DevOps To DevSecOps: The Transition Pathway

  

 

DevOps To DevSecOps: The Transition Pathway


Krishna Jadhav



DevOps to DevSecOps: The transition pathway

As a DevOps and Agile coach Krishna Jadhav revolutionized Enterprises, DevOps have revolutionised the world of software development. The fusion has primarily made quick and efficient software releases of the operations and development teams (Dev/Ops). Organisations must adopt a DevOps culture that incorporates security due to the ongoing growth of the threat landscape for application security (Akbar et al., 2022). As a result, DevSecOps has evolved to enhance DevOps' capabilities and enable organisations to produce secure software more quickly.

Figure 1: Building components of a software company

(Source: Pendyala, 2020)

Agile development approaches DevOps and DevSecOps have many similarities. Both of these strategies share several features in common, such as depending on a collaborative culture to achieve development goals like rapid iteration and deployment, utilising automation throughout the application creation process, and actively tracking and analysing data to drive changes (Figure 1). DevSecOps and DevOps, on the other hand, are distinguished by their focus. DevOps is concerned with the integration of development and operations teams.


 Figure 2: DevOps Model 6 phases

(Source: Battina, 2021)

DevSecOps highlights the need to incorporate security throughout the whole DevOps workflow, beginning with the design, coding, and deployment stages. DevSecOps incorporates securitytesting early across the development and operations pipeline instead of the conventional approach of retrofitting security into the build (Morales et al., 2020). Security is made a component of everyone's work via DevSecOps. DevOps and security teams frequently conflict in many enterprises (Figure 2). This uneasy connection frequently results in delayed rehabilitation and, in the worst cases, inferior and insecure apps.


Figure 3: DevSecOps environment

(Source: Schilling, 2022)

The development environment may be made more secure by using automated application security testing technologies, which can aid in detecting and correcting problems earliest possible problems (Haque, Bhushan and Bhushan, 2022). Many team members may have difficulty embracing the radical shift that alters the usual method of doing things (Figure 3). Furthermore, it may increase opposition because security was treated as an afterthought in the DevOps approach.



Figure 4: Continuous pipelines architecture

(Source: Strazdina, 2022)

Conclusion

Throughout the development and deployment process, as per Krishna Jadhav the two teams work together to execute common objectives that dramatically improve delivery speed. It can be concluded that, security is sometimes the first victim as DevOps teams seek to boost deployment frequency. Because the shift to DevSecOps will affect everyone, all teams must participate in the process (Figure 4). Developers may easily manage security throughout development without slowing or disrupting their processes when firms invest in security testing technologies that integrate smoothly into developer environments.

 To know about Utility of Web 3.0 in 2022 and upcoming technology trends, give our next article a read.


 

Reference List

Akbar, M. A., Smolander, K., Mahmood, S., and Alsanad, A. (2022). Toward successful DevSecOps in software development organizations: A decision-making framework. Information and Software Technology147, 106894. https://www.sciencedirect.com/science/article/pii/S0950584922000568

Battina, D. S. (2021). The Challenges and Mitigation Strategies of Using DevOps during Software Development. International Journal of Creative Research Thoughts (IJCRT), ISSN, 2320-2882. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4004335

Haque, A. B., Bhushan, B., and Dhiman, G. (2022). Conceptualizing smart city applications: Requirements, architecture, security issues, and emerging trends. Expert Systems39(5), e12753. https://onlinelibrary.wiley.com/doi/abs/10.1111/exsy.12753

Morales, J. A., Scanlon, T. P., Volkmann, A., Yankel, J., and Yasar, H. (2020, August). Security impacts of sub-optimal devsecops implementations in a highly regulated environment. In Proceedings of the 15th International Conference on Availability, Reliability and Security (pp. 1-8). https://dl.acm.org/doi/abs/10.1145/3407023.3409186

Pendyala, V. (2020). Evolution of integration, build, test, and release engineering into devops and to DevSecOps. In Tools and Techniques for Software Development in Large Organizations: Emerging Research and Opportunities (pp. 1-20). IGI Global. https://www.igi-global.com/chapter/evolution-of-integration-build-test-and-release-engineering-into-devops-and-to-devsecops/247537

Schilling, W. (2022, August). WIP: Integrating Modern Development Practices into a Software Engineering Curriculum. In 2022 ASEE Annual Conference & Exposition. https://peer.asee.org/wip-integrating-modern-development-practices-into-a-software-engineering-curriculum

Strazdina, V. (2022). A hybrid automated framework for testing cloud-native and virtual core network applications. https://aaltodoc.aalto.fi/handle/123456789/116352

 


Comments

Post a Comment

Popular posts from this blog

Hyperscalers and Cloud Computing services

Image
      Investigating different hyperscalers’ cloud computing services   Krishna Jadhav Investigating different hyperscalers’ cloud computing services Overview In the following article Krishna Jadhav overviewed an example of Great Britain, home to “ hyperscalers ” Alphabet’s Google, Amazon, and Microsoft, opened an investigation on cloud services competitors, with the industry’s current revenue totalling 81% (Reuters, 2022). The key technologies underpinning the growing digital economy are advanced robotics, artificial intelligence, the Internet of Things (IoT), cloud computing, big data analytics, and three‑dimensional (3D) printing. The UK’s tech VC investment sector holds the 3 rd global position, following US and China, with a record-high hit of $21bn during the covid-19 situational issues in 2020 (Wysokińska, 2021). Communications regulator Ofcom also said on 22 nd September it would examine other digital markets over the next year, including mes...
Read more

Security Centre and Multi-Cloud Architecture

Image
      Security Centre and Multi-Cloud Architecture Krishna Jadhav Security Centre and Multi-Cloud Architecture In Hyper scalers world Krishna Jadhav build successful multi-cloud solutions using VMware vSphere, AWS, Azure, and GCP. One of Azure's built-in services is Azure Security Centre. In other words, there is nothing to install or set up. Security Centre may be accessible directly from the Azure interface by activating it. When you deploy workloads on Azure, such as virtual machines, databases, storage accounts, networking components, and other Azure services, it begins to monitor those workloads (Brett , 2021 ). Figure 1: Overview of the Azure portal's Security Center blade (Source: Mulder, 2020) By turning on this setting, Microsoft will retrieve a daily list of security and critical updates available for Windows and Linux-based computers (Figure 1). These are the initial setup settings for Security Centre (Capizzi, Distefano and Mazzara, 2019)...
Read more

Metaverse Challenges & Awareness

Image
    Metaverse Challenges & Awareness   Krishna Jadhav Metaverse challenges: Issues you need to be aware of In the Metaverse world, Krishna Jadhav suggests with the virtual reality there are much more significant awareness required challenges it brings to the security aspects. Identity and reputation Regarding the actual world, the issue of personal identity and representation is relatively simple. However, one can ponder what constitutes an individual's identity while discussing virtual worlds or the Metaverse (Chen and Cheng, 2022). And maybe, most significantly, how to demonstrate your identity if a human impersonator or even a machine tries to imitate you. Here, reputation may be crucial for authentication and serve as evidence of the reliability and legitimacy of the entity one deals with (Figure 1). Figure 1: Metaverse taxonomy (Source: Park and Kim, 2022) Information security     Data privacy and security have always been a...
Read more