Corinium APAC Conference Director, Maddie Abe hears from Anna Atlygina, Team Lead DevSecOps at Axe Group, on maintaining equilibrium in DevOps.
In the ever-evolving landscape of software development, striking the right balance between development (Dev) and operations (Ops) activities is crucial for seamless delivery.
Axe Group DevSecOps Team Lead Anna Atlygina emphasises the importance of creating a collaborative culture and leveraging automation to balance development and operations activities effectively throughout the software development lifecycle. By optimising workflows and fostering effective communication, teams can ensure smooth collaboration across the board.
“The key to enhancing collaboration within the DevSecOps triad is a culture of open communication and shared responsibility,” Atlygina says.
Atlygina advocates for the use of collaboration platforms and early integration of security considerations to enhance project security. By promoting continuous interaction between development, operations, and security teams, organisations can strengthen their overall security posture.
Automation Strategy
Automation is essential in both DevOps and DevSecOps. But the question lies in how we prioritise and implement security automation to strike a balance between development efficiency, operational reliability, and robust security measures.
“The key is to integrate security seamlessly and early into the development lifecycle,” Atlygina says.
“Creating CI/CD pipelines with security considerations in mind from the start is a must. Among other things this can involve implementing automated testing and code scanning, security scanning of container images for vulnerabilities, securing the provisioning and configuration of infrastructure components and, of course, enforcing secure user access controls throughout the build and deployment process."
“Continuous monitoring, logging, and incident response automation contribute to maintaining a strong security posture while supporting development efficiency and operational reliability.”
Establishing feedback loops is crucial in DevOps for early issue detection as well and integrating threat modelling into the dev process is a key aspect.
Atlygina emphasises the importance of integrating threat modelling early in the development process and establishing effective feedback mechanisms between development and operations teams. By conducting automated security scans and fostering regular collaboration, organisations can address security concerns proactively.
Operational Considerations in Development
Atlygina highlights the necessity of integrating operational considerations into the development process.
“This includes defining infrastructure requirements and monitoring needs, and employing practices such as Infrastructure as Code (IaC) to ensure that the end product is not only functionally sound but also operationally efficient, scalable, and easily maintainable throughout its lifecycle,” she says.
Development efficiency vs. operational reliability is frequently debated due to the difficulty of ensuring the security of the entire process from code submission to deployment, all while preserving speed and flexibility.
“Navigating the tension between development efficiency and operational reliability involves strategic prioritisation, clear communication between teams, and trade-offs such as finding a balance between rapid feature delivery and ensuring thorough testing,” Atlygina emphasises.
Measuring Success and Organisational Adaptation in DevSecOps
When measuring the success of a DevSecOps implementation, Atlygina says the essential key performance indicators (KPIs) include the four keys identified by the DevOps Research & Assessment (DORA) team.
“Deployment frequency, lead time for changes, time to restore services, change failure rate, in addition to security-related metrics like average time it takes to resolve vulnerabilities,” she says.
“These indicators reflect the balance between development and operations priorities by assessing the speed of feature delivery, reliability of deployments, and the effectiveness of security measures.”
Atlygina urges the importance of creating a collaborative environment and fostering shared responsibility to facilitate a cultural shift toward DevSecOps.
“Facilitating this shift includes integrating security considerations early into the development lifecycle, promoting a continuous learning culture, and emphasizing the importance of collaboration to align teams with DevSecOps principles,” she says.
In Summary, Navigating the DevOps Landscape with Collaboration and Adaptability
Atlygina brings her insights on the intricate relationship between development and operations in the realm of DevSecOps to a thoughtful conclusion.
By fostering collaboration among teams, implementing automation where feasible, and nurturing a culture of continuous improvement, organisations can adeptly navigate this dynamic landscape with both confidence and resilience. Through concerted efforts and a commitment to adaptability, they can gracefully manoeuvre through the complexities of modern software development and operations, emerging stronger and more agile than before.
Anna Atlygina will be speaking at DevSecOps Sydney 2024. Check out the agenda and register to attend by clicking this link!
