You are on page 1of 12

E-Guide

SUCCESSFULLY
INTEGRATING
DEVOPS TEAMS
WITHIN YOUR
ORGANIZATION
SearchAWS
SUCCESSFULLY INTEGRATING DEVOPS TEAMS WITHIN YOUR ORGANIZATION

Home

Resistance is futile
when building
DevOps teams

F
Failing to integrate
security with
DevOps? Do so at
your own peril

ew businesses are jumping into DevOps


with both feet, despite the substantial
benefit potential. The process of building
a DevOps team structure starts with a
much-needed conversation. This e-guide provides expert recom-
mendations for those looking to build a proactive DevOps team
within their organization.

PA G E 2 O F 1 2 SPONSORED BY
SUCCESSFULLY INTEGRATING DEVOPS TEAMS WITHIN YOUR ORGANIZATION

RESISTANCE IS FUTILE WHEN BUILDING DEVOPS TEAMS

It goes without saying that established companies saddled with legacy technol-
Home
ogy and operational behavioral patterns are slow to change -- if they change
Resistance is futile at all. In time, though, the competitive ones that wish to survive become less
when building
DevOps teams resistant to ideas they once rejected, such as placing certain workloads in the
public cloud.
Failing to integrate
security with Another shift on the horizon is the collapsing divide between developers
DevOps? Do so at
your own peril and IT pros. By now, the term DevOps has reached mainstream, though the
practice has not. Building, validating and deploying applications with lightning
speed by uniting developers and IT pros brings about faster results and creates
value to customers. And yet, plenty of IT pros resist. And staff reorgs are dif-
ficult because not all teams will jibe, IT teams said.
At the AWS Summit in New York earlier this month, I ran into several AWS
architects who dont develop. Another team deals with development, they said.
Agile IT is all about speed, said Tim Prendergast, founder and CEO at Evi-
dent.io who also led DevOps teams at Adobe and Ticketmaster. Traditional IT
projects run longer. An Oracle database might see an upgrade every 24 months.

PA G E 3 O F 1 2 SPONSORED BY
SUCCESSFULLY INTEGRATING DEVOPS TEAMS WITHIN YOUR ORGANIZATION

In a DevOps shop, you might move Oracle to MySQL to Postgres or MongoDB


-- all within six months.
DevOps is like any grassroots effort. It starts with one person, but grows
virally because there is value. You dont start DevOps teams by suggesting that
Home
they commence. Companies need to have internal meet-ups or create a group
Resistance is futile mailing list of like-minded IT pros, Prendergast recommended. Hold a hack-
when building
DevOps teams a-thon to demonstrate how continuous integration can be applied to putting
an application in the cloud. Look for partners and allies along the way. Learn
Failing to integrate
security with from their success.
DevOps? Do so at
your own peril And pick a project to show off DevOps benefits. Sharing knowledge across
internal groups will bring an uptick in people practicing this pattern. What
follows is a dramatic drop in development time and delivery cycles. If compa-
nies looked at these high-velocity models for infrastructure and application
development as competitive advantages, theyd take them more seriously than
if viewed as something to do because its cool.
In addition to a new mindset, companies need new tools. For example,
tools that IT pros use today werent built for an infrastructure that changes
so rapidly. A network-based scanner might take hours to run across all of your
devices. A VM in the cloud may not even live for an hour.

PA G E 4 O F 1 2 SPONSORED BY
SUCCESSFULLY INTEGRATING DEVOPS TEAMS WITHIN YOUR ORGANIZATION

Todays security tools were built to protect a perimeter around a data center
-- not to protect things like AWS Simple Storage Service or Relational Database
Service, Prendergast said.
Its not easy to break down the walls between established IT teams. But
Home
DevOps teams with all domains of knowledge can make intelligent assertions
Resistance is futile as to why a problem might exist. An accelerated app/dev and deployment cycle
when building
DevOps teams delivers faster value to customers. And really, what choice do you have? If your
competition is a startup that uses this model and is reaching your customers
Failing to integrate
security with that much faster, your business is exposed to disruption.
DevOps? Do so at
your own peril

