Thursday, July 12, 2018
What is DevOps?
The DevOps movement came to life from the desire to apply principles of Agile software development to IT operations. DevOps usually involves practices such as automated testing, proactive monitoring, and Agile development. Like most tools or techniques within the cybersecurity industry, it requires effective education and research on its use and effectiveness. DevOps can be used to keep projects on schedule, improve productivity, and decrease costs.
A Universal System
As companies push for digital transformation, the adoption of Agile and DevOps methodology has been increasing to the point where it is almost universal. The question is not whether or not to use Agile software, but how to do so effectively.
The Enterprise Security Group (ESG) recently ran a research survey with IT/security/application development professionals responsible for their organization's network and/or cloud security. According to the survey, 95 percent of respondents said they have adopted or plan to adopt an Agile development and/or DevOps model for application development, deployment, and ongoing operations.
The Benefits of DevOps
The automation testing tools that are a key part of DevOps seem to be helping IT employees improve productivity. When surveyed for a CA Technologies and Coleman Parks Research study, respondents said their organization experienced a 43 percent improvement in employee productivity after adopting DevOps. The same survey found organizations that adopted DevOps also experienced a decrease in costs. On average, respondents reported a 38 percent decrease in IT-related costs.
What's more, a study by Embotics and Ponemon Institute found that most respondents acknowledged that DevOps could improve delivering projects on schedule, keep projects within budget and maintain service quality. What is surprising is that these benefits are often pushed to the side because they are incorrectly viewed as a speed bump in the flow of business.
During a recent Fuel webinar, Karen Crowley, Senior Product Manager at Tufin, cited a Threat Stack survey that discovered 68 percent of cybersecurity professionals find their CEO demanding that DevOps and security teams step out of the way to not slow down business. However, by keeping products on schedule or maintaining service quality through proactive monitoring, businesses are actually able to be more effective.
Educating the Whole Team
The Threat Stack survey also found that more than 50 percent of companies admit to cutting back on security measures to meet a business deadline or objective. To get everyone on board, there must be a culture of shared responsibility. For example, an approachable security team can help developers in leveling up their security skills, offering in-person training, in place of less effective computer-based training. Meanwhile, security teams should become familiar with the tools that developers are already using. Developers often want to release new features, while security teams want to minimize risks. Once everyone’s needs are understood, it is possible for the various factions to work together.
The challenge in the future will be how cybersecurity communities adapt to not having complete control and oversight over all operations. Because a major benefit of DevOps is fluidity, it runs counterintuitive to older methods, such as waterfall development, that was previously used. If teams are slow to adopt DevOps, this may come at the cost of security. Making sure that DevOps is coupled with effective training and proper procedures is vital to see success in the years to come.
To learn more about the state of network security, check out this Fuel webinar, featuring new research from the Enterprise Security Group (ESG).
Check out these Fuel blog posts for further reading: