It’s ten years since a group of like-minded IT professionals met in Belgium for the first DevOpsDay. The idea was to get teams who historically didn’t interact much to work together – Development and Operations – to improve the quality of software before it went into production.
In the intervening years, DevOps has gained wider – but not universal – acceptance as a means to produce higher quality software at a more rapid pace. But, as we enter the second decade of DevOps, there is still much work to do. Below are a few issues we need to tackle.
More Training is Required
DevOps is predicated on a lot of automation, so team training is needed to master all of the automation tools. Rapid release cycles, though, can be a shock to developers used to old-school development styles (pre-DevOps) that are still the primary approach in many organizations.
Add More Disciplines
The rapid pace of DevOps and agile release cycles often introduce more security bugs than the slower, siloed approaches they replace. Adding Application Security teams into the DevOps process may increase the learning curves/pains as most developers have little-to-no experience in application security (vulnerabilities, remediations, etc), but the end result will be fewer security issues.
DevOps Isn’t a Universal Cure
Any application that is ‘pre-DevOps’ or is a 3rd-party app gain zero benefits from DevOps. In most large enterprises, so-called ‘brown-field’ apps are ~ 80% of all apps which means there’s a big burning issue of how to manage pre-DevOps/3rd-party apps. Runtime-based solutions including RASP bring rapid-update/remediation benefits to these classes of apps in a DevOps-like way.
The compiler-based technology that Waratek has perfected allows patching, adding security rules, and even upgrading out-of-public support Java platforms in minutes, not months (or years). This eliminates the need for source code changes, production downtime, profiling, tuning, and the use of heuristics along with a lot of needless cost and performance issues.
The future of DevOps
DevOps is clearly here to stay. New and future greenfield development efforts will be based on DevOps. AppSec will push further ‘left’ into DevOps, in addition to embracing ‘smart-runtimes’ in production which can proactively improve apps in prod (whether that is for performance, uptime, or security concerns) with little-to-no developer involvement.
About Waratek
Some of the world’s leading companies use Waratek’s ARMR Security Platform to patch, secure and upgrade their mission-critical applications. A pioneer in the next generation of application security solutions, Waratek makes it easy for security teams to instantly detect and remediate known vulnerabilities with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time-consuming and expensive source code changes or unacceptable performance overhead. For more information, visit www.waratek.com.