PA G E 5 O F 1 2 SPONSORED BY
SUCCESSFULLY INTEGRATING DEVOPS TEAMS WITHIN YOUR ORGANIZATION

FAILING TO INTEGRATE SECURITY WITH DEVOPS? DO SO


AT YOUR OWN PERIL
Home
The aftermath of the Sony hacks has lead major enterprises to realize that it
Resistance is futile is no longer feasible to only think of security as an afterthought. The move-
when building
DevOps teams ments of government into the malware space has created a massive problem
that every developer now needs to wrap their arms around, particularly in the
Failing to integrate
security with cloud space, given the larger, potential attack surface, this space enjoys, said
DevOps? Do so at
your own peril Rob Enderle, an independent technology analyst with the Enderle Group.
Developers have to accept that every cloud offering is vulnerable to attacks
at this level, and increase the focus on rapid identification of unauthorized
access and any unexpected behavior surrounding their efforts. Rapid and
elegant failover that uses secure backup services has become an increasing
requirement. In addition, much tighter integration with security information
and event management (SIEM) types of security services, and centralized au-
tomated patch delivery services becomes a far higher priority than it has been
in the past.
It is important for organizations to consider application security across the

PA G E 6 O F 1 2 SPONSORED BY
SUCCESSFULLY INTEGRATING DEVOPS TEAMS WITHIN YOUR ORGANIZATION

full software development lifecycle with the transition to DevOps practices.


Business pressures are driving organizations to release new features at a faster
pace. But every new feature comes with the potential for adding an additional
attack surface.
Home

Resistance is futile KEEPING UP WITH DIFFERENT RATES OF CHANGE


when building
DevOps teams The most visible and painful challenges are related to introducing a high
rate-of-change of infrastructure and application code into environments that
Failing to integrate
security with are traditionally prepared for quarterly or annual security review and audit-
DevOps? Do so at
your own peril ing, said Tim Prendergast, CEO of Evident.io, a continuous cloud security
technology for Amazon Web Services (AWS). This creates a massive disparity
between the possibility of a vulnerability or security risk being introduced to
the environment, and the ability of an organization to detect and respond to
such threats.
It can become especially dangerous when security and DevOps teams in-
side the organization are adversarial rather than collaborative. Additionally,
many DevOps teams are staffed more vigorously than security teams, which
create an overwhelming amount of scale and growth in infrastructure that
security professionals just dont have the budget, tooling, or staffing to keep up

PA G E 7 O F 1 2 SPONSORED BY
SUCCESSFULLY INTEGRATING DEVOPS TEAMS WITHIN YOUR ORGANIZATION

with.
Environmentally, the cloud service providers have already delivered the
tooling and capabilities to help integrate this new set of telemetry into DevOps
tools. The challenge is really finding security technologies that can take advan-
Home
tage of the new capabilities and data available in these dynamic environments,
Resistance is futile and present such data to the professionals in an actionable and meaningful
when building
DevOps teams manner.

Failing to integrate
security with INTEGRATE SECURITY INTO CORPORATE CULTURE
DevOps? Do so at
your own peril One good practice for keeping with the velocity of new threats lies in embed-
ding security and DevOps together. Prendergast noted, Security and DevOps
can be so powerful when aligned, yet so detrimental to the success of an orga-
nization when kept apart.
It is important to include the right security stakeholders and decision mak-
ers in the design, architecture, and prototype phase discussions of a new proj-
ect. This gives an opportunity for feedback to be received immediately as key
decisions are made, and prevents redesigns later in the process due to security
objections or requirements that were previously unconsidered.
It is also a good idea to encourage the integration of operational staff in the

