How Agile evolved, and is DevSecOps the next step?

The precise meaning of the term and scope of DevOps remains a source of debate, but at a high level DevOps is the integration of the development process with operational activities, hence the name DevOps. Instead of IT operations and software development teams being siloed off from each other, DevOps breaks down the traditional boundaries that existed between them in order to achieve continuous integration and continuous delivery (CI/CD) of quality software features.

 

Just as with Agile, building the correct DevOps culture within your organization is absolutely critical, however Agile and DevOps are not mutually exclusive. While Agile and DevOps share common goals, they have not always agreed on how to achieve those goals. DevOps differs in many respects from Agile, but, at its best, DevOps applies Agile methodologies, along with lean manufacturing principles, to speed up software deployment.

 

One area of particular tension between Agile and DevOps is that the latter relies heavily on tools; in particular, when it comes to the automation of testing and deployment processes. But DevOps can overcome the resistance of Agile developers to tool usage simply by applying Agile principles themselves.

 

The challenge is to have the Agile development teams trust in the automation efforts of DevOps, while at the same time encouraging the DevOps team to consider the business goals of deployment rather than pursuing speed of deployment for its own sake. With constant communication between the Agile team and DevOps team (another Agile principle), development can achieve a degree of comfort with DevOps tasks and processes. This means that testing and deployment automation can proceed quickly often with little to no handover at the end of a project, resulting in a decreased time to market.

The Next Evolution: DevSecOps
As businesses continue to integrate and expand to cloud-based services, security issues become more and more complex. One area in which Agile is lacking is with integrating security into the heart of the development process. Unfortunately in many Agile environments, application security is often something that is only looked at after development is completed rather than being a core part of the process. Enter the next iteration of DevOps: DevSecOps

 

DevSecOps is focused around five basic principles

  • Customer focused mindset
  • Scale, scale, scale!
  • Objective criteria
  • Proactive hunting
  • Continuous detection and response
With the recent changes to GDPR law, more and more businesses are being forced to take security seriously and place these requirements much higher in the project delivery. There is a big risk to organizations if they do not embrace security at the centre of their development, as the fallout of an incident could really affect not only the reputation of the business but also the financial penalties have the potential to be extremely damaging:

 

“There are two tiers of administrative fines that can be levied as penalties for non-compliance:

  1. Up to €10 million, or 2% annual global turnover – whichever is higher.
  2. Up to €20 million, or 4% annual global turnover – whichever is higher.”

While DevSecOps and Agile may also disagree about the priority of tools, security must become an integral part of any development project. This is why Agile, DevOps and DevSecOps must all work together to ensure not only rapid deployment but secure deployment. Agile and DevOps were both important evolutions of the software development process, but DevSecOps is the next evolutionary step. In our upcoming articles, we will discuss techniques that help you secure the support from senior management to implement DevSecOps.