In many ways, the DevOps process looks a lot like cooking for a large dinner party—with very short notice. DevOps requires the right blend of technical acumen, automated processes and tools to shorten development cycles and cut costs, empowering developers to serve up high-quality applications (or delicious entrees and desserts) in record time. Just like cooking, DevOps is a methodology that encourages experimentation. If something doesn’t taste quite right, you simply adjust the process in the next round of preparation. And, if it’s done right, you can still get a proper dinner on the table when guests arrive.
But what happens when compliance enters the kitchen to make sure security controls are implemented and monitored consistently? When measured against a black-and-white set of rules (whether mandated by a security framework, government body or customer contractual terms) these culinary creations are rendered inedible. The meat is two degrees off from a safe internal temperature, the veggies are missing key nutrients and the cake is lopsided because the batter wasn’t weighed precisely.
DevOps and compliance teams are focused on—and incentivized by—very different priorities, so naturally, their perspectives are at odds.
DevOps teams are charged with innovating at high velocity to speed up software delivery and enable digital transformation initiatives that create a competitive advantage. According to Puppet, high-performing IT teams that implement DevOps practices are more agile, deploying software and changes 46x more frequently with 440x faster lead times than their lower-performing peers[1].
On the flip side, compliance teams are responsible for meeting ever-mounting regulations to protect the organization against crippling fines. What’s more, customers’ continued trust rests in their hands. A recent IBM study shows 64% of consumers have opted not to work with a business due to concerns about whether they could keep their data secure[2].
Simply put, modern business cannot have one without the other. Security and DevOps must unite to serve up DevSecOps.
Having two cooks in the kitchen can get crowded, not to mention that breaking down siloes while unifying DevOps, security and compliance teams to establish new processes takes precious time and resources.
Julia Child didn’t master the art of French cooking overnight. She tested and re-tested (again, again and again) all her recipes, making methodical adjustments until they were absolutely perfect. She learned and adopted new cooking techniques from different cultures. She figured out how to ask the right questions, and successfully implement feedback, to improve her craft.
CISOs and compliance officers can learn a lot from this approach to a craft. Instead of simply focusing on how to do their jobs, they must consider looking at things on a more macro level, reframing their question in terms of overall risk, so it becomes something like:
Whether they’re created by modern ways of working or ever-shifting attack methods, how do I gain complete and continuous visibility of the risks impacting my business?
The answer is clear: by embedding automated, transparent risk management into the entire DevOps process. Or to mix metaphors, from recipe ideation, food shopping and preparation to plate presentation and the meal itself. That is the journey you must take. Here are five ways to start making that shift right now:
Modern business cannot move forward with just one team playing the role of head chef. DevOps and compliance teams must collaborate together to create masterpieces. This is a difficult, but necessary, reality of organizational transformation. Following these steps can help teams align on a common, shared mission—to deliver secure products that create significant business advantage—and “taste” great to the customers they’re trying to reach.
[1] Source: DevOps Mythbusting
[2] Source: Survey: Consumer Attitudes Towards Data Privacy
*** This is a Security Bloggers Network syndicated blog from Blog | ZeroNorth authored by ZeroNorth. Read the original post at: https://www.zeronorth.io/blog/the-joy-of-secure-devops-demands-more-cooks-in-the-kitchen/
You know YouTube, and you probably love YouTube. Beyond a place to share creative videos, it can be a great…
Understanding ITDR and ISPM In the cybersecurity world, two emerging identity-centric categories promise to provide... The post ITDR vs ISPM:…
Remember the old saying: “You can’t protect what you can’t see”? When I started preaching about it as part of…
Learn how to elevate your CX strategies with CIAM and data-driven insights. From seamless digital experiences to proactive customer engagement,…
Penetration testing, or pen testing for short, is a critical way to protect IT systems and sensitive data from malicious…
Virtual private networks (VPNs) form a staple of the modern work environment. VPNs provide an essential layer of protection for…