cyber agenda, it enhances it, allowing for
DevOps to innovate and iterate without
worrying that they may compromise
security. Unfortunately, in as much that
DevSecOps feels like an intuitive step
forward, it is one that few organisations
understand or know how to implement.
Logz.io’s 2018 DevOps Pulse Report found
that most DevOps professionals aren’t
prepared for security – 76% were either in
the process of implementing DevSecOps or
hadn’t even begun to consider it.
This is partly due to a lack of
understanding, but also the limited skill
pool. There just aren’t enough skilled
security professionals available to support
DevSecOps development.
It’s worth looking to partnering with an
organisation that understands the tenets of
DevSecOps and that can work with DevOps
teams to provide relevant security insight
and support.
This will not only allow for the organisation
to embed security into the DevOps teams
more efficiently, but it will ensure that they
have access to the latest processes and
tools from security specialists at the top of
their game.
In addition to putting tighter locks around
DevOps innovations, DevSecOps offers a
variety of benefits to the organisation. It
www.intelligentcio.com
“
ULTIMATELY,
ORGANISATIONS
HAVE TO
CONSIDER THE
GOVERNANCE,
RISK, AND
COMPLIANCE
(GRC) MANDATES
THAT IMPACT ON
THEIR SECURITY
STANCE ACROSS
ALL AREAS OF
THE BUSINESS.
isn’t all box ticking and compliance, the
business also gets to enjoy some significant
cost savings thanks to the speed at which
issues are identified and resolved.
Vulnerabilities aren’t found after release;
they are uncovered in rigorous ongoing
testing throughout the DevOps process.
This, in turn, assures of faster recovery that
will reduce downtime and the number of
incidents, and improved threat hunting
that catches flaws before they affect the
company’s reputation.
The obvious benefit is improved overall
security – DevSecOps can be used to test
and assess legacy systems alongside the new
– and the creation of a more transparent
process that has all members of the
DevSecOps team collaborating and sharing
information openly.
DevSecOps testing allows for constant
improvement and iteration within tight
security parameters but without slowing
innovation to a crawl.
It can allow for the team to build in robust
systems that can be used to test across
multiple projects and that can potentially
improve software delivery and product
differentiation. It may be a relatively new
concept, but it is one that can be seamlessly
integrated into the DevOps environment and
that can add enormous value.
DevSecOps can remove the need for
expensive redevelopment and redesign,
align the organisation more tightly with
GRC, address risk at the outset, improve
quality and minimise the need for patching
down the line. With the right DevSecOps
partner, the skills challenge can be
deftly overcome while still retaining the
competitive advantage. n
INTELLIGENTCIO
39
39