 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Organizations devote vast resources to developing new code. Sometimes that code is intended to fix bugs, sometimes to improve the user experience and sometimes to deliver entirely new capabilities. Whatever the purpose, the expectation is that all that effort is going to return value to the organization. But whenever deployment of the latest code is held up by inefficient or outdated security controls, the organization’s return on investment (ROI) shrinks. Organizations should never bypass security controls in the name of ROI, but to make sure you’re never put in a position where you may be tempted to decide between the two, the way we implement those security controls should add as little friction to the deployment process as possible.
How can organizations implement security in a way that gets their code into production faster so they can get the full value out of their latest and greatest code? This is a question explored in “The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win” from 2013, and the author spends a lot of time discussing the concept of “Work in Progress” or WIP. The concept of WIP is not new, but “The Phoenix Project” pushes the idea that reducing WIP is key to successful DevOps. One key factor in reducing WIP is to implement appropriate security controls in ways that minimize deployment delays.
DevOps teams fix problems and work to bring new capabilities to our users, and every delay in getting that latest and greatest code into production affects the business. A common scenario and pain point for developers is when they push code into their testing environment and discover that some pre-existing security control is incompatible with their new code. This sends the development and security teams scrambling to make necessary changes to get the code to work. Those changes could be in the application or the security control, and just determining whether the application or the security control should change can be time-consuming. The later in the process these conflicts reveal themselves, the more expensive the resolution tends to be, and that expense should be measured both in terms of person-hours and in terms of delayed ROI.
To avoid code implementation issues, security should be tightly integrated with every organization’s DevOps practices, or what is also known as DevSecOps. Here are three tips that can help:
“The Phoenix Project” has been out for a few years, but it remains a great primer for getting up to speed on the basics of DevOps – and surprisingly, presenting it as a “DevOps novel” works pretty well. If our security controls and processes keep code stuck as WIP too long, we become an impediment to the business. Security is more than just a cost of doing business; if we do this right and enable rapid code deployment without compromising security, security becomes a business enabler and a competitive advantage.
