The impact of DevOps on your bottom line

During Cybersecurity Awareness Month and beyond, DevOps is a philosophy to which security practitioners should pay attention.

devops training
Raysonho @ Open Grid Scheduler/Grid Engine (CC0)

DevOps is the most important innovation to the IT sector since the invention of the personal computer. Nearly everyone I have talked to in my travels, these past few years, says they are building their own DevOps shop. But when you probe them about what they are actually doing, most say they are deploying applications to the cloud. That is not exactly what DevOps is.

To put it in a nutshell, DevOps combines the cultural and technical philosophies of software development, quality assurance, and IT/InfoSec operations into a single system of systems that is managed as a whole. The purpose is to deliver applications and support services at a much higher velocity. With traditional software development processes and standard InfoSec and IT tool maintenance updates, it sometimes takes weeks, months and even years for organizations to roll out a new application, update an old application, install a patch to a machine, or add enhanced prevention controls derived from new intelligence. The DevOps mantra is to roll out ten deployments/changes a day. That sounds good when you say it fast, but it is tough to find the edges of this new philosophy when you start to think about the implications.

DevOps is such a new concept that is difficult to define precisely. Many have their own view of it. But in terms of outcomes, DevOps completely changes the focus of the IT and InfoSec organizations away from stovepipe thinking. It forces the people in those organizations to think about the production system as a whole. In this new model, every stakeholder is concerned about maximizing the throughput of the overall system for deploying everything. The result is that production velocity exponentially increases because the team begins to automate the throughput process: the glue that moves all projects through development, quality control, InfoSec and IT operations. For network defenders, specifically, security is no longer an afterthought; it is part of the fabric of every deployment project.

Big tech companies like Netflix, Google, Salesforce.com and Facebook have been doing their own versions of DevOps for years. Google has its own name for it: Site Reliability Engineering. I believe that this early adoption of the DevOps philosophy by these internet giants is largely responsible for how they have scaled their operations while continuing to serve their customers at the highest levels.

Here is the bottom line: As every organization races to the cloud, DevOps becomes an opportunity. You are writing new code anyway. Why continue deploying code and installing fixes the way we did it when the internet was young? Why not use this time to completely rethink and modernize your approach, and take the leads from successful organizations like Google and Netflix? I believe that, if you don’t, your competition will beat you to the punch within the next five years. If they get there before you do, they will dominate in the marketplace because you will not be able to keep up with them. But if you get there first, you can place your organization as the frontrunner. You could potentially dominate your competition in the marketplace, and that is a great position to be in.

If you are new to the philosophy, consider reading the Cybersecurity Canon Hall of Fame Winner The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win. It is a good primer on the subject, regardless of your role in your organization.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Winter 2018 issue of Security Smart