By: Jayati
August 16 2019

The journey from Agile to DevSecOps 

We were introduced to Agile in the early 2000s and it proved to be a huge success bringing a completely new perspective. But its 2019 and it’s unlikely for stand-alone Agile to deliver with the same precision. The methodologies of Agile have almost become obsolete to dispatch efficiencies to your processes. Therefore, the focus has shifted to DevOps, which is disintegrating the silos between teams and integrated Dev, QA, and Ops in a single coherent string. 

But where does DevSecOps fit in this transition? How can DevSecOps enhance the already cohesive process of DevOps? Let’s find out!  

Learning the Difference

Agile and DevOps can be understood as two aspects of how a software delivery process can be executed. Where Agile was introduced to improve the process of delivery, DevOps came in to improve the frequency of the process. And DevSecOps is an extension of DevOps where it ensures the highest of security and privacy within the systems. 

In terms of business, the focal point of DevSecOps is to bring a tight structure of security checks in the pipelines and within the teams, especially for QA and testing.

While both Agile and DevSecOps can be implemented to upgrade and change the domains, organizations are now swaying towards DevSecOps.  

Agile Vs DevOps

Parameter

Agile

DevOps

Implementation

Agile is implemented within a range of tactical frameworks

DevOps focuses on collaboration

Team size

It works for smaller teams where fewer people work faster

It has a larger team size and involves stack holders

Duration

Managed in units, it takes much less than a month for each sprint.

For DevOps, it delivers code to production on a daily basis or every few hours.

Target Areas

Software Development

End-to-end business solutions for fast delivery

Communication

Commonly, a daily scrum meeting takes place

Involves specs and design documents for the operational team

Goal

To address the gap between customer’s need and development & testing teams.

To address the gap between development + testing and Ops.

Advantage

Shorter development cycle and improved defect detection.

Supports Agile's release cycle.

Tools used

JIRA, Bugzilla, Kanboard are some popular Agile tools

Puppet, Chef, TeamCity OpenStack, AWS are popular DevOps tools

Taking the Leap from Agile to DevOps

Agile affected the IT departments as they streamlined the processes with a fast driven innovation within the organization. Therefore, DevOps seemed to be the next legitimate step towards continuous delivery as it connected the IT operations in a more responsive manner. It bridged the gap of delivery and improved the time to market. 

While the software community accepted agile, they soon noticed perforations where testing and deployment still lacked an end-to-end application. Thus, DevOps fixed these rifts with smaller and frequent releases and automated the entire delivery lifecycle. 

Stalling Security Concerns

Once the policies of DevOps were established and it became a practice within the organization, the increasing security concerns came to the fore. It was discerned that common security checks weren’t enough. Often lack of security measures was noticed after the completion of the development. It became a barrier for continuous deployment and configuration halting hindered the frequency too. Standard testing no more served the purpose for DevOps and improved security became the need of the hour. 

From DevOps to DevSecOps

DevSecOps can be seen as an extension of DevOps. It simply enhances the security measures that are often neglected and brings them to the forefront of the pipeline. Making security a priority, DevSecOps infuses principles of assurance for the DevOps teams. It doesn’t go beyond the dynamics of DevOps and its methodology. Thus, DevSecOps is the process of utilizing the DevOps processes to strengthen the security of the ecosystem. 

Few regular practices to follow include rehearsing with automated dry run tests, making sure the QA team includes the automated security checks and establishing an agile feedback loop for continuous integration

Arrow pointing towards right

Security Automation

It’s quite obvious that manual testing and configuration goes out of the picture with DevSecOps. However, there are few security checks that are still commonly tested manually. In order to integrate a tight CI/CD pipeline, automation of all security checks becomes imperative. From the development phase to the pre-production stage, automation is the key to security. It not only reinforces strength but also reduces the time to market with minimum flaws. 

Future with DevSecOps

Though the errors are mitigated by the process of automation, the efforts do not end there itself. Monitoring and continuous visibility have to be the norm for achieving DevSecOps. An event of a security breach can damage both the end-user and the organization. 

Thus, the next big leap is towards cloud computing. The advent of hosting services in a cloud is picking pace in the industry. However, the threat to online hosted services is also growing exponentially. The security flaws are surfacing now more than ever. 

Secure testing and consistent configuration is the only way to resolve this issue in your workflow. Fix your vulnerabilities as soon as the development starts and along with the production pipeline for a successful delivery. 

Conclusion

When dealing with DevSecOps or moving onto the cloud, a gradual transition is key. 

It is wise to move from Agile to DevOps and then to DevSecOps. And security should be on top of the priority shelf in every phase than being an afterthought.

What do you think of the journey panning out so far? Share your views at our social channels: Facebook, LinkedIn, and Twitter.