DevOps – Words are Important, so is Security

I have not been shy about my feelings for DevOps. Unfortunately, the word has been divisive for the last 3-5 years. Like many other technology paradigms, the label became a keyword for enterprise software and services. I don’t fault the companies selling the software or services, they meet the market at whatever buzzword is leading. The problem is when technology leadership or the otherwise uninitiated associate a term like DevOps with a specific tool, or worse, company.

Allow me a moment to calibrate:

  • DevOps is not Puppet, Chef or GitHub
  • DevOps is not monitors hanging from workspace walls
  • DevOps is not Application Performance Management (APM), Continuous Integration (CI), Continuous Deployment (CD)
  • For the love of… it is not a Data Lake or Big Data.
  • It is also not a locked down room of system administrators working off JIRA boards

Don’t mistake things in this list for DevOps. There is no such animal as a DevOps system nor should there be a DevOps team.

DevOps is a focused effort to utilize specific tools and skillsets to forge a new technology solution delivery model. Yes, DevOps involves new tools and processes. It should involve upskilling developer and system administrator roles to think more about delivery controls and engineering for failure. It will likely involve a fundamental re-thinking of your environments and architecture as your team shifts toward a blue-green deployment shop. Technology teams will adjust to the new methods of delivery. Business stakeholders will need to spend more time with technology teams, maybe even, gasp, sit with them. My point here is DevOps is something a company must invest in and make part of the culture. DevOps energizes technology teams; the rest is proper guidance.

Headed into Q4 of 2017, DevOps is alive and well. The tools that are winning fit nicely into cultural changes and help progress the application lifecycle without turning it into a business model. Now, it is time to let Security into the fold. Data breaches risks are not new. Unfortunately, they seem to be more common and of higher stakes to all companies dealing with data. Are there companies that do not deal with data? Companies with a healthy DevOps lifecycle have a tremendous asset to leverage. DevOps patterns are a great starting point to inject proactive security measures. Starting simple environment health is an easy place to focus with the onset of containers. System accounts and general access management checks are also easy wins with significant risk mitigation payout. There is an entire playbook leading to another divisive term, DevSecOps. If the technology industry keeps throwing three letters between “Dev” and “Ops” to innovate and energize technologists, I’ll be right at the forefront, but don’t expect me to buy the t-shirt. More to come.

Thanks for reading.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: