Intelligent CIO Africa Issue 31 | Page 39

cyber agenda, it enhances it, allowing for DevOps to innovate and iterate without worrying that they may compromise security. Unfortunately, in as much that DevSecOps feels like an intuitive step forward, it is one that few organisations understand or know how to implement. Logz.io’s 2018 DevOps Pulse Report found that most DevOps professionals aren’t prepared for security – 76% were either in the process of implementing DevSecOps or hadn’t even begun to consider it. This is partly due to a lack of understanding, but also the limited skill pool. There just aren’t enough skilled security professionals available to support DevSecOps development. It’s worth looking to partnering with an organisation that understands the tenets of DevSecOps and that can work with DevOps teams to provide relevant security insight and support. This will not only allow for the organisation to embed security into the DevOps teams more efficiently, but it will ensure that they have access to the latest processes and tools from security specialists at the top of their game. In addition to putting tighter locks around DevOps innovations, DevSecOps offers a variety of benefits to the organisation. It www.intelligentcio.com “ ULTIMATELY, ORGANISATIONS HAVE TO CONSIDER THE GOVERNANCE, RISK, AND COMPLIANCE (GRC) MANDATES THAT IMPACT ON THEIR SECURITY STANCE ACROSS ALL AREAS OF THE BUSINESS. isn’t all box ticking and compliance, the business also gets to enjoy some significant cost savings thanks to the speed at which issues are identified and resolved. Vulnerabilities aren’t found after release; they are uncovered in rigorous ongoing testing throughout the DevOps process. This, in turn, assures of faster recovery that will reduce downtime and the number of incidents, and improved threat hunting that catches flaws before they affect the company’s reputation. The obvious benefit is improved overall security – DevSecOps can be used to test and assess legacy systems alongside the new – and the creation of a more transparent process that has all members of the DevSecOps team collaborating and sharing information openly. DevSecOps testing allows for constant improvement and iteration within tight security parameters but without slowing innovation to a crawl. It can allow for the team to build in robust systems that can be used to test across multiple projects and that can potentially improve software delivery and product differentiation. It may be a relatively new concept, but it is one that can be seamlessly integrated into the DevOps environment and that can add enormous value. DevSecOps can remove the need for expensive redevelopment and redesign, align the organisation more tightly with GRC, address risk at the outset, improve quality and minimise the need for patching down the line. With the right DevSecOps partner, the skills challenge can be deftly overcome while still retaining the competitive advantage. n INTELLIGENTCIO 39 39