DevOps helping Teams with IT Security

With the continued growth of mobile technology and Cloud Computing leading more users to embrace eCommerce, there has been a subsequent increase in cases of identity theft, ransomware, and other forms of cybercrime. Nefarious agents – essentially hackers – are finding more targets on a daily basis. This puts the onus on software developers to ensure their web application remain as secure as possible. Enter DevOps.

Application engineering firms are now leveraging the faster development speed provided by DevOps to ensure their software products – and user base – stay protected from cyber criminals. Let’s take a closer look at how this modern methodology helps teams with cybersecurity.

Automating Security in Software Development

One of the most important technical principles within DevOps is the use of automation to make certain aspects of the software engineering process more efficient and subsequently faster. According to a recent article in InfoWorld, automated routines are also helping teams implement cybersecurity throughout the software development life cycle. In the past, adding security routines to a codebase was cumbersome; this is apparently no longer the case.

A 2017 survey on “DevSecOps” by Sonatype noted a change in how developers felt about adding cybersecurity routines to their applications. 84 percent of the respondents now feel coding application security routines is a necessary safety measure, as opposed to something hampering their creativity or delaying the release date of the application. The increased use of automation to build security into software is one of the reasons for this change in attitude.

Wayne Jackson, Sonatype’s CEO noted the advantages of leveraging DevOps for application security. “DevOps is not an excuse to do application security poorly; it is an opportunity to do application security better than ever,” said Jackson. His company’s survey also noted that the organizations who have no issues adding application security tend to be the same ones with a mature implementation of DevOps itself.

Faster Software Development makes it easier to write Safer Code

As the automation ushered in by DevOps has led to a faster software development process, companies are finding it easier to improve their code in other areas, most notably in security. Tyler Shields, vice president of Signal Sciences, highlighted this change.

“Successful application security has been defined as increased automation that doesn’t slow down the development and operations process. Imagine a scenario where developers embrace security rather than find ways to work around it,” said Shields.

Some of these automated security routines include fuzz testing and software penetration testing. Both are an important aspect in truly vetting an application’s barriers against hacking and other cybercrime. Analytical routines used by continuous integration software also check for vulnerable code – both in-house developed as well as within third-party components. 

With hacking and ransomware in the news on seemingly a daily basis, software development companies known for writing secure applications will gain themselves a competitive advantage compared to those shops that still see cybersecurity as a hassle. It is yet another example of what DevOps brings to the table for any application engineering organization. 

Regularly come back to the Betica Blog for additional dispatches from the wide world of software development. As always, thanks for reading!

Does an Informal Approach to DevOps work Best?

The DevOps approach to an IT department’s organizational structure continues to make inroads throughout the technology industry. As companies strive to reach a continuous delivery model for both new software and code enhancements, DevOps seems like a wise choice for most. Increased competition requires businesses to embrace a variety of innovations when it comes to software development.

One recent industry study questions whether an informal approach to implementing the methodology actually works better than a more sharply defined process. Here is a closer look at what their study discovered. Perhaps the survey’s findings make sense for your team’s approach to DevOps or even Agile?

A Paradoxical DevOps Survey Finding

Hewlett Packard Enterprise’s Digital Research Team surveyed a wide range of technology enterprises on their process maturity, a concept essentially the same as the Capability Maturity Model first developed at Carnegie Mellon University’s Software Engineering Institute. John Jeremiah, a technology evangelist for HPE, wrote about the survey for TechBeacon.

The survey queried over 400 technology professionals at larger enterprises about their approach to DevOps. The ultimate goal of the study involved determining what processes led to success in implementing this new organizational structure. Finding out the maturity level of the respondents’ DevOps deployment was an important differentiator in the survey.

These four maturity levels included research/evaluation, pilot project, partial implementation, and widespread implementation. Surprisingly, the study didn’t show a correlation between the DevOps maturity level and a more efficient software delivery process. Diving deeper reveals a few answers that may help your own organization’s approach to DevOps.

