Impact of DevOps on Cyber
Abstract:
DevOps is a rapidly emerging and arguably transformational approach to software development and deployment which typically involves the collaboration and communication of both software developers and IT operations profes- sionals, while automating the process of software delivery and infrastructure changes. This involves a significant shift in the way organizations approach application development/deployment. The benefits of DevOps, in short, include shorter cycle times, faster testing times, more automation, and (hopefully) better code. DevOps can improve information security, though it is not automatic, as Dev and Ops people are not security experts. Even though DevOps leaves some leaders nervous about quality and cybersecurity, done right, DevOps can catch security flaws earlier in the delivery cycle and enable organizations to respond faster to compromises. Integrating in- formation security teams into DevOps (“Rugged DevOps”) ensures that security is not an afterthought relegated to an isolated department, but rather is involved in all stages of application development. Yet, bridging this three-way cultural gap is easier said than done, and may not result in an entirely harmonious match. DevOps wants to rapidly develop and deploy software, while Cyber Security personnel want to mitigate and manage risk by thoroughly checking for any potential breachable point in the software. Security teams working with traditional development and deployment models typically have time and resources to check and harden code at the end of the development cycle, but this becomes more difficult with the rapid release cycles of DevOps. Or at least it requires a change to methodology. Security teams can potentially benefit from the tools and processes that DevOps excels at— automation, orchestration, and instrumentation—and apply them to security.
In this panel, we will hear from a group of experts on the challenges and opportunities presented by DevOps.
Market Statistics:
CA survey data indicate companies that embraced a DevOps methodology increased their speed to market by 20%, leading to a 22% boost in customer relations and a 19% increase in revenue
Gartner predicted that a quarter of Global 2000 companies will have adopted DevOps by the end of 2016
The market for tools supporting the DevOps philosophy is growing at ~20%, reaching $2.3 billion in 2015
Discussion Topics:
Does DevOps hurt or help security? What is your view and why?
What are the top sources of resistance to DevOps by security professionals?
Is there a way to automate the ever increasing number of software security and regulatory compliance checks without moving toward Rugged DevOps? How do you manage the already tricky relationship between security and IT teams? Is this worse in organizations that have DevOps teams? At an extreme level, DevOps advocates like Amazon AWS are releasing code on average every 11 seconds. How can security keep up? On the flip side, how can DevOps keep up its release schedule when fixing security issues can be difficult and time-consuming?
How are the regulators thinking about these issues?
Made with FlippingBook - Online catalogs