One of the biggest areas for application security in 2018 is how it fits within a true DevOps environment. In my discussions with some of the largest organizations in the world there seems to be one common theme, and that is the movement to a true DevOps program. DevOps is a hot topic that pretty much every major enterprise is discussing or looking to implement. But what is DevOps and how does it help an organization develop and deliver better applications faster? What are the core disciplines of DevOps? Who are the players in a DevOps environment? These questions are being answered in many different ways from organization to organization but there seems to be a common theme emerging that everyone is at least thinking about DevOps.
That being said, I would say that only 5% of companies feel they have a true DevOps program in place and the other 95% are currently in a transition phase from a more structured Waterfall develops program.
The analogy I like to share is that DevOps programs are the equivalent to the social media culture that is here to stay, and to a point is actually expected by businesses and consumers. People no longer want to wait for new content, news feeds, product information or anything else for that matter. They want it NOW and feel that any delay in access to that information is unacceptable and frustrating. As a kid I use to wait for the newspaper to be delivered in the morning to see what happened in the world the day before and then watched the 6:00 pm news to see what happened during the day. Information came out in very structured blocks of scheduled delivery. Local news broadcasts and newspapers were the structured blocks of information. Things are much different in today’s social media driven culture. Sure newspapers and local news broadcasts still exist but the ridged structure of deliver is gone. Information is available 24X7 via websites, news feeds, pod casts, Facebook, tweets, snaps, and tons of other different delivery methods.
DevOps is the way that the software release process has transformed from a scheduled and structured delivery process to a social media type delivery model. No longer do organizations who develop applications wait for the equivalent of a morning newspaper or 6:00 pm local news broadcast. This is the old way to develop software in a waterfall or typical design, code, test release process.