Since last year, the buzz at RSA has been cloud computing. Heck, it was also the buzz at last year’s Interop conference too. Businesses love the agility of the cloud. Security is scared to death of it. In a presentation at this year’s RSA entitled, “Security is Dead. Long Live Rugged DevOps: IT at Ludicrous Speed,” Gene Kim (@realgenekim), President of IT Revolution Press and Joshua Corman (@joshcorman), Director, Security Intelligence for Akamai Technologies make a case that the same cloud-like agility and speed the businesses are experiencing must also happen within IT, developers, and security.
They suggest “Rugged DevOps” which marries the former adversaries of Development and Operations, while also building a sold security foundation for them to operate.
How to Create a DevOps Environment
Traditionally, Developers are incentivized to deploy as many changes as possible. Operations are told to keep things steady and smooth and that means to make as few changes as possible. Their goals are diametrically opposed. But to be competitive as a business you need to rapidly make changes and evolve. IT needs to operate at “ludicrous speed,” said Corman.
To successfully create an intertwined DevOps environment, Developers need to think like Operations, and vice versa.
Think about how much you can grow if you can start making multiple updates a day versus one every few months. The first DevOps organizations were making ten updates a day. Today, companies like Amazon are making more than 1000 deployments every hour.
History shows that the net result of becoming a DevOps organization is high performance. They make more changes. They stay up longer. They’re more secure. And they’re more compliant, said Kim.
Ruggedized IT environment
In their presentation, Kim and Corman recommend to go one step further to create Rugged DevOps. Build from the ground-up a ruggedized security structure into your DevOps environment.
Corman proposed this “Rugged Survival Guide:”
- Defensible Infrastructure – A big part of your security is how defensible is your infrastructure. Don’t get distracted by controls. Any corners you cut at this stage compound at later stages.
- Operational Discipline – Know what you have and reduce your operational chaos and entropy.
- Situational Awareness – What’s your ability to observe? Develop better measurement of your systems. Enhance your visual spectrum.
- Countermeasures – Deploy the things that matter when people are attacking.
Security is a tax and it prevents us from doing what we want. But if you aim to create a rugged environment to support your rapid iterating DevOps environment, you can be monstrously competitive, said Corman.
Stock photo of computer screen chart courtesy of Shutterstock.