What is DevSecOps? How is it different from DevOps, secure DevOps? This is the first question in most people’s minds, when they come with the term. DevSecOps is actually referring to three words and combining them together, it comes from Development (Dev) – Security (Sec) – Operations (Ops). Another slightly old term is secure DevOps, where from the traditional DevOps practice to add in the security dimension.
In one sentence, it refers to integrating security practices in the DevOps process. When the enterprise start practice DevOps (practically automation and seamless integration and delivery via the continuous integration (CI) and continuous delivery (CD), the more people make use of the CI/CD pipeline from the source code management (SCM) on the left, CI/CD on the right, market start to realize, the security testing can be integrating as part of the DevOps, which result in the faster, quality code that also security test and check.
DevSecOps is moving toward higher value stream management (VSM), at the same time related new practice is undergoing, such as DataOps – leveraging DevSecOps principles for secure data analysis; FinOps, DataOps – application of DevOps principles to specific types of projects and operations, MLOps – overlaps some with DataOps since it also requires the handling, maintenance, and security of datasets, but the focus is on machine learning workloads more xOps expect will be introduced as the principles is borrow into different subject matters.
The DevSecOps movement, most people is agreed, depend on your enterprise own context and scenario, some is implement entire CI/CD whole value chains, while others is attempt to implement or integrate what they have and invest in new area they needed, nevertherest, as the world more and more enterprise adopt agile framework, moving toward cloud native application development, micro services and container architecture, we may expect some extent of the DevSecOps or various of it xOps, to achieve faster speed of delivery, more robust quality testing and security testing result in quality software product, leverage automation in the backend result in a streamlined processes.
DevSecOps is a natural and necessary response to the effects of congestion of longer security models on modern continuous transmission pipelines in the past. The goal is to bridge the traditional gap between IT and security while ensuring fast, secure delivery of code. Silo’s thinking is replaced by increased communications and shared responsibility for safety tasks in all phases of the shipping process. For example, this could be the case when migrating to micro-services, building out a CI/CD pipeline, compliance automation or simply testing cloud infrastructure.
DevSecOps, may also due to the modern shift-left security testing, put security testing as early as possible, resulting in less production or costly security testing during the production stage. E-SPIN specialized and helped enterprise customers from the transition to DevSecOps (and value stream management VSM) for breakthrough business and productivity. Feel free to contact E-SPIN for various requirements, from process, system, tool, people education/training to managed services.
Related post that may interest you: