DevOps and Security — They Can Work Together
DevOps has taken the business world by storm this year, transforming processes and speeding up development cycles to meet customer needs faster than ever before. But that speed comes at a price. Many companies have found that increasing the rate at which new iterations are released leads teams to bypass certain information security (Infosec) efforts. The result is a wealth of quick developments without the oversight needed to make sure those developments are safe for the customer—and the company itself.
It turns out many companies have adopted the silo-crashing spirit of DevOps but forgotten—ironically—to include Infosec in the process. The following are some ways to help your security catch up—and keep up—with your DevOps roll-out efforts.
Make Security a Priority for Every Team
No one would ever claim they don’t care about keeping their systems safe. But security protocols can sometimes slow down the “real-time” rate at which developers are seeking to hand-over updates and improvements to their user base. Just as adopting DevOps requires a change in perspective, leadership should anticipate that incorporating security into DevOps will require a culture shift, as well. They must be prepared to re-examine their infrastructure to ensure security can be easily partnered with every team’s goals, and they should also be able to communicate the business case for doing so. For instance, companies integrating security into their DevOps efforts have seen a 50 percent decrease in time spent fixing security issues. As I noted in my piece DevOps: How to Navigate the Chaos and Come Out the Other Side, communication and leadership are essential to an effective DevOps rollout. They are even more important when adding security into the mix.
Use the Same Tracking System for DevOps and Security
If there is one old adage that holds true in DevOps, its “out of sight, out of mind.” Because users expect that all important aspects of the project have already been incorporated into the DevOps pipeline, it’s easy to forget that security isn’t always an essential part of the project process. To help, add security controls into daily development efforts, rather than making it the final stage of a fast-paced product release. When every teammate considers their code with security in mind, they will keep that issue top of mind—for the good of customers and the company both.
Automate Whenever Possible
No one wants security to get a bad rap for holding up important updates for customers. That said, the speed at which many updates are being deployed is simply too fast for humans to manage alone. To help, automate as many security tests as possible, and allow them to run alongside other tests in the development process. This will give developers the feedback they need—in the time-frame they want it.
Keep Your Codes and Applications Secure
It almost goes without saying, but your updates are only as secure as your internal processes. To help, ensure that your own team’s codes and applications are equally secure. Research shows there are 100 developers and 10 operational experts for every single Infosec team member. DevOps can help make the Infosec team’s job easier by using safe code repositories and other coordinated efforts.
The purpose of DevOps is to help streamline your company’s ability to get important updates out to customers—and as I’ve written many times before, that agile adaptability is essential for success in digital transformation. But the faster DevOps functions, the more updates need to be secured. As with any major change, leadership and communication are key. Take the lead in reimagining DevOps for your company by making security as important and equal part of the mix. After all, security issues will only cause delays in release dates and railroad your DevOps advancements. To experience the full benefit of DevOps, you must make security part of the process. Is a new trend toward DevOpSec in our future? Only if we fail to realize security is part of everyone’s job, and not a separate entity of its own.
Additional Articles on This Topic:
DevOps: The Key to Your Company’s Success in 2017
DevOps: How to Navigate the Chaos and Come Out the Other Side
Latest posts by Daniel Newman (see all)
- Snapdragon Summit: XR and Compute Take Center Stage - December 5, 2019
- Slack Q3 Earnings and A Misguided Attempt To Ease Microsoft Fear - December 5, 2019
- AWS re:Invent: Thoughts on Outposts, Graviton, Kendra and 5G Partnership - December 4, 2019