Enterprises Look to Bake Security Into DevOps – Study

Scott Ferguson

While DevOps is still a fairly new concept to most enterprises and their development teams, security has been ingrained into the DNA of IT for some time. Now, some are trying to combine the two.

In a study conducted by DigiCert, which makes encryption and identity tools for Internet of Things (IoT) devices, the company found that nearly 98% of respondents are trying to integrate members of their security and DevOps teams.

Of the 300 senior IT, DevOps and security managers interviewed for the report, about half reported that they are in the process of integrating security and DevOps, and the other half claim that they have already completed combining the two.

Working toward a DevOps models that allows for continuous development of applications is not easy to start with, and many enterprises struggle with integrating the development side of the house with the operations side. Adding security into the mix further complicates the process, although respondents believe it's worth changing the culture.

"Going faster introduces security risks, while maximizing security often slows things down," Dan Timpson, CTO of DigiCert, wrote in the July 19 report. "The market is at a tipping point and enterprises are looking for solutions to minimize the time that it takes to integrate and to help security better fit within DevOps workflows."

In the era of increased use of cloud computing, DevOps is considered essential to the application development process, especially as companies eye digital transformation as the next big step. In order to get there, apps need to be developed, tested, sent to production and updated as quickly as possible.

Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.

However, speeding up the process leaves security holes. About 71% of those surveyed by DigiCert believe there is an increased security risk by not combining DevOps and the security team.

In the study, once DevOps and security are integrated, there are tangible benefits:

  • 22% of respondents report that development is better with security
  • 21% reported that the team is still meeting delivery deadlines
  • And 21% also believe that a combined DevOps and security team lowers risks to applications

It should also be noted that this type of project is not a quick solution. Those IT departments that have combined security and DevOps reported it took at least two years to complete.

The report also offers practical tips for integration, including appointing a "social leader" to help bridge the gap between IT, security and DevOps, as well as making investments in automation.

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
7/24/2017 | 10:51:11 PM
Re: Integration
It's great to see enterprise move toward a more secure development process. DevOps has been missing security for some time now. HPE did an interesting study of DevOps and security last year. A shocking number of respondants said security was an afterthought or not present.
7/24/2017 | 6:01:26 PM
This is a really smart best practice. In the past, integration between devops and security was not common. 

However, it's something important given the environment of 2017 and a deluge of attacks against corporate IT. Malicious actors are looking for low hanging fruit. Devops and security being closely intertwined can help thwart those issues. 
More Blogs from Scott Ferguson

For the last several years, CIOs and IT professionals have been wrestling with two specific issues as they work toward a cloud-centric future: Agile IT and the rush toward digital transformation. While enterprises want to keep innovating, finding a starting point and knowing which projects to tackle first remain a major obstacle.

To get a better handle on Agile IT and digital transformation, Light Reading Managing Editor Scott Ferguson recently spoke to two experts in these fields: Dan Kearnan, senior director of marketing for cloud at SAP, and Roy Illsley, a distinguished analyst with Ovum.

From its roots in industrial farm machinery and other equipment, John Deere has always looked for a technological edge. About 20 years ago, it was GPS and then 4G LTE. Now it's turning its attention to AI, machine learning and IoT.
Artificial intelligence and automation will become more integral to the enterprise, and 90% of all apps will have integrated AI capabilities by 2020, according to Oracle CEO Mark Hurd.
IBM is now offering access to Nvidia's Tesla V100 GPUs through its cloud offerings to help accelerate AI, HPC and other high-throughput workloads.
CIO Rhonda Gass is spearheading an effort to bring more automation and IoT to the factories making Stanley Black & Decker tools and other equipment.
Featured Video
Upcoming Live Events
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events