Airbags vs. speed bumps: how to get DevOps to WANT security?
I always enjoy speaking with startups to learn about emerging trends and identify new threat vectors. While I always wear a security hat and DevOps shoes, I tend to take my security hat off in many cases to understand the pure DevOps point of view. In other words, my intent is to get DevOps to WANT security instead to NEED it.
In order to understand what DevOps want, it is important to align with the key trends they follow. For example, here are a couple of emerging trends branching from DevOps:
GitOps focuses on a system desired state management by code, which supports the continuity of everything as code, e.g. infrastructure, policy, authorization, etc. This is essentially the new change management process, which has been traditionally operated by IT and now shifted into the development hands.
AIOps has been categorized as an artificial intelligence solution for IT operations, but as more systems are owned by DevOps or engineering teams, it becomes a DevOps solution. The key idea is to run more lean teams (a.k.a. No-Ops) that can answer more questions in minimum time when needed, e.g. identify a downtime before it happens by aggregating data from multiple sources and identifying an abnormal behavior.
