How to chart DevOps success (securely) with Virgin Atlantic’s Martyn Coupland

Source:-techerati.com

We talk DevOps scaling, security and success with Virgin Atlantic’s DevOps lead

As DevOps Technical Lead at Virgin Atlantic, Martyn Coupland has two primary responsibilities. First, he is one of the subject matter experts for the airline’s Microsoft Azure platform and the subject matter expert for the Azure toolset which enables its DevOps program.

In addition to the technical legwork, Martyn also provides expertise “around the softer side of DevOps” – in other words, the people and process side of things: “As technology changes, people change and processes change. DevOps will always be here to ensure all three sit together and provide real value,” he explains. “This allows not just technology teams at Virgin Atlantic but other parts of the business to adopt DevOps methodologies.”

How has DevOps evolved over the last few years? Martyn says the biggest shift is that people are viewing it as a means of optimising for speed rather than as a way to “optimise on costs” — messaging that senior leaders once interpreted as a license to cull. Now, organisations recognise that DevOps is best deployed when optimised for speed as “speed and value are the main drivers to getting products to customers before competitors.”

Martyn is well placed to steer other areas of the airline towards success in DevOps — a technical stroke cultural philosophy that can be a little obscure to the uninitiated — as there was a time when he too struggled to embrace the new way of working it demands.

“Like many, to start with I struggled to work differently. But my first journey into DevOps was a really small team of three of us – that actually helped the transition, we worked well together and started to implement some of the processes, technology and cultural changes we know as DevOps.”

Join Martyn at DevOps Live, London ExCeL, 11-12 March 2020
Securing the DevOps landscape: Making sure your organisation is not a front page story
12 Mar 2020
11:45 – 12:10
A company can never achieve DevOps perfection. Martyn still views Virgin Atlantic as “new to DevOps”. However, the airline is no longer in unchartered territory and the benefits are tangible. The airline’s software teams perform CI and CD (continuous improvement and delivery) on applications that the cabin, flight and ground crews rely on. Some might bemoan our dependence on software, but with DevOps, this dependence is a boon not a burden.

“As I said above, every company is a software company and this along with a solid implementation and understanding of DevOps has helped improve the experience for our crew, staff and most of all our customers,” explains Martyn.

DevSecOps
With the automated speed that DevOps effects there are growing concerns that time-to-market is being prioritised at the expense of security. It’s kind of like Formula One. The mechanics and drivers (operations and developers) can often be tempted to fulfil their need for speed before considering issues of safety or security. In our hyper-competitive age, organisations understandably want “things to be up and running and as quickly as possible”.

For Martyn, who will deliver a session on DevOps security at DevOps Live London in March, it’s “natural” that people are beginning to ask these questions. “When something new in technology comes around, people naturally and rightly ask questions. Remember when the cloud was new? Security was one of the main conversations I had about why not to adopt the cloud. As vendors proved their security credentials, these fears went.”

So how can DevOps teams prove their security credentials? Well, they can start by creating ambassadors that bring InfoSec teams to the table from the start; educating them on the tooling and thus helping them to understand the risks. It’s all about constructive and clear communication. “Then they make a call on it and we work together to propose a sensible mitigation to that risk,” explains Martyn.

“Many IT professionals still feel InfoSec is there to add delays and cause unnecessary blockers, it’s not the case,” he adds. “Most of the time the InfoSec team is the one making sure your organisation is not front-page news. As data becomes more important, so does the effort to protect it.”

Martyn also urges companies to not overcomplicate DevOps. CI and CD, he notes, “are fundamentally workflows” (most people have implemented workflow systems before). Put simply, framing DevOps in a way that is easy to understand simplifies the task of shoring up steps in the chain. And once the journey is in full view, it becomes apparent that security should be baked in from the start: “Define first and build second. Don’t try to retrospectively add security to your tooling, unless that’s continuous improvement of course, and make sure that you start with security first, security by design.”

Liftoff
Looking ahead to DevOps Live in March, Martyn – a true DevOps enthusiast – is eager to talk to as many people about their organisations’ DevOps journeys and scenarios, no matter how big or how small. “Feel free to stop us, come to the front after the sessions and follow us on social media and our blogs afterwards to extend your learning past the two days you are attending.” Wherever you are on your DevOps journey, it’s an invitation you’d be crazy to turn down.