A report by Puppet shows that the DevOps approach and good cyber security policy complement each other. This is in contrast to the common misconception that cyber security prevents a smooth roll-out of newly developed software.
The findings are clear: “This year’s findings are clear: Good security practices and better security outcomes are enabled by DevOps practices” , summarizes the report. The organizations that integrate cyber security into software development from the start are faster with the rollout of new solutions than organizations where this does not happen. According to Puppet, 61 percent of the companies that integrate cybersecurity directly are faster than the competition. This is only the case for 49 percent of companies that have cybersecurity as a smaller priority.
In addition to the faster deployment times, Puppet’s research also shows that the elimination of weaknesses in software no longer takes place if cybersecurity is integrated early in the process. Furthermore, the report states that a greater focus on security will actually result in better software security. This, of course, sounds like kicking in an open door. The point is, however, that improvements in the security of software are then given priority over other new functions. A difference in mentality.
Changing mentality
For the research Puppet 3000 researched tech professionals around the world. What is also interesting from the report is that 6 out of 10 companies only involve cybersecurity in 2 or less phases of software development. Five levels of security integration are described, where level 1 is not an integration. Level 5 is full integration over the entire development process. The biggest reason that organizations almost never achieve full integration is the mentality that security measures simply do not bring in the profits. Therefore, a change in mentality is needed to reach a higher level.
“The most important outcome [of the research] is that improving your security attitude is not only about moving a few security practices to an earlier phase of the software life cycle. It’s about a different way of working, with the emphasis on cross-team collaboration and shared empathy. DevOps, in fact”, says the report.