You’re probably reading this because you’ve never heard of the cryptic term DevSecOps, or you’ve heard of it but don't know what it means. Don’t worry, it’s not as complex as you may believe, and we’re here to help you grasp the concept. The term refers to “Development-Security-Operations”, a philosophy aimed at automating the software development cycle while integrating security throughout the process.
This blog is based on the YouTube video and our course Understanding DevSecOps. You can watch the whole CyberSec chat here:
In this blog, we will learn you the following:
Previously, software engineering teams were structured similarly to Henry Ford's standardisation technique in the production line. Each employee specialised in one task and passed the project down to the next specialist repeatedly, every day. This "Waterfall Delivery Process" formed an efficient means of churning software but came with drawbacks. The process was rigid, inflexible to change, incredibly late in the delivery cycle, and crippled innovation.
Today, teams are no longer built around projects. Instead, teams are built around products and last the duration of the product life cycle, from idea to sunset. This is where the concept of DevOps comes in. DevOps is more than just a change in practice; it's a shift in an organisation's philosophy. It requires change within team structures, software development, and funding. DevOps strives to deliver exceptional customer value with the product rather than focusing on project delivery.
DevOps emphasises establishing a culture where learning and constant experimentation are encouraged. Knowledge and innovation are born from ongoing experiments and establishing a sense of mastery through repetition and practice. The entire team should understand and be able to define the system's state and introduce variations that disrupt the system's state. We can establish whether the variations lead to desirable states through these disruptions. This continuous process of trial and error provides a thorough understanding of the system and breeds innovation.
DevOps describes seven principles that form the foundation of delivering value to customers:
The principles collectively form the backbone of a strong DevOps culture within an organization. They act as a framework for applying security practices.
DevSecOps ensures that security is embedded in the seven principles of DevOps by building products while maintaining the confidentiality, integrity, and availability of data. Following these guidelines leads to many benefits, such as allowing for easy and local security implementation, improving security architecture, facilitating collaboration between security and development teams, and removing the blame for security incidents.
Implementing DevSecOps is an iterative approach to solving the problem and allows DevSecOps culture to develop over time. We must use an approach made up of these three layers:
We apply each layer, piece by piece until it's a solid foundation on which a DevSecOps culture thrives.
This blog briefly overviews what DevSecOps is and how to implement it. To learn more, check out our course, Understanding DevSecOps. In this course, we dive into the theory behind DevSecOps and put your team's knowledge into action with a hands-on lab.
"DevOps is more than a change in practice: it's a shift in an organisation's philosophy."