While DevOps is still a fairly new concept to most enterprises and their development teams, security has been ingrained into the DNA of IT for some time. Now, some are trying to combine the two.
In a study conducted by DigiCert, which makes encryption and identity tools for Internet of Things (IoT) devices, the company found that nearly 98% of respondents are trying to integrate members of their security and DevOps teams.
Of the 300 senior IT, DevOps and security managers interviewed for the report, about half reported that they are in the process of integrating security and DevOps, and the other half claim that they have already completed combining the two.
Working toward a DevOps models that allows for continuous development of applications is not easy to start with, and many enterprises struggle with integrating the development side of the house with the operations side. Adding security into the mix further complicates the process, although respondents believe it's worth changing the culture.
"Going faster introduces security risks, while maximizing security often slows things down," Dan Timpson, CTO of DigiCert, wrote in the July 19 report. "The market is at a tipping point and enterprises are looking for solutions to minimize the time that it takes to integrate and to help security better fit within DevOps workflows."
In the era of increased use of cloud computing, DevOps is considered essential to the application development process, especially as companies eye digital transformation as the next big step. In order to get there, apps need to be developed, tested, sent to production and updated as quickly as possible.
Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.
However, speeding up the process leaves security holes. About 71% of those surveyed by DigiCert believe there is an increased security risk by not combining DevOps and the security team.
In the study, once DevOps and security are integrated, there are tangible benefits:
- 22% of respondents report that development is better with security
- 21% reported that the team is still meeting delivery deadlines
- And 21% also believe that a combined DevOps and security team lowers risks to applications
It should also be noted that this type of project is not a quick solution. Those IT departments that have combined security and DevOps reported it took at least two years to complete.
The report also offers practical tips for integration, including appointing a "social leader" to help bridge the gap between IT, security and DevOps, as well as making investments in automation.
— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.