Let’s not kid ourselves—I am not sure there ever has been balance among Dev, Ops and security. But with the advent of DevOps, automation and the cloud, whatever balance there was between DevOps and security seems to have been lost. DevSecOps, or DevOps Security, has sought to restore the balance between DevOps and security. At the end of the day, though, it can appear as though they are still working at loggerheads. See the illustration below:
How do you bring balance to this equation? A new approach, perhaps? Puppet and CloudPassage have teamed up on a white paper that does a decent job of outlining the issues here and suggests some solutions. The diagram above is taken from that paper, as a matter of fact. The paper is titled, “A New Approach for Security DevOps Environments in the Cloud.” You can download it from our download library.
While there are no magic bullets for making Dev, Ops and security head down to the beach and sing “Kumbaya,” there are things you can do to make a real partnership here. That includes shifting security left and working with DevOps tools such as Puppet, Jenkins and others. But most important is making members of each team feel like they are all part of the same team. All the tools and APIs in the world don’t take the place of good culture and fostering a “we are all in it together” mentality. It’s all in this white paper, so download it—and, while you’re at it, check out the several other great DevSecOps assets available in our library.
Our download library is quite stocked with lots of useful content. If you are looking to learn about DevOps and related subjects, it is a great place to start.