DevOps helping Teams with IT Security

With the continued growth of mobile technology and Cloud Computing leading more users to embrace eCommerce, there has been a subsequent increase in cases of identity theft, ransomware, and other forms of cybercrime. Nefarious agents – essentially hackers – are finding more targets on a daily basis. This puts the onus on software developers to ensure their web application remain as secure as possible. Enter DevOps.

Application engineering firms are now leveraging the faster development speed provided by DevOps to ensure their software products – and user base – stay protected from cyber criminals. Let’s take a closer look at how this modern methodology helps teams with cybersecurity.

Automating Security in Software Development

One of the most important technical principles within DevOps is the use of automation to make certain aspects of the software engineering process more efficient and subsequently faster. According to a recent article in InfoWorld, automated routines are also helping teams implement cybersecurity throughout the software development life cycle. In the past, adding security routines to a codebase was cumbersome; this is apparently no longer the case.

A 2017 survey on “DevSecOps” by Sonatype noted a change in how developers felt about adding cybersecurity routines to their applications. 84 percent of the respondents now feel coding application security routines is a necessary safety measure, as opposed to something hampering their creativity or delaying the release date of the application. The increased use of automation to build security into software is one of the reasons for this change in attitude.

Wayne Jackson, Sonatype’s CEO noted the advantages of leveraging DevOps for application security. “DevOps is not an excuse to do application security poorly; it is an opportunity to do application security better than ever,” said Jackson. His company’s survey also noted that the organizations who have no issues adding application security tend to be the same ones with a mature implementation of DevOps itself.

Faster Software Development makes it easier to write Safer Code

As the automation ushered in by DevOps has led to a faster software development process, companies are finding it easier to improve their code in other areas, most notably in security. Tyler Shields, vice president of Signal Sciences, highlighted this change.

“Successful application security has been defined as increased automation that doesn’t slow down the development and operations process. Imagine a scenario where developers embrace security rather than find ways to work around it,” said Shields.

Some of these automated security routines include fuzz testing and software penetration testing. Both are an important aspect in truly vetting an application’s barriers against hacking and other cybercrime. Analytical routines used by continuous integration software also check for vulnerable code – both in-house developed as well as within third-party components. 

With hacking and ransomware in the news on seemingly a daily basis, software development companies known for writing secure applications will gain themselves a competitive advantage compared to those shops that still see cybersecurity as a hassle. It is yet another example of what DevOps brings to the table for any application engineering organization. 

Regularly come back to the Betica Blog for additional dispatches from the wide world of software development. As always, thanks for reading!

The NoSQL Capabilities of PostgreSQL

Many businesses of all sizes leverage PostgreSQL as an open source option to Oracle and other relational databases. Significant cost savings while maintaining a similar level of performance remains a preeminent reason for this switch. A robust community and the availability of commercial-grade support make Postgres worthy of consideration for your traditional database needs. 

With NoSQL gaining popularity all over the technology world, you may wonder how PostgreSQL supports this new database paradigm. Let’s take a look at what functionality exists today in the database with a quick towards the future as well.

Postgres NoSQL for the Enterprise

We’ve talked about EnterpriseDB’s commercial level version of PostgreSQL previously on the blog. The company also offers a Postgres version with support for document databases and key-value stores – two of the most common NoSQL database types. Known as Postgres NoSQL for the Enterprise, this is something worthy of closer attention at companies looking for an open source mix of relational and NoSQL databases.

This Postgres database solution combines the speed and flexibility of NoSQL with the traditional SQL database functionality required for enterprise use – most notably the support for ACID (atomic, consistent, isolated, and durable) transactions. Database instances also easily integrate into the existing business data infrastructure, no matter the platform. In short, it provides the best of both worlds – relational and NoSQL.

ACID transactions are vital for business organizations that depend on the real-time validity of the relationships within its data. Many current NoSQL databases don’t offer this feature, instead following the BASE paradigm which emphasizes speed and availability over the consistency of the data. Postgres NoSQL lets companies combine unstructured and structured data; mixing the performance of NoSQL with the more formalized governance of traditional SQL.

