Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Is DevOps the Holy Grail for information security?

Doug Drinkwater | March 7, 2016
DevOps is the computing philosophy that, through unified agile software development and business operations, you can improve your products and time to market. But does it actually improve information security?

DevOps refers to the “integration of development, IT operations, security, and quality assurance under a single automated umbrella”. In short, it is a cross-business effort to turn software development on its head with shorter cycle times, faster testing times, more automation – and better (and more secure) code.

DevOps looks to do this by establishing a continuous loop where teams across the business work together to plan, code, build, test, deploy, operate and monitor.By doing this, software development becomes more flexible and efficient, and finished products are of better quality.

The benefits of DevOps are well-publicized, from improving the quality of software and the speed to market to reducing the governance and compliance risks.

And yet, for all of this, there remains a huge question on the role information security plays in this whole process. There has been a big push for companies to go beyond DevOps and adopt DevSecOps – the process of involving information security in all parts of application development.

This is not easy however. The tricky relationship between security and IT teams is well-documented (and reportedly sometimes even worse in organizations with DevOps teams), while it’s worth noting too that DevOps and DevSecOps have different operating models and objectives.

With DevOps, the aim is to bring the operations team into the development team so that it wasn’t just something to be added on to the end of a project. Sending a release “over the fence” to Ops is now no longer something any sensible company does.

The same applies with DevSecOps – there is a need to ensure that security is not an afterthought for an isolated department to look into, but rather integrated at all stages of a development project and beyond.

Google and Amazon lead the way

Most companies that have adopted a DevOps model have seen a number of early benefits; a recent survey found that companies that embraced a DevOps methodology increased their speed to market by 20 percent, leading to a 22 percent boost in customer relations and a 19 percent increase in revenue.

Another survey revealed that 52 percent of companies to have adopted DevOps methods increased their customer satisfaction and conversion rate, with 38 percent increasing their sales.

Google and Facebook are arguably the early pioneers of DevOps, using DevOps to innovate with their new and existing cloud products, and the same is true of Amazon with its cloud platform AWS.

Yammer cites continuous delivery as key to improving its iPhone app, while US retailer Walmart launched its cloud-based OneOps platform so that developers could develop and launch new products faster, “and more easily maintain them throughout their entire lifecycle.”

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.