Skip to main content

Reality and perception of secure DevOps are two different worlds

Pretty much all IT operations professionals (99 per cent) agree – adopting a DevOps culture can improve application security. This is according to a new report by Hewlett Packard Enterprise.  

The report, entitled Application Security and DevOps Report 2016 (opens in new tab), also emphasises that just a fifth (20 per cent) of respondents test their application’s security during development, and 17 per cent are using no technologies whatsoever to protect their apps. The conclusion of the report is simple – there is a significant disconnect between perception and reality of secure DevOps.  

“Our research shows that both security leaders and developers believe that the DevOps movement has the potential to significantly improve application security, but organizations are struggling to realize that potential so far,” said Jason Schmitt, vice president and general manager, HPE Security Fortify, Hewlett Packard Enterprise.  

“By understanding the current state of DevOps and best practices for integrating security into the development culture, organizations can successfully secure software in this new DevOps world without impeding the speed and agility that it brings.” 

HPE says implementing DevOps means more secure software development, but there are barriers in the way. The biggest issue is that developers and security teams often don’t work together – some dev teams have even admitted to not knowing who the security folks in their organisation are.  

Also, there is a lack of awareness, emphasis and training for developers, and finally, there is a serious shortage of application security talent.

“Adopting a DevOps process can help make applications more secure, since the development and production environment are built the same way and to the same security standards and testing,” said John Meakin, Group Information Security Officer, Burberry.  

“However, it requires a commitment across the organization to prioritize security, and incorporate more automated testing solutions that make it easier to gather real-time feedback and remediate vulnerabilities throughout the development process.” 

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.