What is DevSecOps?

Understanding DevSecOps | 3 min. read

Understanding DevSecOps

You’re probably reading this because you’ve never heard of the cryptic term DevSecOps, or you’ve heard of it but have absolutely no clue what it means. Don’t worry, it’s not as complex as you may believe and we’re here to help you grasp the concept. The term simply refers to “Development-Security-Operations” and it’s a philosophy aimed at automating the software development cycle, whilst simultaneously integrating security throughout the process.

RELATED COURSE
Understanding DevSecOps

This course offers you clarity on how security fits into the principles of DevOps to provide you with a greater awareness of DevSecOps ideals. You will gain this awareness by finding out more about the principles of DevOps and the three pillars of security.

What Is DevOps and Why Was It Created?

In the past, the structure of teams in software engineering seemed to draw inspiration from Henry Ford’s technique of standardization in the production line. Each employee specialized in one task and passed the project down to the next specialist in line. Repeatedly, every day.

This ‘Waterfall Delivery Process,’ as it’s called, formed an efficient means of churning out software, however, it came with its drawbacks. The process was rigid and inflexible to change, especially late in the delivery cycle. Furthermore, it crippled innovation.

Today, teams are no longer built around projects. Teams are built around products and last the duration of the product lifecycle, from idea to sunset. The concept of DevOps was created.

DevOps is more than a change in practice: it's a shift in an organisation's philosophy. It requires change within team structures, as well as software development and funding. DevOps strives to deliver exceptional customer value with the product, rather than focusing on project delivery.

DevOps emphasises establishing a culture where learning and constant experimentation are encouraged. Knowledge and innovation are born from ongoing experiments and establishing a sense of mastery through repetition and practice.

The entire team should understand and be able to define the state of the system and introduce variations that disrupt the system’s state. Through these disruptions, we can establish whether the variations lead to desirable states. This continuous process of trial-and-error provides a thorough understanding of the system, and breeds innovation.

The 5 Core Principles to DevOps

DevOps describes five ideals that form the foundation of delivering value to customers:

  • Locality and simplicity

  • Focus, flow, and joy

  • Improvement of daily work

  • Psychological safety

  • Customer focus

The ideals collectively form the backbone of a strong DevOps culture within an organisation. They act as a framework for applying security practices.

Integrating Security into DevOps

DevSecOps involves ensuring that security is embedded in the five ideals of DevOps by building products whilst maintaining the confidentiality, integrity, and availability of data.

  • Confidentiality

  • Integrity

  • Availability

Following these guidelines leads to many benefits, such as: allowing for easy and local security implementation, improving security architecture facilitating the collaboration between security and development teams, and the removal of the blame for security incidents.

machine automation
key

Implementing DevSecOps

Implementing DevSecOps is an iterative approach to solve the problem to allow DevSecOps culture to develop over a period. We must use an approach made up of three layers:

  • Secure by design

  • Security by automation

  • Security by education

We apply each layer, piece by piece until it's a solid foundation on which a DevSecOps culture thrives.

Learn More in Our Related Course!

In this blog, we gave a brief overview of what DevSecOps is and how to implement it. In our course Understanding DevSecOps we dive into the theory behind DevSecOps and put your team’s knowledge into action with a hands-on lab. Interested? Start our course by registering for our academy.

"DevOps is more than a change in practice: it's a shift in an organisation's philosophy."

 

Start the free introduction tour to determine Secure DevOps learning paths that benefit your teams