DevSecOps – for a successful digital transformation journey!
This is our multi part blog providing introduction to DevSecOps challenges organisations face while adopting DevSecOps, commercial and opensource tools you can use in DevSecOps and actionable nuggets to fasttrack DevSecOps adoption in your organisation.
Security is the biggest challenge in every industry today, from Oil and gas to Telecom, Media to Education, which can have devastating consequences if not well thought of, designed, implemented and managed properly. In the recent past we have witnessed many landmark cases where well known vulnerabilities were exploited to cause severe damage to the organisation’s reputation and finance.
With ever increasing and changing business needs, changing technological landscapes, businesses are going through massive digital transformation to cater to those requirements. With this digital transformation, there is unprecedented pressure on software delivery teams to be innovative and agile and to be a perfect software delivery machine. But with this speed, agility, innovation and transformation, comes the biggest challenge – Security!
Journey from Agile to DevOps to DevSecOps
With the introduction of Agile to the software development projects in 2000s, the pace of software delivery increased however, teams were still in Silos and endless saga of blame game between Dev, QA and Prod teams continued. Considering all the challenges in Agile, a new methodology of integrating Development and Operations were introduced to work as one unit and was called DevOps.
DevOps encouraged the increased collaboration between development and Operations teams setting the strong foundation from the initial phases to the full software development lifecycle – designing, building, testing, deploying and Operations phases. This approach not only increased the software delivery pace but also reduced time to market while being agile. With the maturity of tools and processes, DevOps focused more on automation rather than manual processes starting from build to test to release automation.
While there was increased collaboration between teams in DevOps and software was delivered at the pace businesses required, there was still a big challenge in the entire process – Security!
To answer the security challenges in the DevOps methodology – DevSecOps was introduced to build a coherent and effective approach to software delivery. It is a new method that helps identify security issues early in the development process rather than after a product is released. DevSecOps emphasis on fixing security flaws, by building security into every stage of the development process, from the requirement stage onwards.
There are numerous advantages of adopting DevSecOps
- It ensures Secure by design principle – As security testing is done at every layer of the software development lifecycle using automated tools, all security vulnerabilities are detected at various layers and fixed before application is rolled out in production.
- Increased collaboration – as security is built in DevOps (and Not Bolted on), it further enhances the interaction and collaboration between development and operations team and enables the culture of openness and transparency.
- Reduced cost – as code is tested at every layer, any potential flaw or vulnerability is discovered and fixed at the out-set which helps team to reduce cost.
- Immutable infrastructure – The key elements of DevOps and DevSecOps is building, testing and deployment of code using IaC, automation and pipelines (Continous integration and continuous development). Incase of any incident where any component is compromised, a new instance / node of the component is instantiated automatically with new set of credentials using IaC.
- Increased speed of recovery – Incase of any incident, entire stack can be redeployed using IaC.
Successful DevSecOps enablement in the organisations involve three key pillars
In our next blog, we will focus on each of these pillars in detail and how to structure these pillars to lay strong foundation of DevSecOps in the organisation.Share on Facebook Share on Twitter Share on Pinterest