Whitepaper Chapter 2: Security
Security has been listed as a top CIO concern for the last decade. It became a top 5 concern in 2015. Nearly one-third of CIOs in the SIM annual report selected security as a priority for 2016.
Why is this a CIO priority?
Security is a must have in 2016. In an age of social media and digital payments, where the number of internet-connected devices is expected to reach 50 billion by 20209, who doesn’t believe that all of this data needs to be secure?
Security issues have been at the forefront of the news in recent years. Companies from TalkTalk to Facebook have suffered privacy leaks. Hackers are getting cleverer too: there’s an ever-increasing number of different types of security threats that companies need to be aware of, and the total cost of a data breach is up 23% since 2013.
How can DevOps help?
DevOps cannot completely eliminate cyber risk. Nonetheless, high performing DevOps organisations spend 50% less time remediating security issues than low performers. These three characteristics of allow companies to actively respond to, and combat threats:
1. DevOps is fast
Security has become a critical issue as companies across industries have sped up their processes to keep up with digitalisation and disruption. Using DevOps allows companies to take advantage of speed for extra security. Because, to go fast (and maintain the same or higher levels of quality), DevOps teams have to understand the entire ecosystem that they are working in – from code to config to deployment.
That’s because an organisation is only as fast as its slowest point: and misunderstanding in individual processes hinders the process as a whole.
DevOps helps to ensure that this understanding is engrained in company culture, which leads to a reduction in the number of gaps to system access, and improved security.
“[DevOps’] shorter cycle rate means not only new features but also quality and security improvements delivered in an impactful way for customers.”
2. DevOps is collaborative
The DevOps culture of collaboration and shared responsibility means that cross-functional teams share security responsibilities: “quality and security are everyone’s responsibility”.
In other words, software developers work closely with the teams that will be testing for security issues, minimising room for error through increased transparency.
3. DevOps is automated
DevOps puts into place automated processes. These processes minimise human error and enable problems to be fixed more quickly.
Within a DevOps environment, computers monitor and maintain vast infrastructures. They continually check and update config to correct any inconsistencies and potential vulnerabilities, seamlessly.
In fact, the DevOps testing regime is so rigorous that the mean time to recovery after discovering an issue is sped up by 24 times.
Specific DevOps tools such as the Black Duck Hub provide specific automation around security. Black Duck checks code before it even reaches testing or production stages – so that apps with any form of vulnerability such as Heartbleed have little chance of getting out.
“A large proportion of testing is now performed automatically every night on the integrated code base, providing fast feedback for developers and significantly reducing the likelihood of errors getting to production.”
This chapter is taken from the Forest Technologies (now ECS Digital) Whitepaper, “CIO guide to DevOps: The value behind the hype“, released June 2106. To download the full whitepaper, for free, follow the link below.