Uniting the tribes: DevOps and security


The keynote talk at ECC 2019 was delivered by Paul Schwarzenberger, Cloud Security Architect and DevSecOps Specialist, Insight Investment.

Below is my perspective on his expertly delivered presentation, which was centered on that most vexed of issues, uniting the tribes within the enterprise landscape.

• Uniting seemingly disparate forces within an enterprise is one of the key concerns for business leaders. These concerns cut across all industry sectors regardless of company size, product offering and market capitalization

• Historical structures can be regarded as being compartmentalized into product management, developers, quality assurance and operations. Such compartmentalization leads to a lack of cross-departmental learning, the limiting of operational efficiency, a slowdown in getting product offerings to market and the misidentification of ongoing issues which require team attention

• The DevOps and DevSecOps model seeks to unite application and development, which in turn supports agile working, with each version of the application released to development in order to allow DevOps teams to develop applications and support production. Embedded within this are product managers and testers.

• DevSecOps combines DevOps and security in order to support developmental operations and increase the security posture of an enterprise. Shifting security to the left conceptualizes security as code, enhances technical capabilities, improves workplace culture, develops organizational capabilities and encourages continuing professional development

• The technical nature of DevSecOps leads to an environment in which policy is code, security tests occur in the pipeline and ensure continuous compliance; creating a stream composed of prevention, detection and remediation in real time rather than relying on reactiveness

• The prioritization of security in DevOps also achieves senior management buy-in for security features, brings together separate security departments and creates champions from non-security elements of the business

• Uniting the tribes within an enterprise leads to the breaking down of silos, improved cross-functionality, increased product to market speed and resolution of issues in real time.