In speaking about How Security Can Be the Next Force Multiplier in DevOps at the RSA Conference in San Francisco earlier this month, Storms argued that DevOps is proving itself to be a way to enhance security efforts.
While security processes tests always should be an integral part of DevOps workflow, that isn't a reality for many organizations. They've always struggled to properly integrate security, and those challenges certainly persist through transitions to DevOps. But Storms says that DevOps provides an opportunity to more tightly couple security into the workflow. "One of the best ways to bring DevOps and security together is to utilize the tools and the processes that DevOps really excels at and apply them to security," he says -- "things like automation, orchestration, and instrumentation. Let's use those tools to build these closed-loop security systems where everything's automated and everything's predictable. That's a way we actually can fulfill the security requirements in an automated fashion with fewer resources."
One success story that Storms cites is a healthcare company in the Northeast. "It has had serious compliance and security requirements so it performs continuous deployment. The company has extensively automated its security and compliance tests and the auditors are happy," he says.
Sign up for CIO Asia eNewsletters.