Successful DevOps Leads to Successful DevSecOps

DevSecOps

Publish Date

Jul 6, 2018

Written by

Andrei Bezdedeanu

Tagged with

  • DevSecOps
  • DevOps

Organizations that successfully adopt DevOps position themselves well to mature to DevSecOps. For them, including the security group into a cross-functional team in order to build more secure systems is just as much part of the company culture as building high-quality, supportable software.

It’s important to remember that DevOps and DevSecOps are not job titles or roles. They are significant shifts in thinking and processes.  When companies don’t embrace them, they affect their ability to fuel innovation. They fall behind. According to Gartner, 90 percent of organizations attempting to use DevOps without specifically addressing their cultural foundations will eventually fail to deliver.

Warning Signs that a DevOps Initiative Isn’t on Track
DevOps is first and foremost a cultural transformation within an organization. It is aimed at breaking down the barriers between development, support and QA in order to create an environment based on collaboration and shared accountability. Difficulty in communication and collaboration, finger pointing and a lack of enthusiasm for the common goals of the team are generally early warning signs that the DevOps initiative is not going well.

Like most cultural transformations, DevOps needs to start at the top of the organization. The C-suite must understand and promote the concept, identify and empower champions within their organization and lead by example. When their actions and messages go against basic DevOps concepts, when leadership fails to actively support them, these initiatives almost always fail.

The Definition of Insanity
To course correct a DevOps effort, the biggest mistake organizations make is trying to continue down the same path and think that there will be a different outcome. Positive change is often needed to realign a failing program, such as a change in champions, team structure or overall approach. If the organization is truly committed to modernizing development, it has to reset expectations, re-affirm support and often find new champions to lead the way to get this initiative back on track.

DevOps to DevSecOps
Modernizing your development processes will enable your organization to more easily and seamlessly automate and embed security into the development process, for true DevSecOps. And doing so—continuously—is critical to increasing and delivering on innovation velocity. In fact, Gartner predicts that DevSecOps will be embedded into 80 percent of rapid development teams by 2021. The nature of Agile development and DevOps means deployment velocity is accelerating so fast that traditional (manual, periodic) approaches to security cannot scale. This lack of scale means higher risks or releasing vulnerabilities into production and higher costs of fixing existing vulnerabilities.

Managing risk and cost are important responsibilities of leadership teams in any enterprise today and creating an environment where DevOps, followed by DevSecOps, can be embraced is only the beginning of an important transformational journey. Read how The Dana Foundation embedded security into its software development lifecycle (SDLC) to accelerate DevOps adoption. 


eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now

Videos

Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles

DevSecOps

When DevOps as a Service Meets Security

By Joanne Godfrey Jul 20, 2021

DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing ...

Read More

Vulnerability Correlation

What is Application Vulnerability Correlation and Why Does it Matter?

By ZeroNorth May 28, 2021

As applications become more complex, and attack vectors grow more sophisticated, the critical importance of comprehensive software security testing emerges. These days, application testing has become ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.