Close
  • Home
  • Applications
      • Asset Management
      • Business Intelligence
      • CEM
      • Cognitive
      • Compliance
      • CRM
      • Data Center
      • E-Invoicing/E-Billing
      • Enterprise Communication
      • Enterprise Mobility
      • ERP
      • Facility Management
      • GDPR
      • Human Resource
      • Information Security
      • ITSM
      • Managed IT Services
      • MarTech
      • Payment and Card
      • Procurement
      • RegTech
      • Risk Management
      • RPA
      • Software Testing
      • Unified Communication
  • Verticals
      • Automotive
      • Casino Tech
      • Contact Center
      • Enterprise Startups
      • Field Service
      • FinTech
      • Healthcare
      • Legal Tech
      • PropTech
      • Telecom
      • Travel and Hospitality
  • Technologies
      • Agile
      • Artificial Intelligence
      • Augmented & Virtual Reality
      • Big Data
      • Blockchain
      • Cloud
      • Data Analytics
      • DevOps
      • Drone
      • HPC
      • IoT
      • Robotics
      • Smart City
      • Storage
  • Company Eco System
      • Adobe
      • Dassault Systemes
      • HPE
      • IBM
      • Microsoft
      • Oracle
      • Salesforce
      • SAP
  • News
  • conferences
  • Newsletter
  • Specials

  • Menu
      • Big Data
      • Blockchain
      • Casino Tech
      • CEM
      • Cloud
      • CRM
      • DevOps
      • Drone
      • Facility Management
      • GDPR
      • IoT
      • Legal Tech
      • Oracle
      • PropTech
      • RPA
  • Blockchain
  • Cloud
  • CRM
  • Drone
  • Facility Management
  • IoT
  • Oracle
Specials
  • Specials

  • Big Data
  • Blockchain
  • Casino Tech
  • CEM
  • Cloud
  • CRM
  • DevOps
  • Drone
  • Facility Management
  • GDPR
  • IoT
  • Legal Tech
  • Oracle
  • PropTech
  • RPA
×
#

CIO Applications Europe Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from CIO Applications Europe

Subscribe

loading
  • Home
  • DevOps
Editor's Pick(1 - 4 of 8)
left
Technology Key to Building a Disruptive Networked Business

Robert Crudup, Executive Vice President & CIO, SEI

Leading the Digital Business Culture

Chad Sheridan, CIO, USDA

Engaging Citizens through Technology

Martin P.Rose, CIO, Pinellas County

Data Reliability Engineering- Tackling The Data Quality Problem

Torq Pagdin, Director, Technology (Data Engineering), Hotels.Com

Scaling Devops without Hiring

Dmitri Lerko, Head of Devops, Loveholidays

Lean before you Agile.

Morgan Martins, AMBCS, CISMP, Head of Digital Delivery and Solutions, Institute of Physics International Public Speaker

Digital Transformation and Competitive Advantage through Continuous Delivery

Keith Watson, Director of DevOps, ADP UK

The Sustainable Advantage of Agility

Lee Sexton, Director Agile & DevOps TransformationSoftServe

right

THANK YOU FOR SUBSCRIBING

DevOps and Security

By Nadeem De Vree, CCO & CIO, NN

Tweet
content-image

Nadeem De Vree, CCO & CIO, NN

The saying goes that “where there’s change, there’s opportunity”. And often this is interpreted to mean that there is opportunity for positive change. In a controlled environment, change is a factor that one can predict, react to and, relatively, easily adjust to. That’s a lab environment, not one in which we find ourselves. In business there are a lot of trends that are going on at the same time. Two of the largest are the move to a DevOps way of working, and a growing awareness that Security is now a business critical function.

DevOps is the process where teams are responsible for both the development and the operations part of an application. A continuous process that makes incremental changes to the environment seeking to increase and/or improve functionality.

On the other hand Security achieves its best results within a controlled or stable environment. Where the security measures adapt as technology advancements allow for more efficient protection.

