is now back in the playing field, stronger and more invasive.

Although Artificial General Intelligence, otherwise known as machines that compare to or surpass the human mind, still belongs in the distant future, researchers believe that machines are gradually approaching human levels when performing simple tasks, such as understanding naturally spoken language or evaluating unknown, new situations.

AI, Machine Learning, and Deep Learning

Despite our everyday encounter with the use of artificial intelligence, many of us are still clueless and dumbfounded with regards to the difference of AI, Machine Learning, and Deep Learning. In fact, one of the most popular Google search requests goes as follows: “are artificial intelligence and machine learning the same thing?”.

To understand these better, here are the differences of the three:

  • Artificial intelligence is a science like mathematics or biology. It studies ways to build intelligent programs and machines that can creatively solve problems, which has always been considered a human prerogative.
  • Machine learning is a subset of artificial intelligence (AI) that provides systems the ability to automatically learn and improve from experience without being explicitly programmed. In ML, there are different algorithms (e.g. neural networks) that help to solve problems.
  • Deep learning, or deep neural learning, is a subset of machine learning, which uses the neural networks to analyze different factors with a structure that is similar to the human neural system.

To make it short, Artificial Intelligence both covers Machine and Deep Learning. In addition, there are three categories involved in AI:

  1. Narrow/Weak AI. Weak, or narrow AI, is good at performing a particular task, but it will not pass for humans in any other field outside of its defined capacities.
  2. General/strong AI. This is the point in the future when machines become human-like. They make their own decisions and learn without any human input. Not only are they competent in solving logical tasks but they also have emotions.
  3. Superintelligence. This is the piece of content everybody usually expects when reading about AI. Machines, way ahead of humans. Smart, wise, creative, with excellent social skills. Its goal to either make humans’s lives better or destroy them all.

Nowadays, narrow artificial intelligence is widely used in science, business, and healthcare. One good starter of this is  Deep Blue, the first computer to defeat a human in chess. Not just any human — Garry Kasparov (in 1997). Deep Blue could generate and evaluate about 200 million chess positions per second. To be honest, some were not ready to call it AI in its full meaning, while others claimed it to be one of the earliest examples of weak AI.

This is just a quick discussion on what AI is all about and how it differs from other varieties of technological learning. While AI is such a promising opportunity, there are still more to discover and explore about it which may allow industries, and humanity in general, to progress more. If you want to learn more about how AI is being applied in practice, you may explore more of our blogs here at croyten.com.


What You’re Missing Out From Adopting Cloud Platform

By Amine Mekkaoui,

If you haven’t been tapping the cloud platform for your organization’s digital development, then you have been missing a lot.

As more and more B2B and B2C transactions are conducted on the cloud, to build a cloud-ready operating model must be companies’ main focus for their investments. Not only does it bring new business capabilities but hugely reduces technology risk as well.

According to an article from McKinsey Digital, companies that adopt well and work with external cloud platforms market more quickly, innovate easily, and scale more efficiently than companies that remain to be indifferent with the cloud. Indeed, cloud platforms are key pillars of digital transformation.

As information and technology officers, it is important to define the cloud as more than just a next-generation application hosting or data platforms because a narrow definition of it guarantees failure.

My observation about many CIOs and CTOs is that they tend to remain into doing traditional implementation models by default because these were successful and safe strategies in the past but that only makes it almost impossible to capture the real value from the cloud. As information and technology officers, it is important to define the cloud as more than just a next-generation application hosting or data platforms because a narrow definition of it guarantees failure. Why you ask? It’s because it is majorly significant to take into consideration the design of how the organization will need to operate holistically in cloud, or else, it will increase the vulnerability of your organization from attackers and will prevent you to maximize a modern technology that enables business agility and innovation. 

Here are some of cloud’s role in organizational digital transformation according to the International Data Corporation (IDC): 

  • Cloud as a platform enables agile application development;
  • Cloud-based infrastructure is key to delivering flexible, on-demand access to the resources underpinning new digital business offerings;
  • Cloud allows organizations to scale infrastructure as needed to support changing business priorities, while reducing the risks of wasted IT resources.
  • Cloud reflects an approach to application design, deployment, and delivery that allows organizations to get more effective use out of their compute and data assets.

Truly the need for CIOs and CTOs  to drive cloud adoption is at its all-time high. So, here’s three things you can do to maximize this opportunity fully: 

  1. Focus your investments on domains for business where cloud can thrive and enable increased revenues. The value that the cloud generates comes from heightened agility, innovation, and resilience provided to the business with sustained velocity. According to McKinsey, this approach helps in focusing towards programs where the benefits matter most instead of scrutinizing individual applications for potential cost savings.
  2. Select a technology and implementation sourcing model that is aligned with your business strategies and risk constraints. Wrong technology and sourcing decisions will definitely raise concerns about execution success, cybersecurity risks, and compliance. However, the right technology and sourcing decisions can “bend the curve” on cloud-adoption costs, which can encourage the management team be excited and support the shift.
  3. Engage and join forces with the leadership team to succeed. Joining forces with your organization leaders is significant in the areas of a) Technology funding – encourage company leaders into investing to critical infrastructure investments that will allow companies to add functionality more quickly and easily in the future; b) Business-technology collaboration – CEOs and relevant business heads must have decision-making authority over technical functionality and sequencing to attain the real value of the cloud. However, they cannot do this without knowledge on technologies and you should be there to help them understand; c) Engineering talent – encourage leaders to change hiring and location policies to recruit and retain the talent needed for success in the cloud, especially that  adopting the cloud requires specialized and hard-to-find technical talent.

With the COVID pandemic, companies are more forced to adopt modern and digital business models. You as business officers can accelerate your company’s progress by adopting the cloud since it is the only platform that can provide the required agility, scalability, and innovative capabilities required for this sudden transition. 

On an important note, the transition towards the cloud can be tricky. Enterprises need a partner that has a wide range of capabilities and skills around cloud consulting to help drive this. Feel free to check out Croyten for our IT services and we can work together to get your organization’s digital transformation through the cloud platform going.