6 Ways DevOps Can Supercharge Security
Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.
August 2, 2018
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt5a56413766b74ead/64f0d690da11c4112a71041d/01-supercharge.jpeg?width=700&auto=webp&quality=80&disable=upscale)
As the DevOps movement goes mainstream, IT security leaders have one of the best opportunities in a generation to significantly move the needle on protecting against cybersecurity risk across the entire IT stack.
DevOps' emphasis on cross-functional teaming, incremental improvements, and continuous delivery of software makes it the perfect model to finally integrate security directly into the IT delivery rather than tacking it on as an afterthought.
Here are six ways that DevOps stands to boost security practices.
All of that automation begets some very excellent telemetry for security organizations. In fact, traceability, consistent measurement, and looping this feedback into developer processes is a fundamental building block of DevOps practices.
Security teams can benefit from this in two ways: First, security-specific automation will afford them better visibility into software risks. Second, when they work closely with DevOps engineers, they can also tap into more generalized IT metrics that may give them improved security visibility into infrastructure performance and anomalies once the software goes live.
The heavy use of infrastructure-as-code, containerization, and orchestration systems in DevOps environments greatly reduces the legwork necessary to deploy and enforce standard system configuration in both developer and production environments. That's a huge boon for security teams, for which misconfigurations are a constant source of data breaches and other security incidents.
"From an operational and security perspective, many of the modern container and workload orchestration systems include automated health monitoring and alert upon deviation from the expected state. If the workload is behaving oddly or drifts too much, it can be removed from the pool of active resources and replaced with a workload spun up from a known good state," state Gartner analysts Neil MacDonald and Ian Head in a recent analysis.
While it's sometimes overshadowed by confidentiality and integrity concerns, a classic security mandate is to ensure IT availability. DevOps goes a long way toward helping IT organizations improve their operational resiliency across the board.
According to the study from Puppet Labs, the top DevOps teams have a 96-times faster mean time to repair than other IT organizations. While it might only take the top teams less than an hour to fix performance problems, downtime, and other issues with their software, it could take non-DevOps teams anywhere between a day and a week to fix them.
While it's sometimes overshadowed by confidentiality and integrity concerns, a classic security mandate is to ensure IT availability. DevOps goes a long way toward helping IT organizations improve their operational resiliency across the board.
According to the study from Puppet Labs, the top DevOps teams have a 96-times faster mean time to repair than other IT organizations. While it might only take the top teams less than an hour to fix performance problems, downtime, and other issues with their software, it could take non-DevOps teams anywhere between a day and a week to fix them.
As the DevOps movement goes mainstream, IT security leaders have one of the best opportunities in a generation to significantly move the needle on protecting against cybersecurity risk across the entire IT stack.
DevOps' emphasis on cross-functional teaming, incremental improvements, and continuous delivery of software makes it the perfect model to finally integrate security directly into the IT delivery rather than tacking it on as an afterthought.
Here are six ways that DevOps stands to boost security practices.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024