What the Cloud? DevOps and DevSecOps Explained
Originally posted at https://www.lacework.com/blog/what-the-cloud-devops-and-devsecops-explained/.
At some point a buzzword becomes meaningless; it moves so far beyond the original intention that it’s just background noise. We passed that moment a long time ago with the term “DevOps” and even quicker with “DevSecOps.”
That’s unfortunate because both of these terms put a name to a long standing problem within teams building solutions. They also propose a more efficient way forward–a path that actually leads to much better solutions.
So, let’s sweep away the buzz and get to the core of what’s behind these terms.
Development As A Practice
While there is a lot of science and engineering behind the development of IT solutions, how to apply that knowledge is a craft that needs to be practiced.
In the early days of computing, the general approach was very segmented. Gather requirements for a solution, design the solution, deliver the solution. The entire process could take months or even years and drove the idea of an annual release.
This methodology—called “waterfall”—worked reasonably well…in the beginning. Systems became more and more complex. They became more connected. Things moved faster and this approach started to break down.
We needed more flexibility. As a result several methodologies were introduced but they all fell broadly under the umbrella of “agile.” The idea was simple: do work in smaller batches. Reduce the time between finding a solution and delivering it.
Again, this worked reasonably well for a time.
Breaking Down Barriers
Agile started to break down in concert with the shift to cloud computing. More and more teams were building services, not software they sent to customers for the customer to run.
This shone a light on the often neglected requirements of actually running the software, not just writing it.
The operations teams (either at the development team’s organization or with the customer) wanted solutions that were easier to run. They needed more reliability and that meant making different choices when building those solutions.
This is when DevOps—a portmanteau of Development and Operations—started to emerge. Like agile, the idea was simple. This time the goal was to reduce the barriers between these two critical teams.
It turns out that if the people who would be running the system are involved in its development, a lot of decisions are made differently.
That’s the push behind DevOps.
With that in mind, DevSecOps aims for the same thing while also reducing the barriers between the development, operations, and security teams.
Again, it turns out that if the people who are trying to secure the system are involved in its development and operations, a lot of decisions are made differently.
The terms DevOps and DevSecOps are slapped on to all sorts of things–job postings, services, training, etc.
At their core, these terms are a signal. They are philosophies that shine a light on today’s reality. Ultimately, teams are building systems and these systems need to be maintained and secured throughout their lifecycle. If these teams work together, they drive better outcomes for the business and its customers.
DevOps and DevSecOps are an acknowledgement the cloud is powering a new generation of solutions. In order to succeed teams need to break out of old silos and work together.
What the Cloud is part of a blog series about the basics of the cloud and all things related. Check out our other posts: The Shared Responsibility Model