What is DevSecOps?
cynical measured here at 4ARMED so we don’t use terms like DevSecOps lightly however, in the same way as cyber has become a pretty effective way to communicate what we do to those who are not necessarily that familiar with infosec, terms like DevOps and DevSecOps have come to transcend their origins and have meaning when engaging those for whom it can be useful.
Depending on who you ask, DevOps is a cultural drive to remove boundaries between developers and operations people and align the, typically competing, requirements of those two disciplines.
In our utopia, security is a function of both dev and ops already and there really isn’t a need for a third group to join the party however, in practice, many organisations still need the specialism of a security team (even if that’s just one person - or a third party /waves) providing subject matter expertise on current threats and improvements that can be made.
DevSecOps in our view, simply provides a term to make that explicit. To give additional emphasis to the fact security should be intertwined into both dev and ops processes.
The Road to DevOps and DevSecOps
At our core we are a technology business but then, isn’t every business a technology business these days? Our founder spent many years wrestling with the challenges of integrating Dev and Ops teams and meeting security, compliance and regulatory requirements at the same time.
Like many technology businesses, we’ve kind of been practicing DevOps before it was called DevOps. Breaking down walls and empowering teams, automating as much as possible, removing security as a blocker and making it an ally. These are central to our whole ethos and why we now embrace the DevOps movement so wholeheartedly.
But it’s not just our own experiences, the vast majority of our clients are software-based or SaaS businesses, many of them startups, and all of them looking to take advantage of rapid development and product evolution while keeping their security solid.
We’ve helped application development teams integrate security into their DevOps lifecycle and can help yours too.
Here are some examples of how we can help:
- Build and secure your CI/CD pipeline
- Migrate to Microservices securely
- Container security
- Security Automation using Terraform, Ansible, etc
- Compliance Automation including Inspec
- Automated and Manual Security Testing
Anyone can go fast. Can you go fast securely? Let us help you build rugged, resilient software, quickly.
Security Baked In
Let us help you build your DevOps processes with security in mind from the ground up.
What To Expect
As with our consultancy a typical engagement will start with a requirements gathering exercise. We need to understand what your goals are and the current challenges you are faced with. Once we understand what you need we can pull together suggested work packages and provide our costs and effort for delivering these.
We will put together specific work packages, no matter how small, so everyone knows what’s going to be delivered, how long it will take and what it will cost. No-one likes surprises so we are completely transparent about everything we do. We’ll always be on hand to answer quick questions in the run up to engagements and support you afterwards.
We’ll work however you do. Want us in the office? OK. Want to hang out on Slack with us all day? No problem. Teams? Even the good old telephone and email. All these are fine with us so we can work and collaborate together easily. We are UK-based but work with clients across the globe and are flexible to cover time zones where needed.