DevSecOps – Breakthrough? Or Buzzword?

In the beginning, the tech gurus created DevOps, and saw that it was good.

Next, buzzword nation went off and started creating ThisOps and ThatOps, and here at Fishtech Group, we saw that it wasn’t good.

One of the “Ops” iterations making its way onto the market and into the industry consciousness over the last few years is DevSecOps, which is essentially adding “security” into the previous combination of Development and IT Operations (“DevOps”).

You may have noticed that this is the first time we have mentioned anything about DevSecOps on our website. You may also be asking, “wait, aren’t you a cybersecurity solutions company? Shouldn’t security be a core focus of your offerings?” Of course!

So, why aren’t we providing “DevSecOps” alongside our DevOps offerings? Let’s clear a few things up.

Security in DevOps is a Byproduct of Quality

We talked a little bit in our previous “What is DevOps?” blog post about the pitfalls of buzzwords surrounding DevOps, and DevSecOps is a prime example.

While we don’t disagree with the primary principles of so-called DevSecOps, we think it unnecessary to make a new distinction and are wary of offerings of “DevSecOps” as if it’s a new and shiny thing you should divert your resources to.

With the invention of DevSecOps, it sounds like security is just now in consideration for DevOps principles and processes, but we beg to differ.

Security in DevOps is inherent.

Security in DevOps is implicit.

Without security, DevOps isn’t DevOps.

Security in DevOps is a byproduct of quality. If DevOps practices are implemented correctly, security will be there. But don’t just take it from us…

The Phoenix Project (The Experts Have Spoken)

Our team has been passing around a copy of The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win, which was written by some of the progenitors of the DevOps movement, and they mention the inclusion of information security within the DevOps structure, without referring to such an organization as DevSecOps.

In fact, one of the primary writers, Gene Kim, was the CTO of a cybersecurity company for years before writing The Phoenix Project. If there was no distinction made by an originator of DevOps, who has extensive history in cybersecurity, we don’t think there needs to be one either.

We’ve done our own market research to look into what the unique aspects of “DevSecOps” really are. To be honest, they sound kind of familiar…

Automation Through CI/CD Pipelines

Time and time again, source after source brought up automation through CI/CD pipelines as a core tenant of DevSecOps saying that DevSecOps automates security within the DevOps workflow. In our experience this is already a key part of the DevOps philosophy.

As we’ve mentioned, DevOps practices focus on busting silos and automating process from all applicable teams, including IT Operations, Development, Security, and more.

That’s just what DevOps is.

The Focus Should Already Be On Security

Furthermore, these sources mention that “real DevSecOps” needs to place an emphasis on empowering teams to improve security practices for quick review and approval processes that leave an audit trail and meet compliance requirements. We agree!

But, again, this is something that we believe is already covered in DevOps practices and principles.

Let us again clarify that we find nothing wrong with the ideas behind DevSecOps. Security is supremely important. Our belief is simply that putting a new name on established practices to spin up new business isn’t the right approach.

In Conclusion

Rest assured! While you may not see “DevSecOps” in our offerings, security is still a top priority as we guide organizations through total digital transformation utilizing a DevOps perspective.

DevOps may go by many names, but true DevOps bakes security into every process, principle, and toolset.

It’s time to embrace the DevOps revolution and see the speed-to-value ramp up in your organization. Let silos be a thing of the past and learn how to continuously and reliably deliver value to your customers faster.

DevOps truly provides the purest form of Digital Transformation.

CNAP

Cloud Native Anayltics Platform

GSOC

Global Security Operations Center

EMDR

Enterprise Managed Detection & Response

RTaaS

Red Team-as-Service

SIRT

Security Incident Response Team

CLOUD

Cloud Security

ITDR

Insider Threat Detection & Response

Overview

Our Unique Approach

IAM

Identity & Access Management

CRC

Cyber Risk & Compliance

EA

Enterprise Architecture

STAFF

Strategic Staffing

LAB

Technology Lab

Cyderes: The New Powerhouse in Managed Cybersecurity

Actionable Security Operations Tools for Educational Institutions

Google Cloud Security Talks – Fireside Chat Replay

CYDERES’s First Code-a-Thon: Collaboration and Competition