Is DevSecOps making a Difference in Information Security?

devsecops
It seems nary a week passes without a story about a hacking incident making the evening news. Additionally, many CIOs report a skills gap when it comes to employing experienced information security professionals. As such, the demand for these IT pros is now going through the roof – as well are their salaries.

So what about DevSecOps, the cybersecurity focused variant of the DevOps methodology, slash, organizational structure? We’ve talked about it in the past and are wondering if it is truly making a difference in today’s technology world. Let’s take a closer look.

The Current State of DevSecOps in the Industry

Last month, SD Times looked at what inroads DevSecOps is making throughout the software development industry. They asked the same question as us: is it truly making a difference considering the never-ending scourge of cyber attacks and similar forms of nefarious behavior. Considering the difficulties some organizations encounter when implementing DevOps itself, it is simply too new to make much impact?

Derek Weeks, vice president and DevOps advocate at Sonatype, echoes that opinion. “I will say I think we’re early on in the DevSecOps movement of practices that are being implemented. I think with the organizations that have attempted to do it, they are seeing early successes and are happy with that. The vast majority of the market has not gotten their feet wet with DevSecOps practices yet,” said Weeks.

When looking at the recent tech news, however, it becomes time to quote Spock: “Mr. Scott, speed is of the essence.” The core of the issue involves successfully implementing security within a software engineering organization’s current DevOps initiatives. If those practices are still emerging, obviously adding the “Sec” to DevOps becomes more difficult.

A Cultural Change is Essential for a DevSecOps Implementation

A successful DevSecOps implementation requires both a cultural shift within a software development shop as well as buy-in from the executive team. Of course, these same things are necessary for switching to DevOps itself. Obviously, a mature DevOps organization will likely find it easier adding security to an existing framework.

Weeks feels security practices need to be actually embedded in the software development workflow, as opposed to tacked to the process after the fact. Making information security practitioners serve as a gatekeeper instead of collaborator isn’t the best approach. They need empathy for the entire SDLC. 

Training software engineers in the proper application of cybersecurity technology ultimately works better. This serves to foster the kind of teamwork and collaboration that is the hallmark of DevOps itself. It also provides companies the chance to close their information security skills gap in an internal fashion.

John Martinez, vice president of customer solutions at Evident.io, commented on the inroads DevSecOps is making at his firm: “I think the DevOps side of DevSecOps has definitely been much faster to respond and I think we’re starting to see, at least on our side, the cross-pollination on the security side where a lot of the agile practices are starting to fit over on the SecOps side.”

Ultimately, DevSecOps is a still emerging practice. However, the importance of companies successfully implementing it cannot be overstated.

That’s it for this edition of the Betica Blog. Stay tuned for additional insights from the wide world of software development. Thanks for reading!

Are Developers finally starting to Understand DevOps?

devops-blog

Software developers remain a curious and opinionated bunch. Over the last few decades they tend to adapt slowly to new methodologies, with DevOps offering little exception to this golden rule. A recent survey reveals things are finally beginning to change, as it shows application engineers beginning to actually “get” DevOps.

Of course, we recently wrote about network administrators feeling DevOps is all about the “Dev” in the first place. What follows is an analysis of the survey to see what these changing opinions mean for the process of software engineering. Perhaps you might gain an insight or two to help your own team’s project work?

Survey says DevOps makes Software Development Faster

Most organizations implementing DevOps do so in the hopes of making their software development process faster and more efficient. A survey of software engineers, CTOs, and IT pros by application maker, GitLab, notes that these wishes appear to be coming true. News about the survey appeared last month on the Developer Tech website.

According to the GitLab study, two-thirds of those polled feel DevOps greatly improves the speed of the software development process. This 65 percent moves upwards to 81 percent when only taking into account the opinion of managers. 29 percent of those surveyed plan new DevOps investments in the current year.

The best shops using the methodology are able to spend at least half of their workday actually writing code. Changes get deployed on demand. In short, these top organizations are twice as productive as those whose DevOps implementation is either immature or nonexistent.