Postgres NoSQL supports many industry standards for programmatic access and data exchange. These include Ruby, Python, and JavaScript for the former, and the JSON and XML formats in the latter case. The superior performance of PostgreSQL combined with the seamless scalability typical of a NoSQL database solution make EnterpriseDB’s combination of Postgres and NoSQL a valid option for any business desiring a flexible database infrastructure.

The Future of PostgreSQL and NoSQL

In a previous article looking at new features of PostgreSQL 10, we noted the relative lack of NoSQL functionality in this newest version of Postgres, slated for release later this year. The new XMLTABLE feature supports the direct querying of data stored in XML documents. Other performance improvements in version 10 bring the speed of the relational database closer to its other NoSQL brethren.

One recent enhancement in Amazon Web Services deserves mention for companies using a mixture of relational and NoSQL databases. The AWS database migration service now includes NoSQL databases, with MongoDB (as a source) and Amazon’s own DynamoDB (as a target) being the first two to be supported. This means companies with a PostgreSQL instance on AWS are able to stream data from Postgres to a DynamoDB instance.

Companies with an investment in PostgreSQL need to explore EnterpriseDB’s NoSQL option to see if any of its features make sense for adding non-traditional database formats to the corporate data infrastructure.

Keep returning to the Betica Blog for additional news and insights from the wide world of software development. Thanks for reading!

A Closer Look at Application Lifecycle Management (ALM)

Application lifecycle management (ALM) is the process of nurturing a software product from the initial genesis of an idea all the way through the application’s final stages. Nearly all aspects of the software development and deployment processes fall under this overarching banner. Many organizations – especially smaller ones – engage in some form ALM without knowing so, but firms aiming towards Agile, DevOps, and Continuous Deployment benefit from a formalized version of the process.

Let’s take a high level view of ALM to see if leveraging the practice at your software development organization makes sense. Maybe it ends up helping you better organize your application engineering efforts?

Documentation and Tracking are Vital in ALM

Documenting and tracking everything related to a software application – requirements gathering, design, development, deployment, change control, etc. – is one essential goal of any ALM process. This is becoming more important throughout the industry as companies increasingly move to a DevOps model. In the past, a different team would handle an app’s development compared to its subsequent management in a production environment; now these tasks are more likely to be shared.

Additionally, the Agile methodology tends to keep developers more involved with an application after its initial deployment. Quickly making enhancements and bug fixes remains a major reason enterprises are embracing Agile and DevOps at their shops. Some form of ALM process ensures everything works more efficiently, especially when it comes to managing the overall effort.

A Wide Range of ALM Tools Exist

When looking at an ALM tool, a variety of options exist depending on the specific needs of your company. The bare bones approach involves simply using some form of wiki, where developers, network engineers, QA personnel, and business analysts are responsible for maintaining all documentation related to an application. Obviously, this offers significant cost savings compared to using an off-the-shelf solution.

For those enterprises looking for a robust suite of applications for ALM, consider IBM’s Collaborative Lifecycle Management solution. Analyzing its functionality also serves well as an example of what features to expect out of any commercial ALM software.

In an integrated fashion, CLM handles requirements management, QA, change control, configuration management, as well as project planning and tracking. The CLM suite includes IBM Rational Team Concert for the project management role, IBM Rational Quality Manager for software testing, and IBM Rational DOORS Next Generation for requirements management.

The tool includes support for the Scaled Agile Framework, suitable for companies first implementing Agile. It also provides a one-stop solution for the integration of DevOps. A robust reporting engine offers the means to analyze every step of your ALM process.

If your organization wants an alternative to Big Blue’s ALM product, TeamForge ALM is one solution suitable for companies leveraging open source applications for development and deployment. HP also offers ALM products – including a Cloud-based SaaS offering – that play well with other third-party solutions, providing a valid alternative to IBM’s one-vendor ALM suite.

Ultimately, it is up to your company to perform due diligence on either using a simple in-house ALM solution or purchasing a suite from a vendor. If you are beginning a journey down the path of Agile and DevOps, some form of ALM process definitely makes it an easier trip!

When you need additional insights from the world of software development, check out the Betica Blog for the latest from this constantly evolving industry. Thanks for reading!