Why DevOps Needs Security
DevOps done right must include an information security component. Countless surveys,
Each of us as an employee of a company have a common goal – to enable to business to meet its strategic objectives. As a Dev, Ops or Security professional, we need to understand how our role within the company fits into the company objectives. I argue that security is the responsibility of everyone. No matter how fast the velocity of a DevOps organization, if what they produce is not supportive of confidentiality, integrity and availability then they have failed. Including security in everything that you do is part of enabling the business to meet its strategic goals. Even DevOps needs security.
Use Security to Build Trust
Customers, partners and stakeholders want to know if they can trust the systems and software that a company produces and maintains. They ask the company, “Can I trust you with my valuable information whether it be intellectual property, personal information or other?”. Demonstrating security in everything you do is one method to build trust. Its important that a DevOps team show their security knowledge, process and tools even before the customer asks for proof. A few ways to demonstrate a sense of trust is by being transparent or meeting regulatory and compliance requirements. A combined solution of DevOps with security is a road to increased trust.
While these are only two reasons why DevOps needs security, they are important starting points for any upcoming or entrenched DevOps manager. Including the means to demonstrate to your customers and stakeholders why your systems are trustworthy and enable business objectives are critical. The practice of lean security helps ensure that one does not build within a vacuum and takes into account the larger strategic goals of a business as a whole