DZone
DevOps Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > DevOps Zone > DevSecOps: Catching Fire

DevSecOps: Catching Fire

It's time to discover the community of solutions available for DevSecOps and to listen to the lessons of the pioneers that were paving the path forward to this day.

Derek Weeks user avatar by
Derek Weeks
·
Feb. 03, 17 · DevOps Zone · Opinion
Like (3)
Save
Tweet
5.62K Views

Join the DZone community and get the full member experience.

Join For Free

In DevOps, those that can't keep pace are often left behind.  For many people leading DevOps initiatives over the past few years, this led to a painful choice of leaving security by the wayside. Many Waterfall-native approaches to security could not keep pace with their new DevOps-native requirements and they were shunned.

Gene Kim and Josh Corman first sounded the death knell for security as we knew it during their 2012 RSA presentation, Security Is Dead. Long Live DevOps: IT at Ludicrous Speed. However, as with so many things in our world, necessity is the mother of invention. Leaving security out of the DevOps toolchain was not an option for some and unimaginable for others.  

Fast forward four years and things have changed dramatically.  We are on the cusp of a new era of security that lives at ludicrous speed. Software-defined security is crossing the chasm into the mainstream.

Earlier today, I was reading through DevOps Digest's predictions for 2017. Seven people were predicting that security would break back into the top tier of DevOps priorities. No other category of their DevOps predictions had seven contributions. The second highest (containers) only had five.  Here's the prediction I had shared:

Software-defined security will move into the mainstream of DevOps tool chains. DevOps professionals, recognizing that huge quantities of components (i.e., build artifacts, containers, open source binaries) are moving across their software supply chains, will begin to evaluate the quality of those elements at scale. Security will move from a bolt-on practice at the end of a software delivery lifecycle to one built-in that is consumed like a service, thereby empowering development and operations teams to improve and iterate component choices instantly. Wave one of software defined as security in the mainstream will be referred to as DevSecOps.

Beyond the predictions for next year, we saw strong evidence of the topic picking up steam in 2016. In November, Gartner released its report DevSecOps: How to Seamlessly Integrate Security Into DevOps. While to some this may not be a big deal, it represents a significant market shift.  You see, Gartner covers mainstream IT investments by large enterprises.  It is not focused on early stage technology adoption.  Topics being covered by Gartner are considered to be mainstream.

November's All Day DevOps conference was another leading indicator of mainstream interests.  The 15-hour online conference dedicated 18 sessions to automated security. The sessions were packed and over 10,000 session views were recorded. The conversations on the conference's Slack channel were also non-stop. Practitioners from around the world were not questioning if it were possible for security to run at DevOps-native speeds, they were sharing experiences of how they were accomplishing it.

Screen Shot 2016-12-16 at 3.09.09 PM.png

For those of you heading out to the Bay Area to attend the RSA Conference in February, be sure to check out their third annual DevOps Connect: Rugged DevOps event. I'll be there and I'm looking forward to hearing from more practitioners sharing their stories.

DevSecOps is hitting the mainstream and if you have not been paying attention, 2017 will mark a good time to start. If you are a security professional, begin to explore what others are doing. If you are a Development lead, enterprise architect, or DevOps professional, it's time to examine how security practices have changed and how far they have shifted left. It's time to discover the community of open-source and commercial solutions that are now available for DevSecOps and to listen to the lessons of the pioneers that were paving the path forward to this day.

Security is alive again.  Long live DevSecOps.

security DevOps Open source

Published at DZone with permission of Derek Weeks, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Cross-Functional Team Management
  • API Security Tools: What To Look For
  • How To Check for JSON Insecure Deserialization (JID) Attacks With Java
  • The Power of Enum: Make Your Code More Readable and Efficient [Video]

Comments

DevOps Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo