DevOps: Communication falling short between security and developers
Despite the benefits of adopting a DevOps culture within an organisation, a majority of IT leaders believe communications between IT security and software development must be improved.
That's according to a new survey from cybersecurity soltions firm Trend Micro, which revealed that while more than two-thirds (69%) of respondents claimed such initiatives had become more important over the past year, an even higher percentage argued that communication within the IT department needed to improve.
Some 73% said software development and IT security teams needed to be in closer contact, while 61% said the same for developers, security and operations, the report found. A third (34%) claimed that these siloes are making it harder to create a DevOps culture in the organisation.
“History of software development shows that the biggest and best process improvements never happen quickly due to the most valuable variable, people, who have existing behavioural patterns and cultural components,” explains Mick McCluney, technical director, Trend Micro A/NZ.
“Organisations implementing a DevOps structure are going in a strong direction, but security cannot be forgotten during this transition," he says.
Australian respondents indicated the best ways to drive this cultural change include: fostering greater integration between teams (53%); setting common goals (61%); and sharing learning experiences across teams (61%). Yet over 74% of IT decision makers said improvement is needed in these areas.
Only just over a third (36%) of respondents said DevOps is a shared responsibility between software development and IT operations, which is another indication of the current communication breakdown between teams, McCluney says.
It appears that each department feels responsibility or ownership to lead these projects.
"Part of the challenge is believed to be — despite enthusiasm for DevOps, which has seen 87% of organisations already implement or currently work on projects — over a third of respondents (36%) have only partially developed their DevOps strategy," McCluney explains.
"IT leaders polled confirmed that enhancing IT security is more of a priority (41%) in DevOps than any other factor."
Despite being a priority, over four in ten (43%) respondents agree that IT Security slows downs the DevOps progress in their organisation, which could be as a result of internal processes and procedures.
"Considering the security risks that can occur in implementing DevOps, it is essential that IT security not only encourage the initiatives, but do not hinder the process – getting their buy-in is critical," McCluney says.
“Regardless of where an organisation is in their journey, there are new tools that bake security into the development process while automating rapid deployment of security at the same time as reducing risk and ensuring compliance," he explains.