Skip to main content
July 8, 2015

DevOps: The Rise of Subtle Security

DevOps: The Rise of Subtle SecurityWhat's in a name? If you're talking about the emerging idea of DevOps, then there's an easy answer: everything.

As noted byForbes, there's no single definition of the term; however, according to Adam Jacob, CTO of Chef Software, "DevOps is the experience of people who are using it to transform their businesses." In other words, the name means different things to different companies, IT professionals and laypeople alike.

Much the same way that subtleties are lost when words are translated across languages, the concept of unified development and operations is difficult, if not impossible, to communicate across enterprise boundaries. But there's real benefit there, especially when it comes to security and resiliency. So how do businesses leverage the subtle nature of DevOps deployments to bolster their IT bottom lines?

Do You Believe in Magic?

A recent RSA Conference article argues "DevOps is one of the hottest trends in all of IT," because it pushes the envelope of what's considered "possible" in modern IT shops. The result? When it works, IT successes appear as if by magic — applications are more secure, and network infrastructure is more resilient. But when it fails, it fails spectacularly, often causing C-suites to pull back their support in hopes of fixing whatever went wrong. Here's the thing: Chances are, the process was working as intended.

So how do companies tap this magic? It starts with the understanding that DevOps is partly code-based, and partly culture-based. Simply stuffing development and operations staff in the same room and hoping for a great result won't have the intended effect, and it may even set security back a few steps. By building a culture of self-organizing teams outside the bounds of hierarchical decision-making, however, it's possible to lay the foundation for long-term success.

DevOps team members need ownership of their efforts, along with a sense that their work is transformative rather than traditional. In addition, C-suite executives need to understand the value in different "translations" of DevOps. What delivers results for one company won't be the same for all companies — the path to innovation is based on a host of factors, including current IT climate, industry vertical and any existing development procedures already in place. Making magic happen requires the understanding that sometimes you get the rabbit, and sometimes the hat is empty.

DevOps Unleashed

While businesses must be willing to strike out on their own and define what DevOps means to them, they don't have to forge a road to better security and resiliency alone. Your best bet? Finding cloud-based tools that empower and automate critical development functions — such as application security testing and network resiliency evaluations — and make them central pillars of your DevOps effort. When team members are confident the nuts and bolts of their software development and corporate operations initiatives are backed by intelligent defensive tools, it gives them the freedom to push the envelope and define what DevOps truly means to your company.

Can combining development and operations efforts really empower IT security and resilience strategies? Absolutely. Their true value, however, doesn't come from replicating the security solutions of other companies, but from creating a subtle, pervasive security environment that inhabits all aspects of the IT landscape. Paired with the right third-party tools, it's possible to leverage the name but translate DevOps into your unique corporate language.

Photo Source: Morguefile

Related Content

Doug Bonderud is a freelance writer passionate about the evolution of technology and its impact on companies, stakeholders and end-users alike. Want to know more? Follow Doug on Twitter.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.