In this interview, Greg Bledsoe, Vice President of Operations at Personal, Inc. and one of the top DevOps influencers to follow in 2016, is talking about the inevitable marriage between DevOps and cybersecurity and the need to achieve DevSecOps.
JAXenter: What are the latest trends in DevOps?
Greg Bledsoe: The latest and maybe most important trend yet in DevOps is to integrate cybersecurity into DevOps and achieve DevSecOps!
JAXenter:Are the cool kids (tech giants, unicorns) dictating those trends?
Greg Bledsoe: Absolutely not! The reality of data breaches, brand damage, and financial liability are driving the trend as we are realizing that security simply isn’t a corner you can cut anymore and stay in business.
In fact, the large players are playing an increasingly small role in driving trends. That’s one of the side effects of realizing the promise of what I call ultra-wide collaboration enabled by the Internet and the newest collaboration tools and idea-based online communities. The individual has the largest say that they’ve ever had, and the minimization of the roles of the “gatekeepers” will continue. They will be forced to adapt to responding and reacting.
JAXenter: Have we finally understood the need to have a DevOps team? From your experience, are companies committed to making DevOps work?
Greg Bledsoe: I would say that at minimum, the concepts have penetrated the mainstream. Your average developer or Ops engineer at your average mid-sized company at least understands what DevOps is, even if there is no organizational commitment (yet) to implement those ideas. This is why there is still a lot of growth to go for solution providers and thought leaders.
And there’s always the chance that DevOps isn’t for every team. There are requirements and use-cases that might be served better by other conceptual methodologies. I’m not a fan of shoehorning everyone into a “one-size-fits-all” solution because “best practices.” Examining the ins and outs of every situation is still necessary.
JAXenter: Where is DevOps heading? Has it reached maturity or is there still room for growth?
Greg Bledsoe: As I mentioned earlier, DevOps is far from mature and there is lots of room for growth. In my opinion, none of these concepts and methodologies can ever be complete or mature because the technology and business landscapes change too fast. The growing awareness of the risks of cyber-insecurity, for instance, is what is leading us to “the next big thing” which is security awareness, implementation, and testing. In fact, I just wrote an article on the subject.
JAXenter: What should people know about cybersecurity that they are not aware of yet?
Greg Bledsoe: I would say there are two critical things to know that people still don’t seem to have caught on to. First, all business is cyber-business now, and no one is too small to be a target. Second, security can’t effectively be bolted on, it has to be baked in. Which is why automating it into DevOps is a perfect fit!
JAXenter: Do these two terms (cybersecurity and DevOps) have a common denominator or they are two parallel concepts?
Greg Bledsoe: There is no aspect of the software or data lifecycle that is separate from cybersecurity. You have to weave it into every process and tool, because if you don’t, the odds are good you will end up wishing you had.
Thank you very much!