The General Services Administration (GSA) defines DevSecOps as: “A cultural and engineering practice that breaks down barriers and opens collaboration between development, security, and operations organizations using automation to focus on rapid, frequent delivery of secure infrastructure and software to production. It encompasses intake to release of software and manages those flows predictably, transparently, and with minimal human intervention.”
This definition clarifies something crucial: DevSecOps is not a technology but a collaborative process. Yet, even within this collaborative framework, critical challenges remain—particularly in effectively securing data at the application level. So, while it is not a technology, some technology is needed to implement this engineering practice.
The Current Data Security Challenge
The most robust data protection tool available today is cryptography, traditionally managed by network and system engineers. Developers, meanwhile, primarily utilize, transform, or create data that requires protection. A fundamental principle in computing security is that protected data must be decrypted for applications to use it. Once an application completes its task, the responsibility to protect that data returns to the computer or network infrastructure, where encryption is reapplied. Developers handle data content, and network administrators secure it. This division persists because no widely adopted technology effectively integrates cryptographic functionality directly within applications.
Traditional DevSecOps is Not Enough
The primary obstacle to integrating cryptography directly into applications has consistently been encryption key management. Few applications operate with a single instance that exclusively creates and modifies data. Usually, multiple instances of an application need to access and process the same data. Managing encryption under these conditions traditionally requires applications to synchronize encryption keys—a manageable task with two application instances, but complexity rapidly escalates as the number of instances grows.
Static encryption keys might simplify the synchronization process, but their usage substantially weakens the security benefits, defeating the purpose of using encryption. Thus, traditional DevSecOps practices, without integrated cryptographic solutions, fall significantly short of addressing comprehensive cybersecurity.
Sertainty’s Innovative Approach
Sertainty’s technology provides a pioneering solution, addressing the core limitations of traditional approaches. Our innovative architecture allows developers to incorporate cryptographic functionality directly into their applications, fundamentally altering how we manage and secure data. Sertainty enables developers to take an active role in data protection, solving the longstanding key management issue and changing the cybersecurity paradigm.
In computing, nearly every process is divided into three phases: input, execution, and output. Sertainty’s technology uniquely empowers developers to secure data during the execution phase—something previously unattainable. This innovation dramatically impacts how applications interact with encrypted data, both for inputs and outputs.
How Sertainty Technology Works in Practice
Most software applications validate input data primarily for technical accuracy, such as verifying the number of fields, types, and overall size. However, developers usually have no insight into the data’s provenance—whether the data should be input into the application based on external factors, such as its origin or modifications during transmission. Applications usually assume data inputs are “safe,” a determination made by external data communication processes. Consequently, application code traditionally has minimal opportunity to influence this decision.
When an applications complete its tasks, output data is sent to a generic buffer or file in unencrypted clear text. At this point, the network or operating system re-assumes responsibility for securing this data.
Sertainty transforms this conventional process. Instead of depositing data directly into an output buffer, Sertainty technology allows developers to encrypt data within their applications during the execution phase. If application developers can classify output data contextually as “normal” or “not normal,” the application can choose contextually appropriate protection methods. These methods could involve different governance rules, specific user authorizations, or stronger encryption—all directly managed by the application and, by extension, the developers themselves.
Simplified, Secure Key Management
Crucially, Sertainty eliminates the need for applications to store, maintain, or synchronize encryption keys separately. The encryption keys and their access methods are securely embedded within each data file itself. This embedded approach removes the complexity traditionally associated with key synchronization across multiple application instances, thereby solving a previously insurmountable cybersecurity challenge.
A New Role for Developers in Cybersecurity
With Sertainty’s innovative technology, application developers are no longer passive participants in the cybersecurity process. Instead, they can act as the final arbiters of data protection and use. Sertainty empowers developers to embed cryptographic security directly within their applications, allowing a data-centric perspective to truly integrate within DevSecOps processes.
By bridging the divide between data management and security, Sertainty’s approach represents not just an incremental improvement but a fundamental redefinition of cybersecurity responsibilities.
Personal Reflections & Looking Ahead to TechNet Cyber 2025
Preparing for my upcoming session at TechNet Cyber 2025’s SIGNAL Innovation Showcase has reinforced for me just how transformative this approach can be. I am excited to share not only the technological advancements Sertainty brings but also the significant operational and strategic cybersecurity improvements it enables.
As we move forward, I believe integrating cryptography directly into applications will become standard practice, reshaping the cybersecurity landscape fundamentally. Sertainty is at the forefront of making this transition a reality.
Join Me at TechNet Cyber 2025
I invite you to join me at TechNet Cyber 2025, where I’ll discuss in-depth how Sertainty operationalizes DevSecOps to empower developers and significantly enhance application-level data security.
Session Details:
- Topic: DevSecOps – Operationalized
- Date: May 7, 2025
- Time: 11:20 am ET
- Location: SIGNAL Innovation Showcase, Baltimore Convention Center, Booth #2769
I look forward to connecting with industry peers and exploring how we can collectively leverage Sertainty’s innovative approach to strengthen cybersecurity.
See you in Baltimore!