6 Lessons IT Security Can Learn From DevOps
DevOps has taken over enterprise software development. The discipline has lessons for IT security — here are a quick half-dozen.
DevOps has largely taken over the enterprise software development world. The mashup of software development and IT operations has brought faster software releases and more responsive application development to many organizations. And we know the big question left on everyone’s minds: What lessons can IT security learn from all of this?
Now, some organizations learned the lesson that they wanted to wrap security into all the DevOps goodness, so DevSecOps was born. But this article is about the lessons that the security team can learn even if they’re not ready to completely be assimilated into the development and operations organizations. Are there things that pure DevOps gets right — things that can make the security group better?
The answer, in many cases, is “of course there are.” There’s no real question that the business environment changes more quickly than was once the case, and 2020 has driven home the lesson that profound changes can be required on an intensely short timeline. Would hewing to the DevOps discipline help when those rapid changes are required? Let’s find out.
The half-dozen lessons on this list were compiled from our research on how software developers and security professionals are using DevOps concepts, Agile and DevOps conferences we attended, and conversations with security professionals in the last year. They could be considered by just about any IT security team regardless of their organization’s security philosophy. Most can be adopted without changing vendors or toolsets, and the majority wouldn’t even require a radical re-alignment with other IT groups. What they do require is being willing to see security from a different perspective — one that puts agility and responsiveness on the same level as most other security priorities and recognizes that protecting against today’s threat is as important as protecting against last year’s danger.
Let us know whether your security team has adopted any of the devops principles in its operations, or whether you’ve gone full “DevSecOps” in your organization. Or so you see DevOps talk as just a fad — something that is a distraction from the real business of protecting assets? Share your thoughts in the comment section.
This article originally appeared on darkreading.com To read the full article and see the images, click here.
Nastel Technologies helps companies achieve flawless delivery of digital services powered by middleware. Nastel delivers Middleware Management, Monitoring, Tracking and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s Navigator X fuses:
- Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
- Raw information handling and analytics speed
- End-to-end business transaction tracking that spans technologies, tiers, and organizations
- Intuitive, easy-to-use data visualizations and dashboards
Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering tools for Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT, IBM Cloud Pak for Integration and many more.
The Nastel i2M Platform provides:
- Secure self-service configuration management with auditing for governance & compliance
- Message management for Application Development, Test, & Support
- Real-time performance monitoring, alerting, and remediation
- Business transaction tracking and IT message tracing
- AIOps and APM
- Automation for CI/CD DevOps
- Analytics for root cause analysis & Management Information (MI)
- Integration with ITSM/SIEM solutions including ServiceNow, Splunk, & AppDynamics