A Tale of Best Frenemies: How to Embed Security in the DevOps Mindset

Introduction

What is one thing that businesses need in order to stand out against their peers? Speed to market.

Responding to this key concept, the DevOps mindset was born as an opportunity to enhance how products are designed and deployed. When focusing on speed and agility, embedding important security measures across the lifecycle can feel like a necessary evil. But in order to move quickly while protecting the business from potential vulnerabilities, DevOps and security need to be friends—or at least, frenemies.

The reason many companies have embraced the DevOps model is simple: by aligning their developer and operational goals, they’re able to keep pace with modern innovation by designing and delivering products quickly and seamlessly. But at many organizations, teams forget security is a major component of operations and all too often it’s not being included in these critical collaborations, which can lead to disastrous results.

When security is an afterthought in the DevOps process, it’s either tacked on at the end of the development lifecycle, or worse, a product is shipped without adequate protections in place. Ultimately, this approach to security is costly and time- consuming, and compromises the integrity of end-user data.

While DevOps is disrupting traditional forms of software development—transforming operations, driving productivity gains, and bringing out the best of engineering capability— it’s time security was brought into the fold. This whitepaper will address where security fits into DevOps, and outline how teams can adopt security-first practices at every stage of development.

 

Exploring the DevOps mindset

First, it’s necessary to clearly define DevOps in context, as the term can mean different things to different stakeholders. For the purposes of this whitepaper, DevOps focuses on IT automation in backend infrastructure, where operations teams implement code to help facilitate the developer team’s business-critical tasks. This in turn allows