Devops as security's savior
Change is hard, especially in a large organization. So, understand what your company's tolerance for change and risk is, and keep that in perspective when developing a strategy, Mann suggests. If security is of utmost concern, then address that head on in the beginning.
Perhaps security could be that focal point for uniting developers and operators too. Some have even argued that devops could be security's savior. A devops strategy could be a perfect opportunity to ensure that security best practices are implemented at the onset of the application development process.
How is security actually implemented in a devops approach? Colin McNamara, director of cloud practice and chief cloud architect at IT consultancy Nexus, says the traditional application development process involves security teams acting as a glorified quality assurance group, testing the app after it's been built and before it is deployed in production. He argues that's too late. Devops installs a process of rapid development, testing, and deployment. Parts of that testing can now include security. "It's brings QA from the end of the process to the beginning of the process," McNamara says.
In a more traditional silo-based application development approach, security can be overlooked. If developers don't write it into the code and operators don't take account for it when launching the app, security never gets addressed. Devops is a fresh start for application development, and an opportunity to address security concerns from the beginning of the process. And that's important because if you don't address the risk and mitigate for it, Mann says "you're setting yourself up to fail."
Sign up for CIO Asia eNewsletters.