You are here

You are here

DevSecOps: The new normal

public://pictures/jhunt.jpeg
Johnathan Hunt VP of Security, GitLab
 Johnathan Hunt, VP of Security at GitLab shares his opinion on DevsecOps
 

DevSecOps is a proven strategy that reduces risk and security incidents while allowing faster and more secure code deployments. It also integrates infrastructure and application security into the development process and adds automated security scans and compliance controls within the CI pipeline.

Addressing security issues as they emerge allows for an easier fix and a seamless process for organizations. Here's what you need to know about the DecSecOps journey, why it’s (rightfully) increasing in adoption, and potential challenges along the way.

Defining DevSecOps

Separating security from your organization's DevOps flow allows vulnerabilities to creep in. More specifically, it results in missed or slower remediation of vulnerabilities, making remediation more costly and releases possibly slower—all of which reduces overall security.

When DevSecOps was first mentioned over 10 years ago, organizations did not have the people or tools needed to implement security in their DevOps processes without impacting release schedules.

In the past, security was one of the last steps to occur before software was released. Now, security needs to be at the forefront of every organization and align to a "shift left" strategy to ensure maximum protection. As more organizations understand both the efficiencies and improved security of DevSecOps practices, you'll see increasing adoption across all industries.

In 2022, DevSecOps will be the preferred strategy across all industries to combat today's evolving threat landscape.

Why it's necessary now, and Kubernetes' role

With our current remote landscape, incorporating DevSecOps practices is crucial to business success and protection. Although we are seeing an increase in the implementation of many zero-trust principles, overall the industry has been slow to respond. Much of this is due to the understanding, complexity, and difficulty of implementation of full zero-trust models within the tech stack. The new year will, at best, see a moderate gain in the adoption of zero trust.

In turn, Kubernetes will play a larger role in the DevSecOps journey. The link between DevSecOps and Kubernetes is crucial in furthering the DevSecOps story. As the need for more control and automation increases, most users will come to realize the benefits of operating security controls natively within the Kubernetes platform.

Challenges with DevSecOps adoption

Looking forward, if DevSecOps is implemented correctly, it will yield positive results for any company. While the adoption process can potentially yield some challenges, making sure your company is aligned with a common end result is key.

Challenges with DevSecOps can include employees' lack of security awareness and the need to become familiar with complex tool chains. If all employees of a company recognize the importance of tight-knit security and protection, then adapting to DevSecOps will be an easier lift.

Additionally, source code management, CI/CD, code review, and more are all potential tool chains that organizations can implement for DevSecOps. Ensuring team members are aligned on all functions of new chains is a sure way to have a smooth adoption process.

Looking forward

Our current state of the world is requiring us to prioritize and invest in cybersecurity more than ever before. The DevOps pipeline has proved its agility and efficiency, and incorporating security is the next step for complete adoption and success.

GitLab's recent DevSecOps study found that over 76% of ops teams agree that their developers are able to receive and address security issues during the development process. Given that DevOps developers are already handling the security pieces, it's time to stop treating DevOps and DevSecOps as separate practices as we progress in this era of digital transformation.

Keep learning

Read more articles about: DevOpsSecure DevOps