By Luca Ravazzolo,
Product Manager, InterSystems
The last year has seen a gradual evolution of DevOps as the
approach has matured and continued to be adopted more widely. Since its
introduction, DevOps has changed mindsets, encouraging organisations to be more
agile and making concepts like continuous integration and continuous delivery more commonplace. A major
reason for the popularity of DevOps is that it allows organisations to capture
all processes in an auditable and replicable way. Further to this, it adapts
quickly, resulting in a low cost of change, and allows businesses to add cross-functionality
collaborations and results in working at a much higher speed.
Thanks to a similar
evolution in the cloud world, more intelligent tools are becoming available,
allowing developers to follow up DevOps processes with more discipline and
efficiency. This has led to the next iteration of DevOps: DevSecOps.
What is DevSecOps?
The issue of security is
one aspect of DevOps that, until recently, has been largely overlooked, often
due to the underlying pressure for the rapid creation of solutions and for
these to be deployed quickly. Consequently, this has meant that security hasn’t
always been a priority as including this at development stage hinders speed. Instead,
security tended to be retrofitted after a build – an approach that makes the
process more difficult. As developers and organisations have begun to realise
that this isn’t the most security-conscious or optimal way of going about it,
we are now seeing some integrate security into DevOps from the outset. This
approach means developers can alleviate any security issues at the time of
development.
Implementing DevSecOps
Currently, DevOps breaks
down any barriers between developers and operations teams, but adding security
into the picture requires there to be greater collaboration and
knowledge-sharing across the organisation. For DevSecOps to be successful,
developers and organisations must embrace a collaborative culture and recognise
that they require input from other individuals within the business with
different expertise. This requires organisations to adopt the right mindset in
which they realise the transformative power of security in the development of
solutions and collaborate with other departments. Traditionally, developers have
been focused purely on logic and algorithms, for example, and security is an
afterthought. So, if they are to embrace a DevSecOps approach, it is crucial to
involve security experts from the beginning and for the different parties to
collaborate on the development of solutions. By doing so it will be possible
for enterprises to create secure, stable and resilient solutions which will be
hugely beneficial for both the organisation and end-users.
Further to this, DevSecOps requires
continual security reviews covering everything from compliance monitoring for
PCI and GDPR to determining what the process is if security senses a threat.
Therefore, organisations should establish a review process from the moment they
think about architecting a new solution. Then they should also determine
processes for the ongoing monitoring and management of security as the code
progresses through every stage, from the developer desk to the building of the
solution and the testing of it. It’s also critical that developers receive
adequate training to ensure they are aware of security throughout the
development journey.
What’s next for DevOps?
While what the future may
hold for DevOps isn’t clear at this time, there are two prominent schools of
thought:
Firstly, it is thought
there could one day be NoOps. This is the idea that solutions will feature everything
they are required to from the outset, such as code standards, security,
libraries and legislation protocols, and that things will be completely automated,
therefore requiring people to just monitor and raise questions as they verify
the software. Technically, as everything would be automated within the software
provisioning pipeline, there would be no need for manual, human-based operations.
This could potentially guarantee a higher level of security and resilience as
everything would meet a particular standard.
The second prediction is
that instead of DevOps disappearing altogether, different types of Ops may be
developed. This could lead to the emergence of MLOps to form a machine
learning-driven operation that would be able to certify the standards that
organisations want software to be written with and even flag issues with it.
As demonstrated by the
introduction of DevSecOps, the evolution of DevOps is underway. In time, this
is likely to mean that DevOps will begin to encompass new technologies and multiple
aspects of building a new solution. Eventually, this will lead to all of the
requirements of development being brought together and an increase in
collaboration across departments. Ultimately, the end result will be new
solutions that meet the required standards and security from the outset.
