Skip to main content
close search
site logo
Dive Brief

Why DevOps is the answer to reducing security flaws and risk

Published June 7, 2018
Naomi Eide's headshot
Managing Editor
Naomi Eide for CIO Dive

Dive Brief:

  • Confusion persists around DevOps because the term "has been used and abused so much it's lost all meaning," said Mark Nunnikhoven, VP of cloud research for Trend Micro, speaking Tuesday at the Gartner Security and Risk Management Summit in National Harbor, Maryland. DevOps tools have emerged and organizations have marketed "DevOps people." But at its core DevOps is a philosophy designed to balance two formerly disparate parts of an organization: development and operations.

  • Focusing on people, process and products, DevOps has gained ground in the enterprise, and delivery pipelines with constant feedback loops are creating more efficiency. From a security perspective, DevOps has the potential to create "a culture of collaboration that reduces risk by decreasing the size of changes to production environments," Nunnikhoven said.

  • Companies inherently reduce risk by making smaller changes at once, said Nunnikhoven. Larger deployments might have thousands of lines of code, making it a frustrating task to track down the root of the flaw. But with a more DevOps mindset, companies can deploy numerous times a day, rolling out small, iterative product changes as opposed to big changes all at once.

Dive Insight:

The goal of security is to make things work as intended. And the best way to do that is to work with business stakeholders to create more secure development processes. But it's not DevSecOps, Nunnikhoven said. "Not a thing."

Security should be embedded in the development process, not an additional auditing step, which favors more outdated perimeter approaches to security.

Organizations that "shift left" and spend more time in the development production environment will allow security teams to educate and secure by influence throughout the stages of the development pipeline. The earlier a company finds a bug, the easier it is to fix it, said Nunnikhoven.

But Dev and Ops doesn't work magically in tandem without some process changes.

"I want to talk to you about soft skills" — a request that may have once struck fear into engineers' hearts — has become a mainstay of how technology functions in an organization. Cross-organization DevOps buy-in will create a more seamless adoption process.

Security also needs to take up its true role and promote awareness and security education. Breaking down silos and allowing security teams to be a part of the developer process earlier will allow more issues to be caught in production, reducing released risk.

Filed Under: IT Strategy, Security

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell