This post is from the XebiaLabs blog and has not been updated since the original publish date.
Why DevOps Management is Critical for Software Security
DevOps is not just a hot topic for Development and Operations teams: it brings huge benefits to everyone in the software delivery pipeline—including security. That’s because DevOps, and more specifically DevOps Management tools, helps to prevent security vulnerabilities in the delivery process by bringing order and efficiency to DevOps projects.As part of a product review of the XebiaLabs DevOps Platform recently published in CSO, writer John Breeden paints a picture of the tension that occurs between Dev and Security, as well as the risks to applications when the delivery process is not well managed:
Organizations that develop and deploy a lot of custom software have learned to deal with issues related to having many programmers touch those products along the way. Programmers have differing skillsets and competencies, people tend to make mistakes, and there is a constant struggle between the developers trying to make the programs work and the security teams who will need to ensure that they are safe once deployed. The result of all this chaos is that software development is often strung out over months or years, with developers sometimes having to start all over again if a supposedly completed program doesn’t do what it needs to, if it can’t deploy properly into the environment, or if some security flaw is discovered long after the program has been put into production. Further, those security holes are often only discovered after an attacker has exploited them, which can cause huge losses of both data and revenue.
4 Criteria for Improving the Security of Software DeliveryTo say you’re just going to “do DevOps” to fix this chaos and risk is too simplistic. According to Breeden, improving the security of your delivery process requires a DevOps management tool that can:
1. Help improve collaboration between Dev and the rest of IT
2. Support a smooth implementation of a DevOps initiative
3. “Perfectly” integrate a large number of tools
4. “Link into any of the environments and operating systems, both physical and cloud, where the programs will eventually reside”With this criteria in mind, he goes on say that the XebiaLabs DevOps Platform, which includes XL Release and XL Deploy, both of which Breeden tested, “somehow manages to do all that, within almost any environment, and for just about every platform.” To read John Breeden’s full review of XL Release and XL Deploy, see “How XebiaLabs brings order and efficiency to DevOps projects.”