PA G E 8 O F 1 2 SPONSORED BY
SUCCESSFULLY INTEGRATING DEVOPS TEAMS WITHIN YOUR ORGANIZATION

early discussions. Sophisticated monitoring, alerting, and resiliency practices


go a long way towards making a project materialize from drawing board vision
to real-world infrastructure. This data can be used to drive the DevOps cycle
even faster, ultimately resulting in better customer engagement and more suc-
Home
cessful projects.
Resistance is futile Another good practice is to take time to clearly define the goals and expec-
when building
DevOps teams tations of the project. Knowing how the project will be used by all parties is
critical to putting the right security frameworks in place. Important questions
Failing to integrate
security with to ask at the beginning include:
DevOps? Do so at
your own peril
Will
 this be a PCI compliant environment in the next 1 or 2 years?
Will we expose this to consumers, just our internal staff, or to other busi-
nesses or partners?
What is the sensitivity of the data in this application and the legal rami-
fications of loss, theft, or misuse?

BUDGETING FOR MISHAPS


It is tempting for organizations to invest far more money in rolling out new fea-
tures rather than addressing security vulnerabilities. But the sheer magnitude

PA G E 9 O F 1 2 SPONSORED BY
SUCCESSFULLY INTEGRATING DEVOPS TEAMS WITHIN YOUR ORGANIZATION

of the Sony hacks which brought the entertainment giant to its knees should
be considered in budget negotiations for implementing a secure software de-
velopment lifecycle. Sony budgeted $15 million to address investigation and
remediation costs, and independent analysts estimate the total business cost
Home
could be several times higher.
Resistance is futile Investing in dynamic and static code analysis tools like Veracode can go
when building
DevOps teams a long way towards protecting your organization from coding errors, misused
or unprotected functions, and other dangerous practices, said Prendergast.
Failing to integrate
security with This builds a strong linguistic expertise internally as the team learns to adapt
DevOps? Do so at
your own peril their programming technique to accommodate necessary security behaviors
to protect the business, data, and users.
The lack of focus on building a security conscious development culture can
be discouraging. There are so few coordinated industry efforts happening right
now that it can be disconcerting to security professionals when faced with this
evolution in role and function, noted Prendergast.
The Cloud Security Alliance is one notable exception that is trying to really
improve the industry through practice. It is actively engaging in discussions to
bring together DevOps solutions, security innovators, and Cloud Service Pro-
viders in an effort to improve the security of all customers migrating to cloud

PA G E 1 0 O F 1 2 SPONSORED BY
SUCCESSFULLY INTEGRATING DEVOPS TEAMS WITHIN YOUR ORGANIZATION

environments. Prendergast said, The act of engaging in open discussion about


innovation and challenges in this space has done more good than many years
of other efforts.

Home

Resistance is futile
when building
DevOps teams

Failing to integrate
security with
DevOps? Do so at
your own peril

PA G E 1 1 O F 1 2 SPONSORED BY
SUCCESSFULLY INTEGRATING DEVOPS TEAMS WITHIN YOUR ORGANIZATION

FREE RESOURCES FOR TECHNOLOGY PROFESSIONALS


TechTarget publishes targeted technology media that address
your need for information and resources for researching prod-
ucts, developing strategy and making cost-effective purchase
decisions. Our network of technology-specific Web sites gives
Home
you access to industry experts, independent content and analy-
Resistance is futile sis and the Webs largest library of vendor-provided white pa-
when building pers, webcasts, podcasts, videos, virtual trade shows, research
DevOps teams
reports and more drawing on the rich R&D resources of technology providers to address
Failing to integrate market trends, challenges and solutions. Our live events and virtual seminars give you ac-
security with cess to vendor neutral, expert commentary and advice on the issues and challenges you
DevOps? Do so at
your own peril face daily. Our social community IT Knowledge Exchange allows you to share real world
information in real time with peers and experts.

WHAT MAKES TECHTARGET UNIQUE?


TechTarget is squarely focused on the enterprise IT space. Our team of editors and net-
work of industry experts provide the richest, most relevant content to IT professionals and
management. We leverage the immediacy of the Web, the networking and face-to-face op-
portunities of events and virtual events, and the ability to interact with peersall to create
compelling and actionable information for enterprise IT professionals across all industries
and markets.

PA G E 1 2 O F 1 2 SPONSORED BY

You might also like