If you thought that DevOps was a job title, group, or team within an organization, you’re wrong. Yes, it does involve people, but process is a key component.
Intended to be a cross-functional mode of working, DevOps emphasizes communication and collaboration between departments that include product management, software development, and operations. By making application security part of the development process, it not only results in more secure software customers, but benefits organizations from a timing and cost standpoint.
Many organizations are still wrapping their heads around the DevOps concept, but according to one subject matter expert, the C-Suite is starting to come around.
“At the C-Suite level, buy in for DevOps is really a need, not want,” says Pete Chestna, director of developer engagement at Veracode. “They see disruptors coming into the market - especially in the financial verticals - and starting to eat their lunch, and they can’t ship software fast enough to react to their customers. So they’re looking to DevOps to really save them in this and provide them with a great opportunity across the board to rethink how software gets made, and what level of accountability to have from a certain aspect, especially inside of DevOps.”
Knowledge in DevOps in the C-suite is varied. Some CIOs may be very knowledgable, while CEOs are just starting to question it. As recently as the last 12 months, Chestna’s seeing a shift at security events that offer up DevOps tracks because audiences want to learn more about DevOps and what it means to them.
“DevOps is really about changing how an entire company works,” Chestna says. “It needs to be known inside of the C-suite across the board.”
In this video interview with InfoSec Insider, Chestna discusses the growing importance of DevOps within the enterprise, the initial steps organizations should be taking to implement a DevOps approach, and most importantly, how to get buy-in from key stakeholders.
To learn more about emerging threats and receive first-hand actionable tips that will help you bolster your organization's security posture, visit our Threat Intelligence Summit in Austin, Texas this November, or join us for InfoSec World in Orlando, Florida in March!