February 2, 2018
The Demand for Security in DevOps
A recent JAXenter article prompts the question if we should all adopt a security-first mindset when it comes to DevOps. The practice of DevOps is relatively nascent, but with pressing cybersecurity issues facing everything from national governments to Fortune 500 organizations to mom and pop businesses, DevOps is splintering into DevSecOps. But the real question is should we treat DevSecOps differently or simply put security first in DevOps efforts?
Is DevOps Different than DevSecOps?
The JAXenter article highlights interviews from six DevOps practitioners regarding their opinions on the matter. Tommy Tynjä, a consultant and senior software engineer, emphasizes that software development will always involve much more than development and deployment. The process inherently requires security, monitoring and quality assurance. He says the question highlights a larger issue in the industry. Companies are hasty to develop competitive software to boost efficiency and gain market share and security is treated like an afterthought. Solutions for security can also inhibit functionality of programs and retract efficiency if it is not developed in-step with the program initially.
The overall consensus of the respondents was that security should either come first or become so inherent in DevOps that we don’t even need another term for it. DevOps is DevSecOps.
DevOps practitioners along with other industry experts predict that more organizations will move operations to the cloud in 2018. There will be particularly high demand among small and medium sized enterprises or SMEs. Cloud migration allows for increased efforts in development operations and allows for more flexibility. Tynjä mentioned he sees faster delivery on DevOps projects as a result of moving to the cloud.
Pierre Vincnet of Poppulo warns that companies investing in their own infrastructure match their competitors at best. Chances are, competitors and start-ups are developing even better products in the cloud that companies can harness. Companies should work on developing what makes their business unique and developing internal, proprietary infrastructure simply isn’t. DevOps personnel can spend more time working on development and security when platforms migrate to the cloud.
Overall gains from cost and speed will continue to push the demand curve up for cloud migration. This will create room for businesses to focus on their core differentiators while paving the way for new companies in the SaaS space. It will also create a higher demand for DevOps professionals in the labor market. Given the inherent relationship between security and DevOps, DevOps practitioners with backgrounds in cybersecurity will be even more sought after in 2018.