The movement to get software development teams working closely with IT operations for creating better code in a formal process called DevOps is increasing. However, if a recent survey is representative security teams may not be participating enough.
The survey, released this week by Trend Micro, found 71 per cent of respondents saying they’d like to see more participation by security in DevOps initiatives.
Of those who have fully or partially implemented DevOps, less than half (42 per cent) of respondents said their security department is fully equipped to secure DevOps projects. Fifty per cent said security is partly ready and the firm is looking to hire more staff to better work on projects.
In addition, when asked what are the biggest issues possibly preventing a fully embraced DevOps culture, 40 per cent said increased security complexity. However, right behind that was the complexity of the IT infrastructure and lack of DevOps training across the enterprise, both with 39 per cent.
The survey of 1,310 IT decision-makers from a number of countries including Canada was run earlier this year.
The goal of DevOps is to integrate application development, information technology and IT security teams to shorten the software development lifecycle while delivering features, fixes, and updates faster.
Of those surveyed, 37 per cent of respondents said their organization has already implemented DevOps initiatives, while another 44 per cent said they were currently implementing DevOps. Sixteen per cent said they were planning to implement a DevOps project in the next 12 months.
In an interview Greg Young, Trend Micro’s Ottawa-based vice-president of cybersecurity, said these and other results suggest CIOs need to focus on improving communications not only between teams but also across the enterprise about DevOps.
Only one-third of respondents said DevOps is a shared responsibility between developers and IT, he noted. “That was lower than I expected,” he said — and, he added, it suggests in these organizations the security team is left out.
The ideal DevOps team includes representatives from software development, IT operations and IT security, he said.
One problem, Young said, is that historically IT security has been the team that often says ‘no,’ but when it becomes more integrated with DevOps has to learn new skills. There has to be almost a reset of these the relationship with other departments, he said.