Page 18 - GCN, Feb/Mar 2018
P. 18

DevOps: Greater
than the sum of its parts
The discipline’s links to cloud and automation make it central to any adaptive cybersecurity strategy
Rick Howard
Chief Security Of cer, Palo Alto Networks
and operations into two distinct teams has created con ict over vocabulary, risk assumptions, technical problem-solving and product requirements. The result is often a lack of mutual trust and respect.
By contrast, DevOps involves recognizing that application development is a system
of systems. Under the old waterfall methodology, somebody would build a proof of concept, which would be sent to the quality control experts. Once they were done with
it, they would throw it to the IT operations group — and never think about it again.
With DevOps, organizations can rapidly develop applications across all areas of expertise. The discipline is
based on the premise that the process of developing, conducting quality assurance, deploying, maintaining and incorporating security into IT systems is similar to
a manufacturing production line. In
this case — where the raw material is source code and the  nished product is
a cloud-based application — the process
of continuous integration and automated testing mirrors the best production lines in the manufacturing world.
Furthermore, DevOps practitioners seek to avoid shortcuts that can lead
to security vulnerabilities and other weaknesses. It is a more thoughtful, holistic approach to development because everyone is working together to develop, automate and use a continuous delivery pipeline.
Agile and automated
Automating tasks is a force multiplier and can be used to ensure consistency across an organization. DevOps presents
AS AGENCIES SEEK to develop more  exible, robust strategies for responding to today’s complex threat landscape, they shouldn’t overlook the key role DevOps can play.
The agile, collaborative nature of DevOps perfectly complements the multidisciplinary nature of adaptive cybersecurity, and its connection to cloud technology and automation has profound implications for agencies’ abilities to build
and execute modern strategies to protect their systems.
I talk to a lot of network defenders in the public and private sectors who say they have DevOps teams. But if I probe deeper, I  nd that many of them think simply moving their apps to the cloud is DevOps. That’s not it at all.
A digital production line
The traditional separation of development
Kalakruthi/Shutterstock/GCN Staff
By capitalizing on the automation that DevOps and cloud technology allow, some organizations are deploying apps 10 times per day instead of once every two years.

   16   17   18   19   20