Agile software development is the true differentiator in the age of digital transformation, and organisations are increasingly adopting DevOps to ensure their software meets the standard. With the DevOps market accelerating into a higher gear, no-one is better placed to help partners on their DevOps journey than Westcon, says Geert Busse, Westcon NGS Business Development Lead.
DevOps is the combination of practices and tools that increases an organisation’s ability to deliver applications and services at speed – evolving and improving products faster than using traditional software development and infrastructure management processes. This speed enables organisations to better serve their customers and compete more effectively.
With DevOps, development and operations are no longer ‘siloed’ as engineers and developers work across the entire application lifecycle, from development and test to deployment to operations. With DevSecOps, security is also tightly integrated with development and operations throughout the application lifecycle.
An accelerating opportunity
According to IDC, the worldwide DevOps software tools market stood at $5.2 billion in 2018. By 2023, market growth is expected to skyrocket to $15 billion, driven by businesses realising that they need software development and automation to maintain a competitive advantage over their competitors and would-be disruptors.
DevOps makes the entire software lifecycle faster and helps to make business operations more efficient, accelerating the time it takes to provide services and applications to customers.
To help partners navigate this opportunity, DevOps security is one of the strategic pillars in our Next Generation Solutions go-to-market strategy. Designed to provide the knowledge, expertise and capabilities channel partners need to unlock DevOps opportunities within their customer base with unique technology partnerships, solutions, skills and services.
A new approach
Due to the dynamics and agility of the DevOps methodology, this requires a new approach to security. Out of band security testing and auditing, and manual change management processes of security controls delay the continuous deployment phase of applications. The way forward? Integrate and automate security within the pipeline.
Related to that, a concept that is now fundamental in DevOps security is ‘shift left’, whereby security is integrated and included as early as possible in the software development lifecycle (SDLC). The reasoning behind this is that fixing security flaws during application development is easier and less expensive than correcting them afterwards. It also avoids unforeseen delays that could impact the delivery deadline.
Security and DevOps need to work closely together, and security staff should help developers to identify security risks and facilitate the resolution. Security has to become a shared responsibility between developers and security, and security awareness needs to be part of the culture.
Additionally, due to the shortage of skilled security professionals in the market, the number of developers versus security staff is often out of balance, so engaging developers in the security process is key for success.
Adding complexity, DevOps has different subdomains such as GitOps, which uses the Git version control system to deliver Kubernetes-based infrastructure and applications. This also comes with its own security particularities depending on how you deploy it.
Vendor pivot to DevOps
The security vendors in our NGS portfolio have modified their technologies or launched new solutions to integrate into this DevOps cycle. This means adding a significant piece of automation and/or by extending their infrastructure-focused security offer to include security controls in all the phases of the DevOps lifecycle. This includes:
- Automated detection of software vulnerabilities during code building
- Scanning software images in registries for vulnerabilities, malicious code and compliance
- Including security as code in the pipeline as a compensating control for vulnerabilities that have been missed during code building
- Real-time protection of container and cloud environments where these images are running (which will include protection of the host, network segmentation, traffic analysis, API protection, virtual patching and monitoring as part of an incident response process)
Your DevOps channel partner
A successful DevSecOps strategy starts with integrating security into the DevOps cycle, with security teams positioned as enablers and facilitators in the DevOps way of working. The unique combination of our Next Generation Solutions go-to-market, technical services and training partnership with the DevOps Institute means no other value-added distributor is as focused on enabling this opportunity and driving value than Westcon.