DevOps has become one of the most popular terms in enterprise technology. A recent study found that most enterprises see the value in implementing DevOps. However, it can sometimes be difficult for IT teams to get the most out of their DevOps practices.
Solutions Review recently had the chance to interview CA Technologies’ GM of DevOps, Ashok Reddy, to discuss the state of DevOps. CA Technologies recently unveiled new offerings and announced solutions to enhance IBM’s mainframe. Reddy gets into detail regarding the state of DevOps security, the diversifying cloud market, analytics, and some issues that aren’t getting enough attention.
With DevOps’ increased popularity, there seems to be a lack of focus on security, how can DevOps teams enhance security? Do you think security needs to become intertwined with DevOps i.e. DevSecOps or Secure DevOps?
Absolutely – and the way to do that is to “shift security left,” which is about implementing “Continuous Security,” by using automation to build security checks into your DevOps pipeline earlier and more reliably, you can significantly reduce your organization’s exposure to digital risk and reduce your total spending on late-stage application security mitigation tasks.
Essentially every company is a “software” company in the digital economy, and security is a critical part of effectively engaging customers by building trust through data protection. Specifically, this entails continuous protection of customer data – so, security testing should not be introduced solely in the final phase of development.
Based on a recent CA-commissioned survey, we found that a lack of DevSecOps implementation in organizations is more of an attitudinal issue rather than an operational or technical one. Fifty-eight percent of respondents cited existing culture as a hurdle to being able to embed security within processes, while only 24% strongly agree that their organization’s existing culture supports collaboration across development, operations, and security.
But this requires security and development teams to be better aligned for an integrated approach to application security. For there to be clean code from inception, security testing must be embedded into developer tools and processes.
In fact, the 2018 Gartner Magic Quadrant for Application Security Testing predicts that “by 2019, more than 50% of enterprise DevOps initiatives will have incorporated application security testing for custom code, an increase from fewer than 10% today.”
The cloud market is diverse and can be overwhelming. With MSPs, analytics, automation, containers, etc. it can be tough for enterprises to know exactly what they need. What priorities should they have for their IT environment? Implementing DevOps, automation, monitoring, etc.?
For a company to successfully meet the demands of the multi-cloud environment, it needs to be strategically poised for the intersecting the functionalities of Agile, DevOps, and Security.
Adopting agile practices provides centralized visibility into every team’s business deliverables and resources, ensuring a feedback loop mapped to the company’s larger strategic goals. With agile, you deliver customer value to market faster by planning frequently, shipping quickly and responding confidently to market changes. In addition, you empower teams to work efficiently by allowing users to easily initiate, manage and share their work.
DevOps is the most effective manner of putting agile and lean methodologies to work in the digital enterprise. From speeding time to market and continuously improving customer experience based on providing continuous feedback and insights to developers, to accelerate time to decision and improving operational efficiency, leveraging DevOps and agile together is driving business transformation as we know it.
Embedding and automating security testing throughout DevOps is integral to delivering quality software. However, scaling application security testing across thousands of applications with distributed DevOps teams is a huge challenge. That’s why it’s important to use a scalable, cloud-friendly platform that can leverage multiple analysis techniques while automating time-consuming tasks with powerful APIs and integrations.
What cloud-related issues aren’t receiving the attention they deserve? How can enterprises/DevOps teams address these issues?
Considering most enterprises are still leveraging existing mission-critical systems such as the mainframe, where more than 70% of customer data tends to reside, there is a burgeoning demand for developing, running and managing applications on them with the multi-hybrid cloud environment in mind. It’s a powerful pairing: the scalability and security of the mainframe with the flexibility and elasticity of the cloud. So, integrating this into an enterprise DevOps framework needs to be of utmost importance.
It allows development teams to quickly test and modify applications in place, making it easier for enterprises to do mainframe test and development in the cloud, and monitor applications in the cloud and integrate into existing digital performance management solutions.
Enterprises continue to balance the challenges of leveraging existing IT systems while adopting newer innovations, such as cloud, automation and DevOps. At CA, we just recently launched a development toolset, CA Brightside, which enables customers to control, script and develop on the mainframe using similar tools and processes as they would use in any other cloud platform.
What would you say to enterprises that aren’t harnessing analytics?
That not harnessing the power of analytics is a missed opportunity. Today’s digital economy means that every enterprise is generating enormous amounts of data from its core infrastructure, application and SaaS-based systems. When data is automatically correlated and refined into actionable insight, enterprises of all sizes can reap the benefits that contribute to business growth. It’s a matter of leveraging the power of automation and AI to know when, where, and how to apply human efforts for the greatest ROI in managing and operating apps and services.
At the core of this is a robust advanced analytics program, which leverages AI and Machine Learning algorithms; embracing both predictive and prescriptive capabilities. On the predictive end, companies need a solution that filters the “sea of red” and automates tasks to ensure the correct individuals are notified of issues quickly and appropriately – maximizing failure prevention. On the prescriptive end, they need a solution that detects data patterns that indicate trouble and prescribes the necessary actions to quickly triage application performance issues.
However, this is a tool that still needs a trained eye. It requires the collaboration of data scientists and domain experts to turn the derived raw data into strategic business insights for myriad stakeholders across the enterprise.
Ashok Reddy is responsible for CA’s DevOps Line of Business including the Developer Products, Continuous Delivery, Agile Operations and Automation business units and is applying his 25+ years of software and AI expertise to help clients transform to AI First enterprises for building, deploying, operating, automating and securing next generation AI based applications.
- Solutions Review Best of 2018: Top Container Security Articles - December 20, 2018
- Logicworks and AVANT Communications Announce Alliance - December 19, 2018
- A Look at the Container Lifecycle and How to Keep it Secure - December 14, 2018