Challenges to Efficient Application Engineering Remain

In their survey, GitLab highlighted a few challenges to the software development process. Two-thirds of the respondents noted the lack of clear direction on application engineering projects. Slightly over half mentioned the need for rework and unexpected scope creep, while 31 percent felt unrealistic expectations hampered their efforts.

Leveraging automated processes to improve efficiency is a high priority at 60 percent of the surveyed organizations. Around 90 percent of those companies are currently using Agile, DevOps, or a mixture of both. 16 percent are still using the venerable Waterfall methodology for some or all of their development work.

Continuous testing also plays an important role in the ultimate success of any company’s DevOps adoption, a concept highlighted by Razi Siddiqui, SVP and CIO at GCi Technologies. “It’s a key indicator that your DevOps/agile practice is mature, and your QA strategy must take into account that 100% test automation is not practical – nor is it possible,” said Siddiqui.

Sid Sijbrandij, CEO and co-founder of GitLab, commented on their survey conclusions. “The survey reveals software professionals finally see the need for DevOps in their workflow and are beginning to adapt their workstyle in order to make this a reality. Despite the progress in the shift in mindset, current DevOps practices are not cutting it. Instead of a single application that accomplishes the goals of both Dev and Ops, many glue together the tools for the two departments, which has proven to be an ineffective means for collaboration,” said Sijbrandij.

It definitely appears that any enterprise software development not using DevOps runs the risk of being left behind in today’s business landscape. Thanks for reading this edition of the Betica Blog. Keep returning for additional insights on the wide world of software development.

Survey reveals the Application Development Process still needs Improvement

Screen Shot 2018-03-02 at 1.03.33 PM

 

Even with Agile and DevOps becoming more popular within the software development community, the application engineering process remains clunky. This is the lead finding of a recent survey of IT managers responsible for the SDLC. Frankly, is that conclusion all that surprising with network administrators now complaining about software teams dominating DevOps?

Let’s dive into the details of the survey to see what meaningful information lies within. Maybe your software team gains a new sense of direction on how to make the entire development process more efficient? Good luck!

 

Nearly All IT Managers complain about Inefficient Software Development

The integration software company, MuleSoft recently surveyed 650 IT managers on a variety of topics related to application development. ZDNet summarized the survey’s findings in an article published earlier this week. This information definitely provides some food for thought for anyone working in the software engineering industry.

Somewhat surprisingly, 93 percent of those surveyed feel their organization’s software development efforts “could be more efficient.” They feel the process suffers from being clunky, which makes successful integration more difficult. This problem becomes exacerbated in the increasingly complex environment of the modern business landscape.

Another data point leading to this perception of inefficiency is the 83 percent who feel their company fails to reuse existing software when building new systems. Only a third of those surveyed mentioned their organization makes software assets available for reuse in new projects. This is a traditional problem in the development process; hampering attempts to improve efficiency for decades.

 

Executives are demanding more Software – Enhancements and New Applications

These inefficient software development processes are coming at a time when the C-Suite is demanding more from their application engineers. The MuleSoft survey reports an overall increase of 27 percent in the number of development projects last year. 12 percent of those surveyed managers saw their project load increase by over half.

Of course, the fact that two-thirds of the survey respondents were unable to deliver on all of their projects in the last year truly hits home. Aren’t Agile and/or DevOps making a difference in software development? The fact that these IT managers report responsibility for over one-thousand applications on average raises one obvious question. Are they simply overworked?

Poor integration between these applications – only 29 percent are successfully integrated – appears to be another factor leading to inefficiency. This survey finding perhaps isn’t too surprising considering MuleSoft’s focus on application integration.  81 percent of the survey respondents note that point-to-point integration is a major source of problems for their development teams.

In short, too much valuable development time is spent on one-off application integration efforts; siphoning resources better spent on other projects. Notably, nearly two-thirds of the surveyed managers are focused on this kind of work, as opposed to building new and innovative solutions. On the positive side of the ledger, more than half of the managers report that the use of APIs improves overall productivity, while also leading to increases in innovation, employee engagement, and faster deployment.

As organizations modernize their systems, and the use of DevOps and Agile continues to mature, hopefully the software development process finally wins that decades-long battle to improve efficiency.

 

Thank for reading this edition of the Betica Blog. Stay tuned for additional dispatches from the world of software development.