{"id":60280,"date":"2019-09-05T08:00:08","date_gmt":"2019-09-05T06:00:08","guid":{"rendered":"http:\/\/e3mag.com\/?p=60280"},"modified":"2025-07-02T11:39:03","modified_gmt":"2025-07-02T09:39:03","slug":"devops-security-belong-together","status":"publish","type":"post","link":"https:\/\/e3mag.com\/en\/devops-aber-sicher\/","title":{"rendered":"DevOps and Security Belong Together"},"content":{"rendered":"

Is it really necessary to combine the two silos development and operation with the complex world of enterprise security? Wouldn\u2019t that mean to curb the desired agility that comes with DevOps? As CTO of an IT service provider, I understand where these questions are coming from. Digitalization is all about speed, efficiency and agility, after all. But what is a fast, efficient system worth if it doesn\u2019t pass basic security tests?<\/p>\n

Experience shows that DevOps initiatives that fail in the last few phases of the project do not only mean high costs and lost revenue, but they also nip every further attempt at agility in the bud. Of course, it is complex and daunting to integrate development, operation and security from the very beginning. Security problems are often the death of many promising innovations. However, in the context of DevOps, failing early just means getting another chance to try again. The question therefore isn\u2019t if DevSecOps should replace DevOps, but how companies can manage a smooth transition.<\/p>

\"\"<\/a><\/div>\n

Same challenges as DevOps<\/h3>\n

DevSecOps initiatives face almost the same exact challenges as DevOps projects. More often than not, silo structures are not the real problem\u2014organizational changes take care of them. No, what really thwarts innovation is the silo mindset and culture. Many people believe that developers are creative and chaotic while security experts are perceived to be pedantic and uncompromising. How would they even work together, they ask themselves, and don\u2019t even care to try.<\/p>\n

Good news: communication is possible! Experience shows that collaboration between developers, administrators and security experts yields faster results and is more fun for everyone involved.<\/p>\n

Management has the most important role to play in a DevSecOps structure; even more so than during DevOps projects. Leaders have to encourage employees who want and inspire change. Open communication with those who fear or don\u2019t want change is imperative. Asking questions is a potent tool to start discussions. There are no right answers to questions like: How can IT and business work together to create and optimize new processes? How can the company succeed even more quickly with DevSecOps?<\/p>\n

Diversity is key for successful agile organizations. However, it can be difficult to collaborate for employees at first, after years of sticking to their own departments and silos. Even though most companies aim for Security by Design, development and security are often still two completely different worlds.<\/p>\n

Steps for the implementation of DevSecOps<\/h3>\n

To become truly agile, companies have to successfully combine these two words. From our own experience with DevSecOps initiatives, NTT Data has compiled some practical steps on how to achieve this fusion:<\/p>\n