Why DevSecOps Is More Than a Technology Stack

Will Kelly Will Kelly
October 7, 2019 Big Data, Cloud & DevOps

You can’t buy DevSecOps—the practice of putting security practices into your DevOps methodology—but there’s marketing noise that may make you think that you can buy your way into DevSecOps. When you’re moving your enterprise teams to a DevSecOps model, you need to see it as more than just a technology stack. Here’s why.

Security Becomes Part of Development Culture

Application security for many enterprises meant doing the security work at the end of a waterfall development cycle. The security and development teams were often strangers or even natural enemies in the wild.

DevSecOps brings together the development, security, and operations teams during each phase of an agile development life cycle. Done correctly, it means that DevSecOps can make security and the security team part of the development culture, not a last sign-off before a feature goes live or a new product launch.

Becoming a development culture that prizes security isn’t going to happen overnight. You must collaborate with your line managers and senior staff to drive this cultural change as you journey toward DevSecOps.

DevSecOps Creates a Culture of Transparency

When developers, operations, security, and product management work in their own silos, it can be detrimental to product development. Pulling your teams together in a DevSecOps model is a path to greater transparency through data, analytics, and reporting. Better yet, the transparency comes from actual project data published on a centralized dashboard that can be the one source of truth for authorized team members and stakeholders.

Having these data available isn’t about just having a DevSecOps tech stack. It’s about putting processes and frameworks around the communications and retention of these data so that your developers, security, operations, and the business at large (product managers, business developers, executives) can use this actionable intelligence to maximum effect.

Increased transparency in the hands of the right managers and project leads can become a powerful diplomatic tool and even an equalizer among management peers. Data about project successes and issues come out in business terms, not in terms of a Microsoft PowerPoint slide show dripping in management speak.

Shared Goals and KPIs Become Possible

The next step after further transparency is your development, security, and operations teams developing shared goals and key performance indicators (KPIs) to judge the success of cross-functional efforts along your continuous integration/continuous development toolchain.

Using the actionable data that DevSecOps provides, all levels of management have facts on which to base business, technology, and security decisions. Such data can be a great equalizer (in the right hands) when politics or “he who talks the loudest” dominates corporate goal setting.

Security Education for Developers Becomes a Reality

It’s easy to say that you want to provide security education for your development teams. Unfortunately, security education for developers gets lost in conflicting priorities and budgets. Yet, a move to DevSecOps makes security education for developers a necessary gate because security becomes part of every developer’s workflow and no longer the last stop before the software goes gold.

Developing a security education program for your developers can take many forms and paths. First and foremost, you’re going to want to develop your chief technology, information, and security operations officers and even your auditors in the initiative. Your security and development teams should also be active participants in training development, offering feedback, experience, and insights into the training. Using outside contractors to develop and deliver the security training can be tempting, but assigning this work to internal staff is a sign of confidence and investment in the effort to your developers. You’re also going to want to have the resources in house to iterate on your security training as your teams learn more and technology stacks change.

Final Thoughts

DevOps and now DevSecOps provide the tools for a much-needed cultural change inside many of today’s enterprises. Success with DevSecOps comes from being able to separate the technology stack from the data you can derive and channel into business and technology decisions.

  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

  • Will Kelly

    Tags
    Big Data & Technology
    Leave a Comment
    Next Post
    Data Cleaning and Preprocessing for Beginners

    Data Cleaning and Preprocessing for Beginners

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in Big Data, Cloud & DevOps
    Big Data, Cloud & DevOps
    Cognitive Load Of Being On Call: 6 Tips To Address It

    If you’ve ever been on call, you’ve probably experienced the pain of being woken up at 4 a.m., unactionable alerts, alerts going to the wrong team, and other unfortunate events. But, there’s an aspect of being on call that is less talked about, but even more ubiquitous – the cognitive load. “Cognitive load” has perhaps

    5 MINUTES READ Continue Reading »
    Big Data, Cloud & DevOps
    How To Refine 360 Customer View With Next Generation Data Matching

    Knowing your customer in the digital age Want to know more about your customers? About their demographics, personal choices, and preferable buying journey? Who do you think is the best source for such insights? You’re right. The customer. But, in a fast-paced world, it is almost impossible to extract all relevant information about a customer

    4 MINUTES READ Continue Reading »
    Big Data, Cloud & DevOps
    3 Ways Businesses Can Use Cloud Computing To The Fullest

    Cloud computing is the anytime, anywhere delivery of IT services like compute, storage, networking, and application software over the internet to end-users. The underlying physical resources, as well as processes, are masked to the end-user, who accesses only the files and apps they want. Companies (usually) pay for only the cloud computing services they use,

    7 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: support@experfy.com

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2023, Experfy Inc. All rights reserved.