{"id":9038,"date":"2020-07-24T07:58:45","date_gmt":"2020-07-24T07:58:45","guid":{"rendered":"https:\/\/www.experfy.com\/blog\/?p=9038"},"modified":"2023-11-24T16:17:12","modified_gmt":"2023-11-24T16:17:12","slug":"why-security-needs-to-be-integral-to-devops","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/why-security-needs-to-be-integral-to-devops\/","title":{"rendered":"Why Security Needs To Be Integral To DevOps"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"9038\" class=\"elementor elementor-9038\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-12c558c0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"12c558c0\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-12077759\" data-id=\"12077759\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6d5626a7 elementor-widget elementor-widget-text-editor\" data-id=\"6d5626a7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\n<p><em><strong>Bottom Line:<\/strong>\u00a0DevOps and security teams need to leave one-time gating inspections in the past and pursue a more collaborative real-time framework to achieve their shared compliance, security and time-to-market goals.<\/em><\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>Shorter product lifecycles the need to out-innovate competitors and exceed customer expectations with each new release are a few of the many reasons why DevOps is so popular today. Traditional approaches to DevOps teams collaborating with security aren\u2019t working today and product releases are falling behind or being rushed to-market leading to security gaps as a result. \u00a0<\/p>\n<!-- \/wp:paragraph -->\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3544a84 elementor-widget elementor-widget-text-editor\" data-id=\"3544a84\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<!-- wp:paragraph -->\n<p>Based on conversations with DevOps team leaders and my own experience being on a DevOps team the following are factors driving the urgency to integrate security into DevOps workflows:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:list -->\n<ul>\n<li>Engineering, DevOps and security teams each have their lexicon and way of communicating reinforced by siloed systems.<\/li>\n<li>Time-to-market and launch delays are common when engineering, DevOps and security don\u2019t have a unified system to use that includes automation tools to help scale tasks and updates.<\/li>\n<li>Developers are doing Application Security Testing (AST) with tools that aren\u2019t integrated into their daily development environments, making the process time-consuming and challenging to get done.\u00a0<\/li>\n<li>Limiting security to the testing and deployment phases of the Software Development Lifecycle (SDLC) is a bottleneck that jeopardizes the critical path, launch date and compliance of any new project.<\/li>\n<li>70% of DevOps team members have not been trained on how to secure software adequately according to a\u00a0<strong><em><a href=\"https:\/\/www.computerweekly.com\/news\/450424614\/Developers-lack-skills-needed-for-secure-DevOps-survey-shows\" target=\"_blank\" rel=\"noreferrer noopener\">DevSecOps Global Skills survey<\/a>.<\/em>\u00a0<\/strong><\/li>\n<\/ul>\n<!-- \/wp:list -->\n\n<!-- wp:paragraph -->\n<p>Adding to the urgency is the volume of builds DevOps teams produce in software companies and enterprises daily and the need for having security integrated into DevOps becomes clear. Consider the fact that Facebook on Android alone does 50,000 to 60,000 builds a day\u00a0<strong><a href=\"https:\/\/engineering.fb.com\/web\/rapid-release-at-massive-scale\/\" target=\"_blank\" rel=\"noreferrer noopener\"><em>according to research cited<\/em><\/a>\u00a0<\/strong>from\u00a0<a href=\"https:\/\/www.checkmarx.com\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong><em>Checkmarx<\/em><\/strong><\/a>\u00a0who is taking on the challenge of integrating DevOps and security into a unified workflow. Their Software Security Platform unifies DevOps with security and provides static and interactive application security testing, newly launched software composition analysis and developer AppSec awareness and training programs to reduce and remediate risk from software vulnerabilities.<\/p>\n<!-- \/wp:paragraph -->\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cd6dae8 elementor-widget elementor-widget-heading\" data-id=\"cd6dae8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3><strong>Synchronizing Security Into DevOps Delivers Much Needed Speed &amp; Scale<\/strong><\/h3>\n<!-- \/wp:heading --><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c8decc6 elementor-widget elementor-widget-text-editor\" data-id=\"c8decc6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>DevOps teams thrive in organizations built for speed, continuous integration, delivery and improvement. Contrast the high-speed always-on nature of DevOps teams with the one-time gating inspections security teams use to verify regulatory, industry and internal security and compliance standards and it\u2019s clear security\u2019s role in DevOps needs to change. Integrating security into DevOps is proving to be very effective at breaking through the roadblocks that stand in the way of getting projects done on time and launched into the market. \u00a0Getting the security and DevOps team onto the same development platform is needed to close the gaps between the two teams and accelerate development. Of the many approaches available for accomplishing this Checkmarx\u2019s approach to integrating Application Security Testing into DevOps shown below is among the most comprehensive:\u00a0\u00a0<\/p>\n<!-- \/wp:paragraph -->\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-958df72 elementor-widget elementor-widget-image\" data-id=\"958df72\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/specials-images.forbesimg.com\/imageserve\/5f0b5093147a4f0006e5bfc8\/960x0.jpg?fit=scale\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-03fa7a2 elementor-widget elementor-widget-heading\" data-id=\"03fa7a2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">\n<!-- wp:heading {\"level\":3} -->\n<h3><strong>Making DevOps A Core Strength Of An Organization<\/strong><\/h3>\n<!-- \/wp:heading -->\n<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f7fcc15 elementor-widget elementor-widget-text-editor\" data-id=\"f7fcc15\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<!-- wp:paragraph -->\n<p>By 2025 nearly two-thirds of enterprises will be prolific software producers with code deployed daily to meet constant demand and over 90% of new apps will be cloud-native, enabling agility and responsiveness according to<em>\u00a0<a href=\"https:\/\/www.idc.com\/getdoc.jsp?containerId=US45599219\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"broken_link\"><strong>IDC FutureScape: Worldwide IT Industry 2020 Predictions<\/strong>.