First, let’s get our definitions in order. DevOps is the term coined to describe the integration and collaboration between two previously separated groups within a software organization: Development and Operations. In a typical software organization, development builds the software, using product-led requirements, and delivers features. Operations is typically concerned with delivery of releases and general system stability. Traditionally, both groups have represented divergent priorities: Features vs. Stability. Since development teams are under pressure to deliver features, any and all barriers to delivery are generally regarded as detrimental to productivity. Since operations teams are under similar pressure to maintain stability of systems, any change, especially under tight timelines, will naturally cause instability concerns. Amidst this functional chasm, security is often added after the fact, and haphazardly. From a dev perspective, security often is involved during the requirements stage, doing a “once-over” of requirements, and attempting to set general guidelines. From an ops perspective, security is often involved pre-delivery, attempting to certify an application that is already ready to go. The movement towards DevOps is intended to help misaligned organizations cross this divide. Paul Duvall, writing for GigaOM Pro, states it this way:
“The most fundamental change in collaboration is for organizations to recognize they only have one team: a delivery team. An organization does not consist of development versus operations or database administrators (DBA) versus QA. The one delivery team is composed of developers, QA, DBAs, business analysts, operations engineers, and, ideally, customers or proxy users.”Breaking down barriers and reducing cycle times with DevOps and continuous delivery,”
A continuous approach to security
Our industry is solving the misaligned organization problem by integrating groups, creating cross-functional teams, and training team members on new skills outside their specific area of expertise.
At Malauzai, we’ve woven security into the fabric of DevOps. Security is addressed from the outset of any new feature, with product management’s lead. Our product management team considers security concerns and issues along with any new feature requirement. We employ third-party and internal tools to continuously monitor our networks and applications. A continuous approach to security also allows any software organization to proactively respond to the ever-changing security landscape, and to continue to quickly grow and improve security practices and procedures.
Certainly no process or procedure is perfect, but a security process that is agile, and integrated deeply into the software development and deployment lifecycle is the most prepared to face an ever increasing, ever changing security environment.
These efforts are a sampling of many processes and procedures that Malauzai is implementing to help protect our customers. Is it perfect? No. No process or procedure can ever be perfect. Security threats change daily, and we are working hard to proactively protect our customers and their end users.