DevOps Can Be Secure and Agile at the Same Time
Being fast and being safe don’t always go well together. When it comes to DevOps, the goal is to move applications from development, to test, and then eventually to deployment as quickly and efficiently as possible. From concept to design, everyone is working together at a rapid rate, and that could easily lead to lax security.
However, according to Alan Zeichick at Network World, you can still be agile while having a safe, properly security-tested DevOps environment. He lists four critical steps that allow anyone and everyone to guarantee secure DevOps:
- Configure the dev, test, and deployment environments identically.
- Perform all vital connectivity security reviews during the development process
- Make proactive changes to all three environments as needed
- Make sure that only the IT security team can adjust network connectivity, VLAN, and firewall.
If you’re going to security test, add it to your normal agile routine. Pinpoint and apply the changes as you go, continuing to improve your security during development, not after everything’s already done. The agile methodology is about testing as you go, and that shouldn’t change when you shift your focus to security.
Adopting and implementing DevOps with any degree of success requires adaptability and commitment, and the same can be said of security testing within this environment. And while speed is critical in DevOps, it’s not the sole driver of the movement. DevOps is about quality, and brushing over something like security for the sake of speed will fail the DevOps quality standard.
It might just sound like another buzzword, but if you ask Coveros CEO and founder Jeff Payne, DevOps changes everything. He also feels strongly about the relationship between DevOps and agile, he said in an interview with StickyMinds:
Today, it's kind of funny, DevOps is kind of driving agile. We're seeing a lot more people coming to us because they're trying to figure out how to tackle DevOps, and once they get involved in that, what they realize is you really can't tackle it unless you're doing things in a fundamentally different way, building your application in very short increments so you can continuously integrate, automating your tests at all levels so that you can regression test and find bugs during the whole process, et cetera, et cetera, et cetera. They are, to me, intimately tied.
DevOps is agile, but DevOps can still be very secure. You don’t have to sacrifice speed for quality, and as long as you include security in your regular processes, you won’t have to.