Embracing DevSecOps
DevSecOps mitigates application vulnerabilities by integrating security into the development process. Chris Zinn, Solution Architect, Help AG and Nicolai Solling, Chief Technology Officer, Help AG explain why enterprises must embrace this practice and what are the opportunities for the channel.
What are the trends driving the evolution and adoption of DevSecOps?
Chris: The most important driver is the business’s need for agility. Enterprises want a more reliable and robust way for their IT teams to deliver on business objectives. That has created the culture of DevOps, but security has always been a stumbling block. Unfortunately, IT teams could not meet time-to-market goals because of security requirements. DevSecOps hopes to achieve that and help alleviate those gaps by introducing security early on. And in terms of technology, there are several factors. Initially, the conversation was about how do we survive during the pandemic. Now, that has changed – how do we survive in the post-Covid world? How can we enable employees to work from home and hybrid locations in a secure manner? DevSecOps addresses some of these concerns by introducing security from a software supply chain perspective.
What is the difference between DevOps and DevSecOps?
Chris: DevOps was a natural evolution from the old software development lifecycle that used to exist when we followed the waterfall-type approach. So historically, it was a case of doing the design phase, followed by the development, testing, and then code release. And that used to take a long time, and IT became not an enabler but rather an inhibitor to business performance. DevOps solves these problems by introducing agility. DevSecOps doesn’t necessarily look at faster, better delivery but at rapid, reliable security. So instead of just looking at how we release software, it is about how we release secure software. It is about introducing security from day one, not as an afterthought.
Is DevSecOps critical to digital transformation?
Chris: Absolutely. I recently read a study that reveals that 98% of business leaders believe that DevSecOps is the key to digital transformation. And I believe that for two particular reasons. First, we want to empower our development teams to take security-related actions early on. Secondly, we want to empower the traditional security teams to leverage some of the benefits DevOps has introduced – infrastructure as a code, continuous delivery, and security as a code.
What are the channel opportunities in this domain?
Nicolai: From a channel perspective, there are a lot of opportunities for us. If you take a step back and think about what is empowering DevSecOps, or DevOps for that matter, it’s many different things. So Chris was talking a little about Covid and how organisations are starting to think about applications as a business enabler. If you look at some of the requirements or ingredients required to perform DevOps, we have begun to see those modern platforms being created by cloud service providers. So the likes of AWS, Google, and Microsoft have created capabilities in their Cloud offerings to support the infrastructure that is required for modern, agile application frameworks. And because these service routers are starting to be here in the UAE, we’re seeing customers thinking about this as a real delivery method. What’s also quite interesting right now is that many of the clients going on this specific cloud journey and benefiting from the cloud are re-engineering their platforms to fit these new environments. However, they are also starting to reconsider how they do stuff on-prem. So actually, DevOps is not just a cloud phenomenon. It’s also something that’s happening on-prem in customer environments today.
One of the reasons I think this is a channel opportunity is because if you look at digital transformation as a whole and think of DevOps as one of its enablers, there is more and more dependency on IT systems to make business decisions effectively. This means that your business will be severely impacted if these environments are not operating correctly. One of the biggest challenges that we see today is security. It must be inherent and embedded into the develop process early on – right from when applications are being written. We enable security to be part of that specific process, which is why I think we have some exciting opportunities as well as challenges.
