Security teams need to adopt the techniques of DevOps and switch their focus from defending only the infrastructure to protecting the entire organization by improving it continuously. Securing DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organization-wide through risk management and training.
For businesses to thrive in the coming years, their future will likely be cloud-based. Growing adoption has made cloud computing the number one growth area across organizations since the launch of Amazon Web Services (AWS), in 2002. "Through 2022, Gartner projects the market size and growth of the cloud services industry at nearly three times the growth of overall IT services…Cloud services are definitely shaking up the industry. At Gartner, we know of no vendor or service provider today whose business model offerings and revenue growth are not influenced by the increasing adoption of cloud-first strategies in organizations." It makes complete and easy sense.
New research has found that only a few companies are now securing the majority of their cloud-native apps with DevOps practices. The findings from Data Theorem and ESG reveals that only 8% of enterprises are protecting 75% or more of their cloud apps by adopting DevOps practices. However, it is expected that 68% of the organizations will secure at least 75% or more than their cloud backup apps within two years. The research examined 371 respondents, and as per Doug Cahill, the senior analyst for ESG, while organizations have started, there is a lot more work required when it comes to secure cloud-native apps with DevOps practices. The culture of organization security is a bit reluctant to include automation, however, it is the only best possible way of keeping up with the pace of DevOps.
One of the most amazing dynamics within the DevOps enterprise community is seeing business leaders co-presenting success stories with their technology leadership counterparts. For example, Ken Kennedy (executive vice president and president for Technology and Product at CSG) and Kimberly Johnson (chief operating officer at Fannie Mae) described the achievements of their technology leadership counterparts and why it was important to them. I expect this trend to continue, especially given how COVID-19 has accelerated the rate of digital disruption. I believe this bodes well for all of technology. With the rise of hybrid (remote/in-office) product teams, upskilling and online training initiatives will expand.
Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But... securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous architectural and coordination work to minimize the volatility of the cloud environment and leverage the security features of the cloud to the benefit of the CICD pipeline.