Back

Expert insight: Why DevSecOps and what’s different about it? (Part 1)

DevOps is an approach to software development and IT operations processes that incorporates Agile methodologies. Its core principles of empowerment, automation, and collaboration between development and operations drives efficiencies, quality improvements and profitability.

Traditionally, security was seen as an essential add-on that received attention once the application had been developed. In our new world of cloud platforms, microservices, containers and an improved approach to development + operations (DevOps!), leaving security to the end does not work. A new approach is needed to keep pace with todays’ advances. That approach is DevSecOps.

How is DevOps security different from traditional security?

DevSecOps is an extension of DevOps; emphasizing security at each stage of the software development life cycle. It integrates security with DevOps by addressing issues as they emerge within Continuous Integration (CI) and Continuous Delivery (CD) pipelines.  In traditional software development, the process followed a “waterfall” model – a sequential system, divided into phases. The output of one phase forms the input of the next. Different teams following a traditional waterfall model typically work independently with the model often introducing security testing only during the last stages.  The process results in several changes until the product complies with the recommendations of the security team. The endless changes and patches make the development process longer and more expensive.

In a DevOps environment, developers and operations teams work side by side throughout the entire process of developing, deploying, and managing applications – and security is a consideration the whole way though.  The nature of DevOps is continuous, with constant collaboration and iterative improvements throughout the entire lifecycle. Teams that practice DevSecOps release deliverables more frequently, with higher quality and stability and increased security. By increasing the frequency and velocity of releases, DevOps teams improve products rapidly and with integrated active security audits and security testing, the end result reduces the compliance issues faced by all organisations.

*To be continued in Part 2*

 

Eileen O'Mahony

Eileen O’Mahony (General Manager, WM Promus)

 

 

 

25th November 2022

Topics

Related Resources

Events

Red Hat + WM Promus seminar: Considering new virtualization technology options? Automate the migration journey

Blog

Expert Insight: Survey Reveals Majority of Organisations Want DevOps? DevOps Jumpstarts are on the rise!

Recently Added

Videos

Cybersecurity Services Presented by WM Promus

Events

Red Hat + WM Promus seminar: Considering new virtualization technology options? Automate the migration journey