Results of an Agile Software Assurance Benchmark Related to Zero Trust
Cybersecurity, Zero Trust, and Shift Left Security are concepts that safeguard our digital society from threats. The Agile Software Assurance Maturity Model (ASAMM) is a robust framework for software development, integrating modern methodologies like DevOps and Agile along with zero-trust principles such as continuous verification, strict access policies, automated policy enforcement, and micro-segmentation. This article examines and incorporates Zero Trust principles and the core Zero Trust Measures into Agile methodologies. By doing this, organizations can enhance security and development efficiency, making security an integral part of each development iteration. Over 50 organizations, representing well over 1000 DevOps/Agile teams, were assessed using the ASAMM Framework to obtain a representative sample size. We offer new insights, perspectives, and recommendations for academics and practitioners by utilizing an action-based research methodology focusing on practical improvements that can be applied immediately. The maturity model, which uses a zero to three maturity scale, helps organizations to identify risks and embed security throughout the development processes. We conclude by deriving essential Zero Trust practices by reflecting on earlier academic research findings.
Keywords: Digital society, Cyber Security, Agile, DevOps, DevSecOps, Maturity, Zero Trust Security
