How Visibility Unlocks DevSecOps Potential

DZone 's Guide to

How Visibility Unlocks DevSecOps Potential

Increased end-to-end visibility of the software development lifestyle can unleash the potential of DevSecOps teams. Click here to learn more.

· Security Zone ·
Free Resource

Reports suggest that two-thirds of enterprise workloads currently run in the cloud, and as businesses look to unlock the advantages it offers, such as lowered CAPEX, OPEX, and quicker time to market with new services, this volume is expected to grow to more than four in five enterprise cloud workloads by 2020.

Illustrating the important role it plays in capitalizing on these benefits, up to 78 percent of organizations claim to have adopted the DevSecOps function to some extent, a key task of which is to continuously deliver a higher quality of secure applications and services at faster speeds. Indeed, a recent report showed that high-performing DevSecOps teams are capable of deploying code updates up to 46 times faster than their non-DevSecOps counterparts.

A continuous delivery pipeline can often mean that DevSecOps teams are required to build, test, integrate, and deploy several new releases a day, each of which must deliver a secure, reliable, and responsive service with virtually zero downtime. Achieving the agility required to meet these demands, however, requires DevSecOps teams to have end-to-end visibility into key telemetry attributes of the entire software development lifecycle and share a common situational awareness, without which organizational effectiveness and, as a result, their deployments and innovation may be impeded.

Reaching Maturity

The effectiveness of a DevSecOps team can be impacted by the level of its maturity. Until mastered, it can lead to siloed working practices and inefficiencies. Similar to MTTR (Mean Time To Repair), which refers to an organization’s ability to resolve problems effectively and in a timely manner, MTTM (Mean Time To Maturity) refers to an organizational capacity to reach the desirable level of maturity necessary for continuously delivering high-quality code that can perform well in production environments at scale.

A DevSecOps team’s maturity and, in turn, its MTTM is largely influenced by two factors — the first of which is the cultural dimension. This encompasses the need for DevSecOps to collaborate effectively within the wider business and take ownership of its global organizational mission, rather than simply meeting the objectives of its individual teams, such as Dev, QA, or operations.

These teams can often be found working in silos, concentrating on their own domains with limited cross-functional collaboration. QA may focus on the use cases they are most familiar with, for example, which forms a basis for testing, while operations will be monitoring the production environment. At the same time, the DevSecOps organization, as a whole, should be focused on accelerating and optimizing the quality, speed, and security of continuous delivery across all its domains. 

During this stage, establishing the end-to-end visibility needed to achieve the second contributory factor, that of situational awareness, can be something of an afterthought. And while it is crucial to reaching full maturity, it can prove challenging.

Efficient and Secure

Developers will build the code for an application, QA will test it, and the release manager will oversee its integration into the mainline and, finally, its deployment. Operations might then find a problem that only manifests at scale and dev teams will have to quickly identify the issue and, to rectify it, develop new code that will function correctly in the production environment.

This scenario clearly illustrates just how important visibility is to the entire process, enabling all parties to enjoy a common situational awareness. Instead of relying on the feedback from the Ops team to highlight any issues after the event, dev teams could look on the system themselves and, by observing the same situation, better understand the parameters within which they are required to work. Not only will this save time, but it will lead to the creation of more effective feedback loops.

This visibility is especially important to a highly mature DevSecOps organization, in which a security engineer works alongside the dev team to assure application security far earlier in the process than traditional security practices. While analyzing data after a breach has occurred is appropriate for forensic purposes and fortifying preventative measures, the ability to know in real time which vulnerabilities in an application have been exploited makes a more effective feedback loop from Ops to Dev to Sec, allowing security issues to be effectively dealt with at the source. Combined with automation, this process of “shifting left,” inserting security earlier in the DevSecOps timeline, will ultimately lead to the creation of more secure applications.

Unlocking Potential

Key to achieving the visibility required for increased security and common situational awareness is smart data. Smart data is metadata based on the processing and organization of wire-data at the collection point that is optimized for analytics at the highest speed and quality. Every IP packet that traverses the network during a development cycle and beyond is analyzed in real time, and that information is used to deliver meaningful and actionable insights to create a common situational awareness for all DevSecOps teams. As a result, developers, QA, Operations, and Security can work together within ever-changing parameters, with minimal bottlenecks in the feedback loop — all of which will ultimately reduce its MTTM.  

Digital transformation represents an opportunity for organizations to maintain a competitive edge in a disruptive market, and the cloud is playing an increasingly important role in this. To fully capitalize on this, DevSecOps must work diligently to reduce their MTTM to reach a level of maturity that will allow them to produce quality code at speed, unhindered by silos, and bolstered by a culture of communication and collaboration. By utilizing smart data, they can enjoy a level of visibility, insight, and a common situational awareness that will help reduce their MTTM and free their potential for greater innovation.

devsecops ,security ,MTTM ,visibility ,end-to-end ,security teams

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}