The global and independent platform for the SAP community.

DevOps and Security Belong Together

Integrating development and operation of software is the goal of every DevOps initiative. Because of the task’s complexity, many companies neglect security measures—a fatal mistake.
Oliver Köth, NTT Data
September 5, 2019
DevOps Column
avatar
This text has been automatically translated from German to English.

Is it really necessary to combine the two silos development and operation with the complex world of enterprise security? Wouldn’t that mean to curb the desired agility that comes with DevOps? As CTO of an IT service provider, I understand where these questions are coming from. Digitalization is all about speed, efficiency and agility, after all. But what is a fast, efficient system worth if it doesn’t pass basic security tests?

Experience shows that DevOps initiatives that fail in the last few phases of the project do not only mean high costs and lost revenue, but they also nip every further attempt at agility in the bud. Of course, it is complex and daunting to integrate development, operation and security from the very beginning. Security problems are often the death of many promising innovations. However, in the context of DevOps, failing early just means getting another chance to try again. The question therefore isn’t if DevSecOps should replace DevOps, but how companies can manage a smooth transition.

Same challenges as DevOps

DevSecOps initiatives face almost the same exact challenges as DevOps projects. More often than not, silo structures are not the real problem—organizational changes take care of them. No, what really thwarts innovation is the silo mindset and culture. Many people believe that developers are creative and chaotic while security experts are perceived to be pedantic and uncompromising. How would they even work together, they ask themselves, and don’t even care to try.

Good news: communication is possible! Experience shows that collaboration between developers, administrators and security experts yields faster results and is more fun for everyone involved.

Management has the most important role to play in a DevSecOps structure; even more so than during DevOps projects. Leaders have to encourage employees who want and inspire change. Open communication with those who fear or don’t want change is imperative. Asking questions is a potent tool to start discussions. There are no right answers to questions like: How can IT and business work together to create and optimize new processes? How can the company succeed even more quickly with DevSecOps?

Diversity is key for successful agile organizations. However, it can be difficult to collaborate for employees at first, after years of sticking to their own departments and silos. Even though most companies aim for Security by Design, development and security are often still two completely different worlds.

Steps for the implementation of DevSecOps

To become truly agile, companies have to successfully combine these two words. From our own experience with DevSecOps initiatives, NTT Data has compiled some practical steps on how to achieve this fusion:

  • Install a security champion program.
  • Secure development is more fun for everyone!
  • Allow specialists for development and safety to observe in the respective other department
  • Getting to know each other promotes understanding of the common task
  • Provide training opportunities
  • People want to learn—learning together promotes joint success
  • Shape the relationship between IT and business fairly
  • With increasing digitization, the old division into IT as supplier and business as customer no longer fits
  • Set common goals, which includes allowing DevSecOps teams to make decisions together.

https://e3mag.com/partners/ntt-data-deutschland-gmbh/

avatar
Oliver Köth, NTT Data

Oliver Köth is CTO at NTT Data Germany.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

FourSide Hotel Salzburg,
Trademark Collection by Wyndham
Am Messezentrum 2, 5020 Salzburg, Austria
+43-66-24355460

Event date

Wednesday, June 10, and
Thursday, June 11, 2026

Early Bird Ticket

Regular ticket

EUR 390 excl. VAT
available until 1.10.2025
EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, April 22 and
Thursday, April 23, 2026

Tickets

Regular ticket
EUR 590 excl. VAT
Subscribers to the E3 magazine
reduced with promocode STAbo26
EUR 390 excl. VAT
Students*
reduced with promocode STStud26.
Please send proof of studies by e-mail to office@b4bmedia.net.
EUR 290 excl. VAT
*The first 10 tickets are free of charge for students. Try your luck! 🍀
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2026, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.