Whether you are in development, operations or even security, DevOps is no doubt on your radar – and if it isn’t, it definitely should be.
In our age of cloud computing, Big Data and the ever evolving IoT, it has never been more important for your enterprise to rapidly develop and deploy stable software applications as fast as possible. How can I meet this challenge I hear you ask? Well, Gartner predicts that by this year 25% of Forbes’ Global 2000 companies will have found the answer in DevOps – and the uptake is only set to rise. However, before you even think about adopting DevOps, know that it’s changing. The next stage in the evolution of DevOps is here and its Rugged DevOps - DevOps with security.
DevOps or Die
DevOps is all about breaking down the barriers between development and operations, allowing greater communication between the two tribes. This communication throughout software development means that development and operations work hand-in-hand from development to produce and ship functional code to the end-user at ever increasing speeds.
A key example of how DevOps smooths out deployment is its approach to infrastructure management. For the operations executives amongst you, I’m sure you know of a team where custom scripts and manual configurations are the order of the day when it comes to managing infrastructure, and I bet they often experience software errors and slow deployments. This is where DevOps comes to save the day.
By sharing ideas with their friends from development, operations learn to treat infrastructure as code, using the same tools as developers to manage version control and continuous integration via automation platforms such as Chef and Puppet. However, the keen-eyed amongst you will have realized that this DevOps love-in has forgotten to invite an essential guest to the party. Security.
DevOps Doesn’t Necessarily Get You Over the Finish Line
In my view, you can have the best DevOps practices implemented, but without security playing its part, you can only go so far.
Imagine this scenario. Development and operations have put their heads together to deploy a stellar software solution on-time, on-budget and the market is eating it up. But wait, a malicious bug rears its ugly head post-deployment, what happens next? Development will have to go into over-drive to rush out a patch, fix or update, and all of this will most likely cost you time, money and your competitive edge. While some DevOps converts may believe security only hampers velocity and innovation, without security, DevOps’ strengths rest on unstable foundations.
DevOps and Security Sitting in a Tree…
Rugged DevOps is the evolution of DevOps. The same collaboration we’ve seen between dev and ops now needs to be applied to dev, sec and ops. At the end of the day, everyone in development, operations and security want to produce a good product, and of course ‘good’ includes secure.
In order to collaborate, first everyone needs to speak the same language. Where security sees a vulnerability to be secured, operations sees a performance glitch to be fixed and engineering sees some unplanned work to be sorted out. Also, it’s not just the case that everyone is talking different languages, but management hasn’t given each department guidance to work together. This poor communication is the main cause of the majority of critical system downtime, with regards to known vulnerabilities where a patch or more secure configuration is available. With a DevSecOps team, you are able bring all parties round the same table to attain a high velocity and agile software development environment, without worrying that the challenges and solutions will get lost in translation.
Rugged DevOps – DevOps with a Crunchy Security Core
For all of you security executives out there, I’ve got a naughty little secret for you. Where DevOps is being practised, DevOps teams are making security decisions ranging from infrastructure, policies, and compliance issues with not so much as a howdy to yourselves. It’s not that DevOps has ignored you up until now, it’s just that you haven’t had the presence to be included in every conversation.
The scale of this problem is clear when you consider the ratio of 100:10:1 of dev, ops and sec in typical enterprises. So, how can you ensure that you are part of every stage of the development process – through increased collaboration. Through Rugged DevOps, your friends in development and operations can become your ambassadors, spreading your message of security across their departments.
With Rugged DevOps, security is invited to start a conversation with development and operations to shift left security to the early stages of development. Checkmarx and WhiteSource are good examples of tools which embed security from the outset, allowing developers and security to work better together. This means any vulnerabilities are caught early, and the risk of delays caused by discovering security issues later in the game are reduced. With Rugged DevOps in place, your enterprise can now focus on kicking out greater functionalities and deployments at increasing rates. The benefits of Rugged DevOps are clear. So, where do we go from here?
A Rugged Future
DevOps only appeared on most of our radars back in 2009, but what a lot has changed since. In a few short years, DevOps has moved from a niche to a mainstream strategy, and it’s adoption rate is only set to rise. Through DevOps, enterprises have been able to attain shorter development cycles, increased release velocity and improved defect detection rates. And with the adoption of Rugged DevOps, software development is only set to become more productive.
At its inception, DevOps sounded like a revolutionary change in how software is developed, and for some it still does! And yet here we are, saying goodbye to DevOps and welcoming in its rugged baby with open arms. It’s clear progress waits for no one, and change is on its way. So, before it’s time to usher in the next stage of software development, don’t you think it’s time you embraced your rugged future?
I’m Rugged! Hear Me Roar!
By now, I hope I have convinced you that the only way to secure that agile and high velocity software supply chain you so crave is by baking security right through development via Rugged DevOps. I have? Great!
“So”, I hear you query, “what exactly do I have to do in order to implement Rugged DevOps?” I’m glad you asked! Stay tuned to our next post to find out how.