The rise of cloud computing brings many exciting changes to the technology industry: elastic scalability of resources, commodity pricing, freedom to experiment, and a newfound love for agile philosophies. Thankfully, the cloud is leaving behind the constraints and practices of the legacy security industry. Here lies an exciting opportunity: with the rise of DevSecOps, we get to truly redefine how operations, engineering, and security can be brought together in harmony to achieve unparalleled success.
In the past, organizations kept the domains of engineering, operations, and security separate for scalability and accountability reasons. Preventing engineering and operations from intermixing guaranteed that production environments were held to a higher standard of reliability, resiliency and consistency than that of engineering environments like those used for development and testing.
However, in the last few years, the evolution of DevOps philosophies has really taken the industry by storm. DevOps is not exactly new -- it’s arguably a manifestation of the scientific method in our field (computer science): observe, hypothesize, predict, and experiment (test). This maps neatly to the Learn, Build, Measure principles from the Lean Startup: a DevOps Bible. It’s easy to see how structured, proven methods for improving things, like technology, can propel a business forward. These methods are an improvement compared with legacy practices that often included gut feelings, flawed data samples, and other such inaccurate methodologies.
DevOps pays big dividends for progressive organizations. Rapid delivery of infrastructure, code, and data has enabled a cornucopia of startups to flourish by capitalizing on customer feedback 100 times faster than incumbent players. Deep telemetry of systems, user experiences, and behaviors has helped organizations better serve their customers and predict their growing needs. Transparency around challenges has endeared customers to many disrupters, as they build a level of trust and understanding that is hard to capture via other means.
However, these fast-moving behaviors have often resulted in a lack of proper security practices. When time is tight, a minimum viable product (MVP) must be built, and anything not core to the fundamental product is often omitted until a future effort can be mustered. This is especially problematic when security is considered.
Why did security fall behind? Frankly, the security solutions that were built for decades-old computer architectures were proprietary, slow, and resource-intensive. This old security model was unsustainable for the new opportunities of today’s cloud-centric world, where security solutions must be agile, lightweight, loosely coupled, and extensible.
If you follow the discussions from the thought leaders in both the security and DevOps camps, you’ll quickly discover that both sides of the discussion (security and DevOps) are starting to find common ground. We’re now seeing a new “marriage” of SecOps and DevOps that is creating a whole new mentality for driving innovation inside and outside of organizations.
On the interior, DevOps and security teams are now actively collaborating as peers, rather than in the traditional requestor/approver relationship, and making a seat at the table for security professionals. This makes it easier for organizations to align their security goals with the delivery of their product.
At the exterior, a new breed of security startups are delivering open, flexible, fast security solutions that are delivering near instant ROI to fast-moving organizations. In mere minutes, a solution can be deployed against your cloud and can start delivering security intelligence back to the DevOps teams through integrations with popular solutions like Jira, Zendesk, Pagerduty, and many others. Data is no longer held hostage inside a proprietary solution. We’ve created a new era of Security and DevOps coming together… and defining DevSecOps as the new high watermark to achieve.
DevSecOps is propelling forward-thinking organizations by doing something simple -- fostering collaboration of seemingly contradictory teams to align their disparate goals into a singular effort. Accelerating security intelligence to keep pace with the continuously updated cloud environments enables teams to detect problems faster, respond faster, and protect their resources more effectively.
In a few years, we’ll fondly look back on 2015 as the year that DevOps and SecOps “got married” for common collaboration and shared goals, and we’ll forget the suboptimal security models of the past.
Jon Collins’ in-depth look at tech and society
Phil Muncaster reports on China and beyond