Lack of communication hampers DevOps
Despite the enterprise benefits promised by adopting a DevOps culture, the majority of IT leaders believe that communication between IT security and software development must improve greatly to achieve success.
This was one of the findings of a recent survey, led by Vanson Bourne on behalf of Trend Micro, which examined the attitudes towards DevOps held by 1 310 IT decision-makers from within both enterprise and SME organisations worldwide.
Those polled are at different stages of the DevOps implementation as they integrate their teams, application development, IT operations and security, to shorten and secure the development lifecycle.
While nearly three-quarters (74%) surveyed claimed such initiatives had become more important over the past 12 months, a whopping 89% said that communication within the IT department needed to improve, adding that closer contact between software development and IT security teams was essential.
Another 77% said the same for developers, security and operations, and just over a third (34%) claimed that these silos are making it harder to create a DevOps culture in the organisation.
Indi Siriniwasa, VP of Trend Micro Sub-Saharan Africa, added: “When we relate these findings within an African context, two things stand out: firstly, many of our customers are still in the infancy of their cloud journey; and secondly, African customers are exceptionally security conscious.”
What this means, says Siriniwasa, is that DevOps is a critical part of their business, but security is more important. “Until the link between these teams is firmed up, we will continue to see a disconnect, and the length of time developers take to deliver on applications will continue to suffer.”
Steve Quane, executive vice-president of network defence and hybrid cloud security for Trend Micro, said: “The history of software development shows that the biggest and best process improvements never happen quickly because of the most valuable variable: people, who have existing behavioural patterns and cultural components.”
He added that organisations who are implementing a DevOps structure are going in a strong direction, but security cannot be forgotten during this transition.
Respondents suggested that the best ways to drive this cultural change include fostering greater integration between teams (61%); setting common goals (58%); and sharing learning experiences across teams (50%).
One third of respondents said DevOps is a shared responsibility between software development and IT operations, which is another indication of the current communication breakdown between teams. It appears that each department feels responsibility or ownership to lead these projects.
Part of the challenge, despite enthusiasm for DevOps, which has seen 81% of organisations already implement or currently work on projects, is that 46% have only partially developed their DevOps strategy.
Encouragingly, those surveyed confirmed that enhancing IT security is more of a priority (46%) in DevOps than any other factor. “Regardless of where an organisation is in their journey, there are new tools that bake security into the development process while automating rapid deployment of security at the same time as reducing risk and ensuring compliance,” added Quane.