Moving apps into production represents the most complex phase of app modernization
Enterprises face their most transformative challenge to date: implementing a DevSecOps methodology. However, technical, and cultural barriers continue to block the path to unify developer and IT ops teams.
A recent peak in high-profile cybersecurity threats (including Log4j) and increased use of unmanaged APIs vulnerable to exploits are pressing companies to solve this dilemma. As a result, the industry is beginning to prioritize the planning and implementation of a DevSecOps construct, and numerous industry offerings will begin to surface in the next 12 months.
DevSecOps is a movement toward collaboration between previously ordained silos of IT teams (i.e., security, operations, and app development) still stymied by clashing cultures, but increasingly supported through solutions enabled via application security, AI, automation, modern monitoring/observability, and service mesh. How enterprises establish best practices for achieving a DevSecOps stance remain up for debate. Much of the trouble stems from the fact that the silos of technology participants are based on very different cultures.
Charlotte Dunlap, Research Director at GlobalData, comments: “Despite enterprises’ gradual move in recent years toward new application architectures including microservices, containerization, and serverless computing, platform vendors have been slow to offer adequate operational provisioning tools to support viable DevOps and DevSecOps models. Moving apps into production represents the most complex phase of app modernization due to its potential for disrupting companies’ security, policies, and governance requirements.”
Dunlap continues, “DevSecOps has now become one of the most pivotal pieces of the app modernization discussion. Surging security threats are one of the consequences of advanced application architectures that support continuous delivery across distributed environments. This unfortunate fact, alongside the trend toward infrastructure as code for involving more developers into the security process, makes DevSecOps a key component of the broader DevOps software supply chain.”
Amy Larsen DeCarlo, Principal Analyst at GlobalData, comments: “Hackers are masterful at exploiting enterprise vulnerabilities and applications are one of their primary entry points to the IT estate. As organizations move forward in their digital transformation projects, they have both an opportunity and a challenge to integrate security into the application development process to ensure a more secure and stable overall environment.”
Larsen DeCarlo adds, “There is evidence that the potential benefits of better integration of security and operations into the earliest phases of application development lifecycle yield results beyond tighter application security and better overall performance. Effective DevSecOps implementations should produce more rapid and cost-effective software delivery. This alone is incentive enough for organizations to make DevSecOps an operational priority.”
Highly differing approaches to DevSecOps are beginning to unfold stemming from a range of participants including platform and cloud providers, app and API security and observability pure-plays, and traditional infrastructure giants.
Tags: CybersecurityDevSecOps