Introduction: DevSecOps in a Cloud-Native World
The rapid move to the cloud is driving significant changes to application development models and operational processes. DevOps and Continuous Integration/Continuous Deployment (CI/CD) lead to higher degrees of automation, while containerization, microservices, serverless computing, and the more recent advent of ‘the service mesh’ enable faster deployments, more dynamic execution environments, and rapid scale.
These changes don’t just challenge the relevance of the traditional data center. They challenge enterprise IT culture at its core. As organizations adopt cloud technology stacks and DevOps models, the role and priorities of the IT professional must evolve as well. Security is no exception, and the move to cloud-native is having a profound impact on both security posture and operations, introducing the following issues:
Distributed architectures create new challenges: Diverse components interacting within a distributed architecture introduce unpredictable dynamics and unanticipated failure modes.
Ephemeral workloads challenge static security approaches: Dynamic and short-lived work loads require security controls that can change and adapt as quickly as the environments in which they run.
The DevOps mindset is upending the status quo: The DevOps model is challenging organizing principles that have long driven security operations in many enterprises.
While some security professionals have been slow or resistant to change, others are embracing these challenges, seeing an opportunity to apply DevOps technologies to security, and to blend development and security operations. Hence, the term“DevSecOps.”