DevSecOps in Practice

May 07, 2021 by ANDRÉ CORRÊA, CLOUD PRACTICE LEADER, STEFANINI EMEA

My previous article, Application Modernization as a Financial Strategy, explored how successfully modernizing applications and adopting a Cloud Native approach relied on the use of mature and appropriate technologies and methodologies, which were able to meet the challenges posed by the new reality.

This process is already well underway. Half of all applications in the Asia Pacific region will be conducted through a DevSecOps process by 2024, according to an IDC study featured in ComputerWeekly. Meanwhile, according to a Micro Focus study by IDC, 74% of IT and software security leaders have accelerated their DevSecOps initiatives since the onset of COVID-19, in response to a 22% growth in demand for new digital offerings.

All of this is connected, because DevSecOps, if deployed in a scalable, automated, and cloud-oriented way, becomes the accelerator and the path for adopting a Cloud Native paradigm. It enables the pillars of DevOps and the CI / CD from Cloud Native to be served and synchronized with the information security, without loss of productivity and guaranteed by design, for example with Well-Architected Framework best practices.

It’s not enough to simply understand how these things connect, however. While IT managers and executives already understand the importance of DevOps, security practices and the way these disciplines integrate, there are other questions that need answering. These include: how best to implement? How should the results be measured? Is the gain real? What is the financial impact?

And it is within this context that the value of a Cloud Native development platform is highlighted, where the goal is to support software engineers and cloud engineers in the process of developing and designing cloud services, ensuring delivery quality, security, cost optimization, sight management and compliance throughout the application lifecycle.

The use of a platform for DevSecOps delivers gains and direct growth across four fundamental pillars (the process illustrated here relates to Infinity Deploy, which is the Cloud Native development platform designed by Stefanini for its own multidisciplinary squads):

This enables projects to breaks down silos, shifting businesses from traditional security models based on control towards context-based security. Writing in CIO magazine, Marc Wilczek from IDG notes that this offers “a unique opportunity to take application security to a whole new level”.

Returning to the starting point of this article, DevSecOps represents a change in culture and in processes, but it relies on the adoption of highly automated technology in order to unleash this transformative potential. As a result, we are investing in providing a DevSecOps platform at Stefanini as part of our application modernization offer, or as part of our enhanced squad models. We’ll explore these models in more detail in the upcoming articles.

Find out more about how our Cloud services can help your business

Share:
See more Cloud services