Continuous Digital Risk Management (DevRiskOps)

Idea created by Paul Mcavoy Employee on Jul 29, 2019
    Information Requested

    The following idea is part of an RSA internal innovation contest. We are sharing these ideas to gather feedback from customers and help employees improve on their concepts.  Please share your reactions to this idea by Voting and/or Commenting below. There are 8 total ideas to review now through Aug 23. You can find additional ideas here.

    If you are interested in being a potential development partner on this or another idea, please use the comment button or send an email to


    ** REMINDER ** This is an internal RSA concept ONLY and has not been committed to development or product roadmap.


    Thank you!

    - RSA Labs



    The application of standard IT Risk Management to modern-day digital assets (including cloud-based web applications, smart devices, organizational Twitter or Facebook pages) is neither scalable or cost-effective due to the vast scope of device and application types.


    Leveraging ‘digital asset’ telemetry to automate and scale risk monitoring, reporting, and mitigation. This solution will constantly process the asset telemetry to analyze the data to fine-tune Risk Prediction as well as Risk Assistance / Avoidance. The term DevRiskOps leverages the trend of DevOps to deeply integrate risk management into the roadmap of an organization’s digital transformation journey.
    The following are capabilities of the RSA DevRiskOps solution:

    • Provide a flexible data model of an organization’s digital structure and associated risks.
    • Provide live monitoring, reporting and mitigation of risks by using latest architectural techniques.
    • Adoption of simple “natural language” rules for risk triggers based on one or more events.
    • Acquisition of asset telemetry via polling agents for non-conforming assets.
    • Development of “risk prediction” using the latest data analysis techniques.
    • Provision of basic “risk assistance” via chat-bots.


    Potential use cases include:

    • A startup company is disrupting their target market by rapidly deploying a SaaS solution. The company has secured substantial funding and the business stakeholders are strongly interested in balancing risk management vs. costs as their risk exposure is constantly evolving.
    • An established company is feeling the heat from their competition and startups. They have embarked on a digital transformation journey however the business stakeholders believe their current risk management solution won’t scale appropriately. The company will face increased risk exposure from a surge of threat sources such as sensors and smart devices.
    • A startup is extensively using social media to drive campaigns and promote its brand value. The use of Facebook and Twitter are used extensively to engage with their customer base. With a new round of funding secured, the organization is very interested in safeguarding their hard-earned image with a risk management solution.