Getting High Quality Code into Production Faster – with Agile

The survey noted those who took a more informal approach to DevOps – with many still in the research stage of process maturity – enjoyed faster release cycles with fewer code defects. These findings almost seem counterintuitive. Why are they able to write and test better software than those companies more experienced with DevOps?

The probable answer lies within one word: Agile. A vast majority of the survey respondents still researching and evaluating DevOps were already very experienced in Agile, especially compared to those companies higher on the process maturity level. Focusing on the strong communication and collaboration typical of an Agile shop is more important than the structures and processes found within a mature DevOps implementation.

In short, as we commented earlier in this very blog – Agile and DevOps make perfect partners. The HPE study notes that an informal approach to DevOps, focusing on a collaborative Agile culture, plays a key role in making the software development process more efficient. The study revealed those companies first exploring DevOps already used some of its typical tools and processes because of Agile. These include ChatOps, containers, automation, and more.

In fact, companies researching DevOps with the hopes of achieving continuous delivery would do well to “go Agile” before restructuring their IT organization. Reaching DevOps “maturity” by itself is no guarantee of efficient software development. As Jeremiah summarizes the study finding, “DevOps is not a destination; it’s a journey.”

Become a regular reader of the Betica Blog for additional insights on the innovative world of software development. Thanks for checking it out!

News from the World of Software Development – March 2017

Welcome to this month’s software development and QA news digest. As 2017 enters its third month, the application engineering world continues to evolve at a rapid pace. If you are interested in February’s digest, simply click on this link.

Hopefully, you are able to leverage these insights to improve or inform your organization’s software engineering process.

Software Engineering Trends going Mainstream

Earlier this month, The Next Web published a story from the software intelligence company, Raygun, looking at three software development trends essentially becoming standard practice. We covered some of these same directional shifts in our 2017 industry trends article, and it is interesting to see them widely adopted.

The growth of ChatOps to enhance communication amongst a development team is one trend Raygun noted. ChatOps even allows software engineers and QA personnel to kick off builds and automated tests from a chatbot interface, while the entire team stays in the loop. The use of bots works well for companies already embracing DevOps and a continuous deployment model.

Speaking of continuous deployment, it is another one of the trends highlighted in the Raygun article. An increasingly competitive business world places the onus on companies to build and maintain applications faster than ever before. Following a continuous delivery model allows firms to deploy new code several times a day.

The increased use of software intelligence was the third trend discussed by Raygun, which isn’t a surprise, considering the company’s main line of business. Leveraging this form of automated intelligence hastens the discovery of problems or issues before the customer.

“Software intelligence gives you the ability to automatically detect when a user’s experience was poor and how you can improve it, with full diagnostic details being provided for every individual user error, crash or performance issue,” the article mentioned. This new era of application performance monitoring is one worth watching by anyone responsible for public-facing applications.

The Principles of Agile Software Development

Late March saw the appearance of a Forbes article in our news feed detailing the daily principles of Agile software development. While this is more of an evergreen topic than “news” per se, anyone new to Agile would benefit from studying these concepts. Scott Stiner, the CEO of UM Technologies, a software firm focusing on innovative user experience (UX) design, authored the article.

Stiner highlights the fact that traditional software engineering methodologies – most notably the Waterfall – lack the iteration compatible with the modern business world. The high cost of finding defects too late in the development process isn’t a risk many organizations want to take. This, combined with the faster speed of business noted earlier, is a major reason many software shops have embraced Agile over the last decade.

Early delivery of prototypes and strong customer interaction remain a major focus of Agile. Changes to requirements are welcome; not considered to be scope creep as with older methodologies. Analyze the rest of these Agile principles to see if a change in how you write applications makes sense for your organization.

Keep coming back to the Betica Blog for additional news and information regarding the wide world of software development. As always – thanks for reading!