Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

DevOps improves security

Justin Arbuckle | June 11, 2015
Editor's note: After publishing CSO's original story, we asked the two main sources to write first-person accounts of the standing of DevOps in security. You can find the counterpoint here.

Editor's note: After publishing CSO's original story, we asked the two main sources to write first-person accounts of the standing of DevOps in security. You can find the counterpoint here.

There is a deep vein of academic scholarship investigating what enables organizations to be 'highly reliable', that is to say functioning optimally even when conditions are severe. Examples are emergency rooms, fire departments etc.

As security threats to our systems mount, and as these systems are so embedded in how every company delivers value, it is important to understand how the large enterprises can learn from and emulate, not just the unicorns of the web industry, but these highly reliable organizations.

It turns out however, that the principles and practices of DevOps synthesize critical attributes of highly reliable organizations and provide a template from which enterprises may learn how to become highly reliable.

As much as we, as security professionals, charge our organizations to listen and act, so must we learn to enable our organizations to become reliable in the face of threat.

The Hedgehog and the Fox

Archilocus was a Greek lyric poet in the 7th Century BC. We have very little of his work remaining, and most of it is in the form of scraps and fragments. One aphorism that has endured is,  "The Fox knows many things, but the hedgehog knows one big thing." For all we know this could have been a marginal doodle while watching an Aegean sunset but it has had quite an impact on a range of disciplines.

For the first section of this post, I will perform a whistle-stop review of some management thinking shaped by this idea and then explain why the results are pertinent for security professionals.

Isiah Berlin was an Oxford historian and philosopher in the mid 20th Century and wrote about the hedgehog and the fox.

He explains the difference in his book of the same name, thus: "For there exists a great chasm between those, on one side, who relate everything to a single central vision... on the other side, those who pursue many ends, often unrelated and even contradictory, connected, if at all, only in some de facto way, for some psychological or physiological cause, related by no moral or aesthetic principle..."

Jim Collins, in Good to Great adopted the metaphor to explain how the most successful and enduring companies operated,  "Those who built the good-to-great companies were, to one degree or another, hedgehogs. They used their hedgehog nature to drive toward what we came to call a Hedgehog Concept for their companies. Those who led the comparison companies tended to be foxes, never gaining the clarifying advantage of a Hedgehog Concept, being instead scattered, diffused, and inconsistent".

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.