Smart Enterprise Magazine

Volume 6, Number 3, 2012

Issue link:

Contents of this Issue


Page 16 of 23

Smart Security The merging of development and operations teams, commonly known as DevOps, can be a win for both. | By George V. Hulme T here has long been talk of security being a "business enabler." The reality of IT security, however, has been quite different from that. While it's true that organizations want their trans- actions to be safe and private and their data to be secure from snoops and tampering, security is viewed as a necessary evil by many businesses. Think of it as the way one may view the military — it's necessary to keep trade lines secure. Anarchy isn't good for business. Disrupted transactions, hacked applications and stolen data clearly aren't good for business, either. Such incidents diminish trust among employees, partners and customers. In spite of this, I constantly hear that most organizations invest only in security that is "good enough" to get the job done. In fact, Joshua Corman, Director of Security Intel- ligence at Internet and cloud services performance management firm Akamai Technologies, recently told attendees at the 2012 RSA Conference that organiza- tions "hate" security. "It's a tax that prevents IT from doing what it wants to do. Security is a toxic word," he said at the session, which was titled, "Security Is Dead. Long Live Rugged DevOps." And it's so true. Still, it doesn't have to be that way, and a number of emerging trends in enterprise development and operations are making security less painful. Chief among these are virtualization, cloud computing and agile development and management systems, as well as the merging of development and operations teams, commonly known as DevOps. Taken together, these technologies and practices are making it possible for security guidance and processes to be built into organizational development and operational work- flow. Hopefully, the result will be infrastructures that are not only more agile but also much more resilient. For instance, with the increased popularity of DevOps over the past few years, many organiza- tions have been merging their IT operations and development teams. By doing so, experts say, the software-deployment cycle is compressed from many months to days. Some organizations that previously performed a dozen deployments over the course of a year are doing dozens per day now. The trade-off for moving that quickly, however, is the potential for weakened security. For example, if a build were not properly secured, those errors would be replicated quickly; or if code isn't tested by the Quality Assurance team, security-related software mistakes are more likely to slip by. Such errors may not worry others, but they are of critical concern to security officers, who are already running a number of steps behind most deployments. That's where DevOps come in. Agile and DevOps workflows are business enablers that allow swift and highly competitive enterprises to rapidly add and process customer requests into products or services. However, success at achieving such innovative devel- opment will depend on the organizations' ability to learn how to move securely at such speeds. What they need to consider — in the same way that virtualization and agile development processes help make DevOps possible — is how IT can also help to instill security throughout the DevOps process. This is what Corman and his co-presenter, Gene Kim, President of Visible IT Flow, dubbed Rugged DevOps. This approach is about instilling secure practices into the fabric of an organization's workflow, reducing risk while enabling the business to move at today's more competitive pace. To achieve this, security managers need a good seat at the DevOps table. Corman and Kim say the key is selling the business benefits of security, rather than focusing on security for its own sake. Those benefits include increased uptime and fewer breaches. Once they are part of the DevOps process, security teams can provide release managers with additional checks to add to their development and release cycles to succeed at all of the objectives stated here. And, for operations teams, security can provide the tools (such as firewall and network security checks) needed to ensure that the environment is stable and safe from an operations perspective. It's a win-win. With organizations forced to move fast to succeed, models such as DevOps will continue to emerge. At the same time, businesses have to make certain that the proper level of security is embedded along the way and that security truly enables agility and competitive advantage. n GEORGE V. HULME writes about security and technology from Minneapolis. A version of this article originally appeared on Smart Enterprise Exchange. 2012 • SMART ENTERPRISE 17 9 1 5 3 7 9 PRACTICES TO ENSURE SECURITY IN THE CLOUD BEST 4 8 2 6 PHOTOGRAPH: SHUTTERSTOCK

Articles in this issue

Links on this page

Archives of this issue

view archives of Smart Enterprise Magazine - Volume 6, Number 3, 2012