{"id":54926,"date":"2018-11-08T08:00:02","date_gmt":"2018-11-08T07:00:02","guid":{"rendered":"http:\/\/e3mag.com\/?p=54926"},"modified":"2025-07-18T11:10:51","modified_gmt":"2025-07-18T09:10:51","slug":"security-devops-devsecops-middle","status":"publish","type":"post","link":"https:\/\/e3mag.com\/en\/security-devops-devsecops-middle\/","title":{"rendered":"DevOps in the Middle"},"content":{"rendered":"

We all still remember when in 2009, Flickr initiated a process of rethinking in development management with a presentation titled \u201c10+ deploys per day: Dev and Ops Cooperation\u201c. At that point in time, development and operations were strictly separated. After the development team finished the product, the operators implemented it. Errors which became apparent after implementation were reported to the staff in development. They then proceeded to fix those errors outside of the business environment.<\/p>\n

This time-consuming methodology suppresses innovation, especially in web application development. With DevOps, developers and operators should now be in the same boat. Smaller updates with much, much shorter lifecycles should be deployed in a productive environment. Consequently, numerous tasks become mostly automated and are continuously operated in the background. Errors are therefore recognized and addressed much earlier. The whole process from development to operation should become more agile and faster.<\/p>

\"Fullsize\"<\/a><\/div>\n

SAP and DevOps<\/h2>\n

According to the \u201cTrend Study DevOps 2017\u201c, roughly half of all companies in Germany use DevOps, and in most cases, they are still working on the first step, the implementation of DevOps. Regarding SAP systems which traditionally are much more segmented than others (OS\/Datacenter, DB, base, application), this number could be much lower. That\u2019s because with mission-critical applications, the motto \u201cNever touch a running system\u201c is much more common as with other web-based applications.<\/p>\n

What is more, many DevOps concepts, like continuous integration and automated unit tests, are difficult to integrate into traditional SAP development processes. Before even arriving in a SAP environment, DevOps is therefore already outdated.<\/p>\n

Security should be incorporated into the development process early on. That\u2019s because security plays a part in the operating of applications, and functional defects carry the risk of the results of an agile DevOps process to be sent back to the drawing board.<\/p>\n

Preventing security leaks at an early stage<\/h3>\n

It is precisely this approach that DevSecOps is promoting. Security experts should not only be tasked with safeguarding the finished product, but also with recognizing and ideally preventing security leaks\u2014which can turn into severe problems in business operations\u2014early on in the software development lifecycle.<\/p>\n

Even if some DevOps concepts are not completely compatible with SAP development, it remains fact that a lot of \u201ccritical\u201c or \u201chot topic\u201c security notes of the last years could have been avoided by holistic integration of security in the development process. The same goes for the on average two million lines of custom code in SAP systems.<\/p>\n

Tools that make agile DevSecOps approaches possible are numerous in the SAP world: from excellently integrated tools for statistical code analytics, Static Code Security Testing (SAST), to test automation of packaged solutions.<\/p>\n

Such tools, mixed with the continuous cooperation and combined brain power of SAP developers, security experts and operation teams, lead almost inevitably to the prevention of obvious security leaks in custom code. Security is integrated into the code instead of retrospectively administered.<\/p>\n

Considering the average costs of a SAP security breach which, according to a study by the Ponemon institute, amount to 4.5 million U.S. dollars, the motivation of companies to deploy DevSecOps concepts also for SAP application development should be very high. Maybe the perfect buzzword would give companies a jump start in motivation? If this is the case, I am more than happy to provide them with the term DevSecSAPOps.<\/p>","protected":false},"excerpt":{"rendered":"

What does this country need? New buzzwords! After DevOps, DevSecOps is now the topic of the day, and with it comes the much needed discussion about security in software development and business processes.<\/p>","protected":false},"author":1510,"featured_media":15608,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"pmpro_default_level":"","footnotes":""},"categories":[21,7,25552],"tags":[451,236],"coauthors":[22523],"class_list":["post-54926","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it-security","category-meinung","category-mag-1810","tag-devops","tag-sap","pmpro-has-access"],"acf":[],"featured_image_urls_v2":{"full":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",1000,431,false],"thumbnail":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-150x150.jpg",150,150,true],"medium":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",400,172,false],"medium_large":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-768x331.jpg",768,331,true],"large":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",1000,431,false],"image-100":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-100x43.jpg",100,43,true],"image-480":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-480x207.jpg",480,207,true],"image-640":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-640x276.jpg",640,276,true],"image-720":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-720x310.jpg",720,310,true],"image-960":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-960x414.jpg",960,414,true],"image-1168":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",1000,431,false],"image-1440":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",1000,431,false],"image-1920":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",1000,431,false],"1536x1536":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",1000,431,false],"2048x2048":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",1000,431,false],"trp-custom-language-flag":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",18,8,false],"bricks_large_16x9":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",1000,431,false],"bricks_large":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",1000,431,false],"bricks_large_square":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",1000,431,false],"bricks_medium":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",600,259,false],"bricks_medium_square":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security.jpg",600,259,false],"profile_24":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-24x24.jpg",24,24,true],"profile_48":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-48x48.jpg",48,48,true],"profile_96":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-96x96.jpg",96,96,true],"profile_150":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-150x150.jpg",150,150,true],"profile_300":["https:\/\/e3mag.com\/wp-content\/uploads\/2017\/03\/It-Security-300x300.jpg",300,300,true]},"post_excerpt_stackable_v2":"

Neue Buzzwords braucht das Land! Nach DevOps ist nun DevSecOps das Hype-Thema du jour und r\u00fcckt endlich auch Security in das Zentrum des Softwareentwicklungs- und Betriebsprozesses.<\/p>\n","category_list_v2":"IT-Security Kolumne<\/a>, Die Meinung der SAP-Community<\/a>, MAG 18-10<\/a>","author_info_v2":{"name":"J\u00f6rg Schneider-Simon, Bowbridge Software","url":"https:\/\/e3mag.com\/en\/author\/joerg-schneider\/"},"comments_num_v2":"0 comments","_links":{"self":[{"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/posts\/54926","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/users\/1510"}],"replies":[{"embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/comments?post=54926"}],"version-history":[{"count":1,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/posts\/54926\/revisions"}],"predecessor-version":[{"id":152621,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/posts\/54926\/revisions\/152621"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/media\/15608"}],"wp:attachment":[{"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/media?parent=54926"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/categories?post=54926"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/tags?post=54926"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/coauthors?post=54926"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}