DevSecOps in Healthcare: Critical ConsiderationsAdrian Mayers, CISO of Premera Blue Cross, Discusses Risk-Based App Development
As healthcare sector entities set out to better secure their cloud application development and management, there are several critical considerations they must not overlook, says Adrian Mayers, CISO of health insurer Premera Blue Cross.
For starters, one of the top challenges for many healthcare sector entities in their secure application development journey "is recognizing the need to move to a DevSecOps model in the first place," says Mayers, who is also a member of security vendor Coalfire’s Cloud Advisory Board and a contributor to a recent report issued by the group.
Once entities decide to set out on a DevSecOps model, they should think carefully about strategy, goals and milestones, he says. "What are you trying to accomplish? What is that shared community 'thing' that you're trying to accomplish as an organization?" Once those considerations have been made, then you can start to move forward on that path, he says.
"Don't start with the tooling and the gadgetry. That is super important, and you need it. But don't start there," he says.
According to Mayers, "The top threats facing applications … are constantly evolving and being exploited, so the need for DevSecOps is there. But he says more organizations must recognize that.
In the interview (see audio link below photo), Mayers also discusses:
- Important best practices for a risk-based product development life cycle;
- DevSecOps mistakes to avoid;
- His top cybersecurity priorities and projects for 2022.
As vice president and CISO of Premera Blue Cross, Mayers is responsible for managing risk through information protection, threat detection, incident response and overall cybersecurity capabilities. During his 20-year career, he has held various senior management positions at Vertafore, Microsoft, Nokia and Securiguard. Mayers is also a member of Coalfire's Cloud Advisory Board.