DevOps is an approach to software development and IT operations processes that incorporates Agile methodologies. Its core principles of empowerment, automation, and collaboration between development and operations drives efficiencies, quality improvements and profitability.
Traditionally, security was seen as an essential add-on that received attention once the application had been developed. In our new world of cloud platforms, microservices, containers and an improved approach to development + operations (DevOps!), leaving security to the end does not work. A new approach is needed to keep pace with todays’ advances. That approach is DevSecOps.
How is DevOps security different from traditional security?
DevSecOps is an extension of DevOps; emphasizing security at each stage of the software development life cycle. It integrates security with DevOps by addressing issues as they emerge within Continuous Integration (CI) and Continuous Delivery (CD) pipelines. In traditional software development, the process followed a “waterfall” model - a sequential system, divided into phases. The output of one phase forms the input of the next. Different teams following a traditional waterfall model typically work independently with the model often introducing security testing only during the last stages. The process results in several changes until the product complies with the recommendations of the security team. The endless changes and patches make the development process longer and more expensive.
In a DevOps environment, developers and operations teams work side by side throughout the entire process of developing, deploying, and managing applications – and security is a consideration the whole way though. The nature of DevOps is continuous, with constant collaboration and iterative improvements throughout the entire lifecycle. Teams that practice DevSecOps release deliverables more frequently, with higher quality and stability and increased security. By increasing the frequency and velocity of releases, DevOps teams improve products rapidly and with integrated active security audits and security testing, the end result reduces the compliance issues faced by all organisations.
To be continued in Part 2
Eileen O’Mahony (General Manager, WM Promus)