<\/a><\/em>\u00a0IDC also predicts there will be 1.6 times more developers than now, all working in collaborative systems to enable innovation. The bottom line is that every company will be a technology company in the next five years according to IDC\u2019s predictions.<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>To capitalize on the pace of change happening today driven by DevOps, organizations need frameworks that deliver the following:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:list -->\n<ul>\n<li><strong>Greater agility and market responsiveness<\/strong>\u00a0\u2013 Organizations need to create operating models that integrate business, operations and technology into stand-alone businesses-within-the-business domains.<\/li>\n<li><strong>Customer Centricity at the core of business models<\/strong>\u00a0\u2013 The best organizations leverage a connected economy to ensure that they can meet and exceed customer expectations. \u00a0By creating an ecosystem that caters to every touchpoint of the customer journey using technology, these organizations seem to anticipate their customer needs and deliver the goods and services needed at the right time via the customer\u2019s preferred channel. \u00a0As a result, successful organizations see growth from their existing customer base while they acquire new ones.<\/li>\n<li><strong>Have a DNA the delivers a wealth of actionable Insights<\/strong>\u00a0\u2013 Organizations well-positioned to turn data into insights that drive actions to serve and anticipate customer needs are ahead of competitors today regarding time-to-market. \u00a0These organizations know how to pull all the relevant information, capabilities and people together so they can act quickly and efficiently in making the right decisions. They are the companies that will know the outcome of their actions before they take them and they will be able to anticipate their success.<\/li>\n<\/ul>\n<!-- \/wp:list -->\n\n<!-- wp:paragraph -->\n<p>BMC\u2019s Autonomous Digital Enterprise framework, shown below highlights how companies that have an innovation mindset and the three common traits of agility, customer centricity and actionable insights at their foundation have greater consistency and technology maturity in their business model characteristics compared to competitors. They also can flex and support fundamental operating model characteristics and key technology-enabled tenets. These tenets include delivering a transcendent customer experience, automating customer transactions and providing automation everywhere seeing enterprise DevOps as a natural evolution of DevOps, enabling a business to be more data-driven and achieving more adaptive cybersecurity in a Zero-Trust framework.\u00a0<\/p>\n<!-- \/wp:paragraph -->\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-65173b2 elementor-widget elementor-widget-image\" data-id=\"65173b2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/specials-images.forbesimg.com\/imageserve\/5f0b52af5e77b20007893347\/960x0.jpg?fit=scale\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4e5ff5f elementor-widget elementor-widget-heading\" data-id=\"4e5ff5f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><!-- wp:heading {\"level\":3} -->\n<h3><strong>Conclusion<\/strong><\/h3>\n<!-- \/wp:heading --><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7281ec6 elementor-widget elementor-widget-text-editor\" data-id=\"7281ec6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<!-- wp:paragraph -->\n<p>Meeting the challenge of integrating security in DevOps provides every organization with an opportunity to gain greater agility and market responsiveness, become more customer-centric and develop the DNA to be more data-driven. These three goals are achievable when organizations look to how they can build on their existing strengths and reinvent themselves for the future. As DevOps success goes so goes the success of any organization.\u00a0Checkmarx\u2019s approach to putting security at the center of DevOps is helping to break down the silos that exist between engineering, DevOps and security. To attain greater customer-centricity, become more data-driven and out-innovate competitors, organizations are adopting frameworks including BMC\u2019s Autonomous Digital Enterprise to reinvent themselves and be ready to compete in the future now.<\/p>\n<!-- \/wp:paragraph -->\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>DevOps and security teams need to leave one-time gating inspections in the past and pursue a more collaborative real-time framework to achieve their shared compliance, security and time-to-market goals.<\/p>\n","protected":false},"author":138,"featured_media":9039,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[187],"tags":[128,350],"ppma_author":[2679],"class_list":["post-9038","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bigdata-cloud","tag-devops","tag-security"],"authors":[{"term_id":2679,"user_id":138,"is_guest":0,"slug":"louis-columbus","display_name":"Louis Columbus","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_65812956-54d2-4b01-9e05-0d23abb284c7-150x150.jpg","user_url":"https:\/\/softwarestrategiesblog.com\/","last_name":"Columbus","first_name":"Louis","job_title":"","description":"Louis Columbus is currently serving as Principal, IQMS. He is Marketing and Product Management Leader, Forbes Columnist, Software Expertise in Analytics, Cloud, CPQ &amp; ERP Solutions. He teaches MBA courses in international business, global competitive strategies, international market research, and capstone courses in strategic planning and market research. He has taught at California State University, Fullerton: University of California, Irvine; Marymount University, and Webster University."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9038","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/138"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=9038"}],"version-history":[{"count":5,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9038\/revisions"}],"predecessor-version":[{"id":34376,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9038\/revisions\/34376"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/9039"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=9038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=9038"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=9038"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=9038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}