Cyber Security - How DevOps Improves Application Security
Cyber security and DevOps are very hot topics in IT. At first glance, they seem like they would be disconnected from, or even at odds with, each other. But, on closer examination, a strong DevOps development philosophy can significantly improve application security.
DevOps is a development framework that eschews the typical cycle of writing code, sending it for review and publishing it at quarterly, biannual or annual intervals. Instead, the developers, operational teams, quality assurance teams, and security teams all work together -- often in the same group -- to provide continuous updates to the application. This empowers developers to make changes as needed on the fly and allows an organization to be more responsive to customer needs. With DevOps instead of new features taking months or years to be implemented they can be implemented in days or weeks.
This may seem like a security nightmare. After all if any developer can make changes without having to go through the normal review process isn't it more likely that a new bug or security flaw will be introduced into the application? Not necessarily. That is part of the reason why the different teams, including security, work together under DevOps. By working more closely with developers the security team can help developers learn to incorporate security best practices into their development process. Working together also builds trust between teams. Encouraging this open communication means that developers won't hesitate to reach out to the security team with questions.
Security is too often thought of as the "Department of No". If the security team is only brought in at the tail end of the development cycle it is usually too late to offer constructive advice, so they must resort to saying no to everything in order to maintain the security of the application. However, by bringing them in from the beginning, as in the DevOps framework, they are able to guide the development process from the beginning and go from the "Department of No" to a trusted partner in the development process.
Quickly Fixing Mistakes
Of course, even the best teams are going to occasionally miss something. The beauty of the DevOps framework is that even if a bug or security flaw is introduced it can be quickly fixed. The continuous development model means that as soon as a bug is identified, developers can create a patch and push the new code out. Not having to wait for the quarterly release cycle means that vulnerabilities in the application are short-lived.
The DevOps framework, when implemented correctly, can not only help developers deliver a better product for your customers, it can help offer those customers a more secure application.
For more information about how we can help with your DevOps or cyber security needs please contact us.