Cloud computing trends show this technology is on the way up: RightScale's new "2015 State of the Cloud Report" — as detailed by Market Wired — found 93 percent of organizations are already running cloud applications or experimenting with Infrastructure as a Service (IaaS). DevOps isn't much further behind, with the report showing adoption is up to 66 percent across companies of all types and 71 percent in enterprises specifically. This is not surprising, since the technology of cloud computing and the mind-set of DevOps are naturally complementary. But while the future is bright for software development and Agile iteration, what's the impact for AppSec? Are cloud computing trends prompting a change in the IT security mind-set?
Development and operations were once separate silos in many organizations, and in some enterprises they remain that way as a result of mutual distrust. But as noted by Tech Target, IT pros from both camps began to see the benefits in working together, since doing so both sped up app development time and increased organizational effectiveness. In 2009, this hybrid department was termed "DevOps," though most shops still operated almost entirely in-house. In the last few years, however, cloud computing has emerged as a revolutionary force in the technology landscape. It didn't take long to notice the similarities: Both the cloud and DevOps focus on the benefits of agility and on-demand decision making.
It's easiest to think of them as two sides of the same coin: Cloud technology provides the infrastructure for agility, while DevOps provides necessary thought leadership and human oversight. This partnership has already led to changes in the DevOps space, with many firms now choosing object- and model-based tools like Chef or Puppet over more traditional script-based alternatives. Simply put, cloud computing trends toward broader adoption and simpler use make it an easy fit for DevOps. But that's just the beginning.
A Venture Beat article argues that despite the big gains DevOps and the cloud offer, there are a number of barriers to effective adoption. To break these barriers, companies must be willing to take a number of difficult steps, including acknowledging that moving to Agile, cloud-powered DevOps may not be simple or streamlined. In effect, organizations must be prepared to fail — and learn from that failure — if they're looking to tap the true power of unified development and operations. In addition, enterprises must be willing to embrace the integration of "legacy" technologies into Agile DevOps. Why? Because as a senior bank executive told Venture Beat, these legacy systems are often at the core of a company's network and can't simply be left behind.
This need for integration also speaks to the need for a new security mind-set. Traditionally, AppSec existed outside both the development and operations purview, instead resting with in-house security professionals or outsourced providers. The rise of Agile, cloud-enabled AppSec tools, however, means security must be considered as a leading candidate for DevOps integration. Call it SecDevOps, DevOps or use an entirely new acronym, but the necessity can't be ignored; development, operations and security are all after the same goal, and they all use the same technology backbone to accomplish the task. Bottom line? Expect to see security integration with DevOps as one of the next big cloud computing trends.