Puppet’s ‘2018 State of DevOps Report’ Highlights Increasing Importance of Security as DevOps

Share and earn Cybytes
Facebook Twitter LinkedIn Email

If you are interested in understanding more about how DevOps evolves inside organizations and how security aligns with the evolution of DevOps maturity, Puppet’s 2018 State of DevOps Report offers some powerful insights. The report draws on survey results over multiple years from some 30,000 technical professionals across the globe, as well as insights from DevOps pioneers, including Gene Kim.

One key finding, for example, notes that automating security policy configurations is mission-critical to reaching the highest levels of DevOps evolution. This means as organizations evolve, security policy becomes part of operations, not just an afterthought when an audit looms. Organizations must break down the boundaries between ops and security teams.

The report extends beyond technology – it also probes culture, process and other factors driving IT performance. While DevOps adoption is increasing at a rapid pace, there are many paths for organizations to take for a successful DevOps journey.  Unfortunately, there are even more that can lead to failure.

Some of the most successful DevOps projects come from the ground up vs. top down from a corporate directive. This potentially presents challenges for security teams with a top-down approach. If DevOps originates broadly across the organization from multiple sources, the security team may only gain visibility after the DevOps initiatives have already become established within the business. While it’s obviously much better for security to be involved early in the process to guide and establish security policies for the DevOps team to execute on, when DevOps initiatives come from the ground up it becomes significantly more difficult.

The State of DevOps report views the three pillars of DevOps as culture, automation and measurement. It also identifies and examines the characteristics of DevOps teams and approaches across five distinct stages of evolution, from Stage 0, “Build the Foundation” to Stage 5, “Provide Self-Service Capabilities.” These phases highlight the increasing role and awareness of security, and how security is becoming more widely considered and incorporated at earlier stages of the DevOps evolution.

As noted earlier, a key highlight of the report is how “Automating security policy configurations is mission-critical to reaching the highest levels of DevOps evolution.” To quote from the report summary:

“Highly evolved organizations are 24 times more likely to always automate security policy configurations compared to the least evolved organizations. As organizations evolve, security policy becomes part of operations, not just an afterthought when an audit looms. This requires first breaking down boundaries between ops and security teams (which are further from production). As we see with all the fundamental practices of DevOps, this practice evolves from resolving immediate pain to a more strategic focus — in this case, from “keep the auditors off my back” to “keep the business and our customers’ data secure.” In other words, teams automate security policy configurations initially for their own benefit, and as their understanding evolves, the automation evolves to benefit the entire organization.”

Security is also increasingly recognized at the earlier stages of DevOps evolution. For example at Stage 2, which focuses on achieving standardization and reducing variability, one of the benefits is to reduce the attack surface and security vulnerabilities. This recognition is positive news. As a result, DevOps teams should become increasingly receptive to the security team getting involved and asking how they can help.

Along with AWS, Cognizant and others, CyberArk is a co-sponsor of the 7th annual State of DevOps Report, presented by Puppet and Splunk.

Interested in learning more?


The post Puppet’s ‘2018 State of DevOps Report’ Highlights Increasing Importance of Security as DevOps Evolves appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?