The Growing Security Priority for DevOps and Cloud Migration - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

08:30 AM
Connect Directly

The Growing Security Priority for DevOps and Cloud Migration

Survey asserts security may be increasingly top of mind, but many organizations are unsatisfied with their current footing on that front.

According to the results of a recent survey, some enterprises are trying to catch up and increase security integration in their development cycle and cloud adoption plans. The report on the State of Modern Applications in the Enterprise shows that 78% of respondents listed integration of security into more IT projects and operations as a key priority, ranked third behind meeting business needs faster and delivering greater quality software more quickly.

The survey, administered in April by Hanover Research and commissioned by cloud soluttions provider Ahead, gathered responses from more than 300 IT decision makers at US-based companies with at least 1,000 employees. Requirements to be counted among respondents included having input on IT spending, focusing on application development, and working in IT, product management, or development.

Image: Gorodenkoff -
Image: Gorodenkoff -

Though the notion of DevSecOps continues to gain momentum, Ahead’s Tim Curless, chief architect, there can be a need to extend an olive branch on behalf of security within some organizations. There can be breakdowns in working with security, he says, in companies with some stakeholders reluctant to make security part of development plans. “They have this fear of involving them based on historical impediments and slowness that it causes,” Curless says.

Staffing for security also can be an issue with organizations, whether it means trying to train up current employees or recruiting such expertise. Curless says some organizations may have relatively small security teams and not see a way to embed them into other parts of operation.

These and other reasons have contributed to security being regarded as something of an impediment in the development cycle, says Steve Pydyn, Ahead’s solutions architect. “Security is often seen as a cost center or not worth its money until it’s a little bit too late.” In other words, the value of secrurity is often not felt until after an incident occurs that demonstrates why it is necessary. If handled carefully right, he says security can be a seamless element throughout the lifecycle.

Part of changing perspectives, Pydyn says, includes showing leadership within organizations that security is an important asset. The strategy should also ensure developers have time budgeted for security activities and make sure that they invest in programs that demonstrate this importance., he says. “A lot of times, security is seen as a speed bump instead of as a guardrail where security should exist to facilitate the business and not a separate process.”

With many organizations focused on continuous integration, Curless says security can become an afterthought during transformation as companies put an emphasis on tools and processes around static and dynamic analysis.

The route organizations choose to leverage the cloud can also affect short-term and long-term outcomes of their strategy. Curless says the lift and shift approach can be a way for organizations to say they are getting onboard with the cloud but that can overlook opportunities for different approaches, such as going cloud native. “Lift and shift can be costly and does not change the positions of applications and how they are used,” he says.

There are nuances to moving to the cloud that Pydyn says should not be ignored. “Businesses should stop looking at applications that are lifted and shifted into the cloud as the same applications,” he says. It is not an efficient economic model to run the same application in the cloud,” he says. Moving a monolithic legacy application to the cloud with little functional change ignores aspects such as microservice architectures and cloud-native platforms that can better take advantage of the medium. Another aspect to consider is visibility into the application stack, Pydyn says, because through lift and shift, legacy apps can become rather opaque. They still might get the job done, but it leaves certain potential unrealized that might have be beneficial. “If a legacy app gets broken down into components and they introduce security or audit stages in the development of the pillars within the application, it weaves security more deeply into it,” he says.

For more content on security and DevOps, follow up with these stories:

Cloud Threat Report Shows Need for Consistent DevSecOps

How Continuous Intelligence Enhances Observability in DevOps

The Search for a Plan to Bolster DevSecOps Against Attacks

Q&A: Denim Group CTO on DevSecOps and Resolving Disconnect

Joao-Pierre S. Ruth has spent his career immersed in business and technology journalism first covering local industries in New Jersey, later as the New York editor for Xconomy delving into the city's tech startup community, and then as a freelancer for such outlets as ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll