At a conceptual level, you can compare most moderately complex businesses to the inner workings of a mechanical clock. They both require several parts moving in sync to function (think accountants, sales reps and marketing).
Apply that analogy to the software development industry, and you have something resembling a cuckoo clock. Forgetting the countless integral external roles, core responsibilities such as operations, security and development function in dissimilar circles despite ostensibly working toward the same goal: a design flaw in the SDLC that results in siloization, unnecessary secrecy and all sorts of other problems a DevOps team can help fix.
Communication, in other words, is key. As industries of all shapes and sizes continue along the path toward software integration, smaller, less specialized "gears" will become more and more critical, making DevOps a movement built to suit both where the industry is, and where it's headed.
Let's turn away from clocks and talk about ice cream for a second. Neapolitan, specifically, the kind that comes with clearly defined strawberry, chocolate and vanilla stripes.
In some ways, traditional development teams resemble Neapolitan ice cream that's still in the carton. The clearly defined lines are just that: A set of individually skilled teams who mostly interact with one another and tend to view other departments with mistrust, or at least a misplaced sense of rivalry.
DevOps aims to change this by blending the teams that build all the components of a given software product. Software, like clocks and businesses, can be described as a shell surrounding a vast array of moving parts. By that token, crafting each of those segments with a multidisciplinary DevOps team means products are built with a broad range of professional skill sets and concerns in mind from the very beginning.
How you structure your teams is up to you and the needs of your company, of course. Whatever path you take, make sure you build the teams with the three tentpoles emphasized in Gartner's "Market Trends: DevOps" white paper: trust, honesty and responsibility. If your plan is to foster those between your organization's disparate departments, then you're on the right track.
From a security standpoint, the blended DevOps outlook is huge. Compared to the old days, where each department was effectively its own stop on a heavily segmented road map, the DevOps team represents a collaborative, flexible alternative — one where showstopping flaws are caught at an earlier, not to mention much cheaper, stage.
The more processes you can automate, the more blending you enable. Being able to perform multiple security tasks with a single click is essential to DevOps's focus on adaptive, multifunctional teams; beyond the tangible gains, demystifying and democratizing the security process goes a long way toward facilitating that trust-honesty-responsibility trifecta.
That's not to say the tangible benefits aren't worth exploring, though. With its Agile-like take on the design and build processes, exploits and other security problems are dispatched quickly and on demand. That gives the DevOps team an inherent advantage over organizations still running under the old-school structure, especially when those organizations have adopted rapid iterations. When your teams are as flexible as your releases, no security flaw is too large to overcome.
Automating rote tasks such as testing adds an extra layer of security, too, by removing human error from the repetition that can often invite it. With a drilled-down set of responsibilities, security personnel can make better use of their time, contributing more to the DevOps team in the process.
In the end, an organization that has employees working toward a unified goal will always be more secure than one whose motivation stops at the departmental level. When keeping even standard sales transactions and internal communications secure requires tight coordination from multiple skilled roles, DevOps offers the sort of security other schools of thought can't by design.
DevOps isn't a quick-fix solution for every communication problem within an organization. What it is, though, is a logical evolution of the way people use software — set of tools and philosophies built around quick reactions and, more importantly, effective interdepartmental interaction.
It's also more heavy-duty than one post can adequately describe. If you still have questions about what DevOps is or how your company can best implement it, make sure to check out Market Trends: DevOps, Gartner's white paper on the methodology — and if automated security is the next stop on your DevOps checklist, reach out to CA Veracode for help getting started.
Photo Source: Wikimedia Commons