It is this conflicting situation that most companies find themselves in, regardless of if they are financial organizations that are compliance driven or high tech/products companies that are more risk focused. Financial organizations need to make sure they comply with regulatory demands. They have a strong compliance based culture where any changes that could affect the reporting or stability of the company and its customers needs to be tested and documented. The result is that the fast paced DevOps way of working is slowed by a need to document and get the needed signatures and at times waivers.

Financial Organizations have a strong compliance based culture where any changes that could affect the reporting or stability of the company and its customers needs to be tested and documented

Companies are now realizing that there is a need to reassess how they deal with the compliance regulations put in place following the 2008 financial crisis. We see a trend that auditors and financial institutions are working together in assessing what is mandatory, and streamlining the process so as to create some more ‘breathing space’ for the DevOps teams to operate in. In parallel specialized IT security teams are being set up that are deployed to those DevOps teams that are working on IT changes that meet corporate requirements. The decision for these security teams rather than dedicated security individuals within the DevOps teams themselves would seem to be dictated by the scarcity of skilled security professionals on the market as well as a lack of work within the teams to validate the dedicated security professional.

High Tech and Products driven companies are moving away from compliance driven security and towards risk based security. Whereby the process is to determine the risk appetite of the organization and then translate this into policies and technologies. These companies are more often than not faced with a need to get products to the market sooner than their competitors. This places very different demands upon the DevOps process and the need to streamline the integration of security and DevOps; security by design. Ideally within these companies the risk appetite will be instilled within the companies ethics and as such with all the employees. The internal conflict here is between the need to create secure products and the need to be first to market. These companies have often given the security organization the ability to block the release of any product that exceeds the risk appetite of the company regardless of what the product owner might want. This approach results in a close cooperation between security, product design and the DevOps teams so as to reduce any delays later on in the process.

It is generally accepted that the DevOps way of working leads to faster results that are able to adjust where needed to meet changing demands, and as such this way of working will continue to move out of the IT/product development world and into the larger organization structure. Similarly companies are also aware that it is no longer a question if there will be a security breach but rather when and that it is therefore key to always stay one step ahead. Concluding that ideally security would be a standard part of the DevOps way of working. However as long as product owners push to reduce time to market or organizations are compliance, and thus administration, driven we will continue to see that security is experienced as an inhibitor rather than an enabler in the DevOps process. Despite this, companies are and should, continue to strive for a true ‘secure by design Devops culture’.
tag

DevOps

Financial

Read Also

Scaling Devops without Hiring

Scaling Devops without Hiring

Dmitri Lerko, Head of Devops, Loveholidays
Lean before you Agile.

Lean before you Agile.

Morgan Martins, AMBCS, CISMP, Head of Digital Delivery and Solutions, Institute of Physics International Public Speaker
Digital Transformation and Competitive Advantage through Continuous Delivery

Digital Transformation and Competitive Advantage through Continuous Delivery

Keith Watson, Director of DevOps, ADP UK
The Sustainable Advantage of Agility

The Sustainable Advantage of Agility

Lee Sexton, Director Agile & DevOps TransformationSoftServe

Weekly Brief

loading
cioviewpoint
Top 10 DevOps Consulting/Service Companies - 2019
ON THE DECK

DevOps 2019

Top Vendors

DevOps 2018

Top Vendors

Previous Next

Top Trending News

  • 4 Latest Enterprise Mobility Trends to Follow
    4 Latest Enterprise Mobility Trends...
  • Is 5G a Game-Changer for the European Healthcare Industry?
    Is 5G a Game-Changer for the European...
  • 3 Digital Trends Influencing the European Hospitality Industry
    3 Digital Trends Influencing the...
  • How is the European M&E Industry Preparing for 5G?
    How is the European M&E Industry...
View More ›

Copyright © 2019 CIOApplicationsEurope. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy |  Sitemap |  Subscribe |  About Us

follow on linkedin follow on twitter follow on rss
This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

https://devops.cioapplicationseurope.com/cioviewpoint/devops-and-security-nid-1481.html