Skip to main

Now That You Are in the Cloud, How Can You Get DevSecOps Right?

Download Point of View
Point of View

Short on time? Here's an overview:

The cloud enables innovation, agility and cost savings. Businesses that don’t move to the cloud risk becoming irrelevant. Getting DevSecOps right is important, but it’s not easy. By following these DevSecOps best practices, you can use the cloud to your greatest advantage. You’ll be more efficient and effective, your customers will be happier and your business will thrive. DevSecOps is crucial now and will continue to be in the future — and it’s required for cloud-driven innovation

The adoption of cloud technology has changed everything — and that’s good for businesses and customers. Agility and speed of innovation are much higher with the cloud versus on-premises.

The agile software manifesto and the proposed methodology allow businesses to quickly iterate and use customer feedback to expedite the release and iteration of their software-based solutions on the cloud. The lean business model further enables speed of innovation. This minimizes waste and encourages teams to deliver results faster by better managing flow and limiting the amount of work in the process to reduce context switching and improve focus.

Cloud brings in a higher velocity of data, with a higher volume, and a higher variety of computing and services. The above three trajectories are the market drivers for adoption of DevSecOps.

Gartner projects (via TechTarget) that by 2022, 90% of software development projects will claim to follow DevSecOps practices. Also, 25% of projects will follow a DevOps methodology from conception to production by that same year. DevSecOps provides companies with greater velocity, safety, and ease of software operation. It also decreases code defects and lowers costs.

Traditionally, organizations had separate development/engineering, quality assurance (QA), security and cloud operations teams. The developer team would pass work to the QA and security teams. They would then hand off to the cloud operations team. If things didn’t work at that point, the deployment job would have to go all the way back to the development team. Now the boundaries between development, security, and operations are disappearing. Organizations are mashing them up into a single department called DevSecOps.

Within a year of Amazon’s adoption of DevSecOps, its engineers were deploying code every 11.7 seconds on average. Netflix uses DevSecOps to deploy code thousands of times per day.

Embracing DevSecOps requires tooling, rethinking and reorganizing how teams work, how processes come together, and how to realize continuous integration and delivery. Here are some tips on how to get the most value from the cloud and DevSecOps.