| | June 20158CIOReviewopinionin my Michael Golzhe typical DevOps organization has earned the hard-won benefits from overcoming the upheaval of legacy processes and technologies. In fact, your average DevOps organization has achieved significant efficiencies that grant market advantage over competitors who are still stuck in less optimal patterns. Once an organization adopts a DevOps-centric philosophy and practice, where does it focus its attention to gain the next advantage or efficiency? The answer may surprise you: the wondrous world of Security!Security may not be the most obvious complement to an agile development and operations practice, but it does offer the greatest benefit to organizations when spliced into the DevOps DNA. But the (sometimes surprising) truth is, security, despite its reputation for being friction-oriented and risk averse, can make DevOps organizations really fly.DevOps is all about speed, automation, and iteration. We'll break down the traditional DevOps patterns in each of these three domains, and describe how to reinvent the application of traditional security mechanisms and concepts to create impressive outcomes.SpeedWhen you think about agility and DevOps, often the first thing that comes to mind is Continuous Integration and/or Continuous Delivery (CI/CD). These practices, in effect, are functionally consuming every code change as a trigger to build a new set of packages or release code. Then, that code is deployed and tested in an automated fashion. This instills a notion of quality and reliability to the development and deployment process, as everyone is responsible for the success of the build.When changes and builds happen at such a furious pace, especially as the end of a sprint or release cycle nears, there is often a build-up of entropy in the system. Automated functional and acceptance tests accelerate the dissipation of this accumulated risk, but security controls are often not included in the battery of verifications. This results in security professionals having to fall back on historical patterns and manual or unsophisticated audits. We've all been there...sitting in a room or on a conference call answering an endless checklist of questions, often after we've already pushed the deployment out the door. This type of security--happening after the fact--is the exact opposite of what we want.How does Continuous Security (CS) fit the model and improve on this legacy approach? New security solutions, especially Security-as-a-Service solutions, are often built like modern DevOps technologies. This new generation of security products and services offer fully-featured RESTful APIs, native programming language SDKs, and a number of integration points with the DevOps tools we know and love. This eases the pain of tying security capabilities into the DevOps toolchain, but accelerating the technology processes happens as part of the post-integration effect rather than from By Tim Prendergast, Founder & CEO, Evident.ioHow Continuous Security Revolutionizes DevOps OrganizationsTTim Prendergast
< Page 7 | Page 9 >