DevOps and Security -- They Can Work Together

DevOps and Security — They Can Work Together

In Security by Daniel NewmanLeave a Comment

DevOps and Security -- They Can Work Together

DevOps has taken the business world by storm this year, transforming processes and speeding up development cycles to meet customer needs faster than ever before. But that speed comes at a price. Many companies have found that increasing the rate at which new iterations are released leads teams to bypass certain information security (Infosec) efforts. The result is a wealth of quick developments without the oversight needed to make sure those developments are safe for the customer—and the company itself.

It turns out many companies have adopted the silo-crashing spirit of DevOps but forgotten—ironically—to include Infosec in the process. The following are some ways to help your security catch up—and keep up—with your DevOps roll-out efforts.

Make Security a Priority for Every Team

No one would ever claim they don’t care about keeping their systems safe. But security protocols can sometimes slow down the “real-time” rate at which developers are seeking to hand-over updates and improvements to their user base. Just as adopting DevOps requires a change in perspective, leadership should anticipate that incorporating security into DevOps will require a culture shift, as well. They must be prepared to re-examine their infrastructure to ensure security can be easily partnered with every team’s goals, and they should also be able to communicate the business case for doing so. For instance, companies integrating security into their DevOps efforts have seen a 50 percent decrease in time spent fixing security issues. As I noted in my piece DevOps: How to Navigate the Chaos and Come Out the Other Side, communication and leadership are essential to an effective DevOps rollout. They are even more important when adding security into the mix.

Use the Same Tracking System for DevOps and Security

If there is one old adage that holds true in DevOps, its “out of sight, out of mind.” Because users expect that all important aspects of the project have already been incorporated into the DevOps pipeline, it’s easy to forget that security isn’t always an essential part of the project process. To help, add security controls into daily development efforts, rather than making it the final stage of a fast-paced product release. When every teammate considers their code with security in mind, they will keep that issue top of mind—for the good of customers and the company both.

Automate Whenever Possible

No one wants security to get a bad rap for holding up important updates for customers. That said, the speed at which many updates are being deployed is simply too fast for humans to manage alone. To help, automate as many security tests as possible, and allow them to run alongside other tests in the development process. This will give developers the feedback they need—in the time-frame they want it.

Keep Your Codes and Applications Secure

It almost goes without saying, but your updates are only as secure as your internal processes. To help, ensure that your own team’s codes and applications are equally secure. Research shows there are 100 developers and 10 operationalexperts for every single Infosec team member. DevOps can help make the Infosec team’s job easier by using safe code repositories and other coordinated efforts.

The purpose of DevOps is to help streamline your company’s ability to get important updates out to customers—and as I’ve written many times before, that agile adaptability is essential for success in digital transformation. But the faster DevOps functions, the more updates need to be secured. As with any major change, leadership and communication are key. Take the lead in reimagining DevOps for your company by making security as important and equal part of the mix. After all, security issues will only cause delays in release dates and railroad your DevOps advancements. To experience the full benefit of DevOps, you must make security part of the process. Is a new trend toward DevOpSec in our future? Only if we fail to realize security is part of everyone’s job, and not a separate entity of its own.

Additional Articles on This Topic: 
DevOps: The Key to Your Company’s Success in 2017
DevOps: How to Navigate the Chaos and Come Out the Other Side

Photo Credit: Adam Foster Photography Flickr via Compfight cc

This article was first published on  Futurum Research.

Daniel Newman is the Principal Analyst of Futurum Research and the CEO of Broadsuite Media Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise. From Big Data to IoT to Cloud Computing, Newman makes the connections between business, people and tech that are required for companies to benefit most from their technology projects, which leads to his ideas regularly being cited in CIO.Com, CIO Review and hundreds of other sites across the world. A 5x Best Selling Author including his most recent “Building Dragons: Digital Transformation in the Experience Economy,” Daniel is also a Forbes, Entrepreneur and Huffington Post Contributor. MBA and Graduate Adjunct Professor, Daniel Newman is a Chicago Native and his speaking takes him around the world each year as he shares his vision of the role technology will play in our future.

Leave a Comment