Security benefits help drive DevOps adoption
15 May 2015 | 0
Having started out in the bleeding-edge data centres of the likes of Facebook and Google, developer operations (DevOps) is now gaining traction among more traditional enterprise businesses. But alongside the primary draw of faster, automated software development, there are other benefits to breaking the barriers between developer and IT operations teams.
“One of the reasons the enterprise is starting to adopt DevOps so quickly is security,” said Barry Crist, CEO, Chef. “Security has been an obstacle or a barrier to the business doing what they are trying to accomplish, but we are seeing a change in that around DevOps.”
Crist says that chief security officers have typically been focused on slowing IT operations down to maintain control and ensure compliance standards are met. However businesses have also begun to realise the benefits quickly and automatically issuing patching and upgrades. “Take Heartbleed as an example, I can remediate against that very quickly if I have defined my infrastructure as code and if I have a delivery pipeline where I can very quickly test and remediate,” he says.
“We are finding the security officer is very much becoming our friend – generally this is not a place that has driven innovation, so we are seeing a real shift where the [security] officer is getting onboard with DevOps and really pushing for innovation, which is a really dramatic shift.”
DevOps is typically seen as a combination of a change in working culture, as well as use of tools to automatically manage provisioning and configuring of infrastructure such as servers, allowing software updates to be quickly released. Chef, alongside its rival Puppet, has been one of the major proponents of the DevOps approach, which according to a recent analyst report from Gartner, is set to be adopted in around a quarter of businesses by 2016.
According to Crist, the early adopters of DevOps have been ‘web and tech innovators’. The next stage of growth has been in highly regulated sectors, particularly banks, where regulatory compliance is a major issue. DevOps can help address this, he says.
“We view that compliance should just be another test,” he says. “So the faster you are releasing software, it also means that you are more frequently testing that against compliance.”
Techniques such as continuous delivery — enabling small software releases to be made numerous times a day — can support this.
“So it starts with a discussion about how I can fix thing more quickly, but then it morphs into this ‘aha moment’ where there is a realisation that if we actually adopt continuous delivery and build in compliance checking as part of that compliance release process, then the faster we release software the more frequently we are testing our compliance footing,” he says.
Matthew Finnegan, IDG News Service