Virtualization Technology News and Information
Checkmarx 2018 Predictions: DevOps is Here to Stay

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Matt Rose, Global Director Application Security Strategy at Checkmarx

DevOps is Here to Stay

One of the biggest areas for application security in 2018 is how it fits within a true DevOps environment. In my discussions with some of the largest organizations in the world there seems to be one common theme, and that is the movement to a true DevOps program. DevOps is a hot topic that pretty much every major enterprise is discussing or looking to implement. But what is DevOps and how does it help an organization develop and deliver better applications faster?  What are the core disciplines of DevOps?  Who are the players in a DevOps environment? These questions are being answered in many different ways from organization to organization but there seems to be a common theme emerging that everyone is at least thinking about DevOps. 

That being said, I would say that only 5% of companies feel they have a true DevOps program in place and the other 95% are currently in a transition phase from a more structured Waterfall develops program. 

The analogy I like to share is that DevOps programs are the equivalent to the social media culture that is here to stay, and to a point is actually expected by businesses and consumers. People no longer want to wait for new content, news feeds, product information or anything else for that matter. They want it NOW and feel that any delay in access to that information is unacceptable and frustrating.  As a kid I use to wait for the newspaper to be delivered in the morning to see what happened in the world the day before and then watched the 6:00 pm news to see what happened during the day. Information came out in very structured blocks of scheduled delivery. Local news broadcasts and newspapers were the structured blocks of information. Things are much different in today's social media driven culture. Sure newspapers and local news broadcasts still exist but the ridged structure of deliver is gone.  Information is available 24X7 via websites, news feeds, pod casts, Facebook, tweets, snaps, and tons of other different delivery methods.

DevOps is the way that the software release process has transformed from a scheduled and structured delivery process to a social media type delivery model.  No longer do organizations who develop applications wait for the equivalent of a morning newspaper or 6:00 pm local news broadcast. This is the old way to develop software in a waterfall or typical design, code, test release process.

The problem however with this delivery, is how does security fit into a development, CI, and CD process? Most companies are defining their DevOps program to be efficient and responsive to change but are forgetting how security will fit in. The most security aware companies are thinking of ways that application security testing can be implemented at every stage of the DevOps process and that is primarily through automation and integration into the DevOps stack. Static Analysis, Dynamic Analysis, and newer technologies such as IAST and RASP should all play a part in the DevOps program but in a way that does not delay the program.

The lines can be blurred because waiting a significant amount of time for the next website update or product release does not map to how people want the applications they depend on for day to day activities to work. DevOps allows for organizations to be quick and responsive to the end customers' needs or desires in the same way they rely on news feeds, Facebook, tweets, and snaps.  If an organization does not stay up with the current trends customers will find another platform that is up to speed with the current expectations of the customers.  Agile software development, Continuous Integration (CI), and Continuous Delivery (CD) allow organizations to automate the SDLC process into small, and frequent, updates that allow their applications to meet the expectations of their end users.

I think in 2018 we will continue to hear more about this movement and see more and more companies implementing the DevOps and DevSecOps processes.


About the Author

Matt Rose 

Matt Rose, Director Application Security Strategy, Checkmarx. Matt has over 18 years of software development, sales engineering management and consulting experience. During this time, Matt has helped some of the largest organizations in the world in a variety of industries, regions, and technical environments implement secure software development life cycles utilizing static analysis. Matt's extensive background in application security, object-oriented programming, multi-tier architecture design/implementation, and internet/intranet development has been key to many speaking engagements for organizations like OWASP, ISSA, and ISACA
Published Monday, October 23, 2017 7:28 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2017>