How DevOps Can Save Security

Depending upon how learned your security teams are, they might not deeply understand what you mean by CI/CD. Realize from the outset that many security practitioners do not have a software development background. This question is critical because it will allow you to spend time whiteboarding what your pipeline and processes look like. There are many positive outcomes that will surface from these sessions starting with security having a deeper understanding of how software flows in your organization.

Perhaps most important is getting security to own automating security in the pipeline. Although we love to repeat the mantra: “Security is everybody’s job,” the truth is, it ain’t. This doesn’t mean that you shouldn’t try to write secure code, but it does mean it will never be your primary focus.

Automation theory vs. reality Source: xkcd.com

Because in order to build compliant cloud native applications, you need to make intentional design choices and follow formal processes for putting them into practice.

“Efficiency is doing things right; effectiveness is doing the right things.” ~ Peter Drucker, management thought leader.

When it comes to the cloud, you as the DevOps team have the control. There is however a corollary best known as the Peter Parker principle, in reference to the iconic fictional character whose alter ego is Spider-Man: “With great power comes great responsibility.” The question for DevOps then is what will you do with it?

Full article