To define a strategy for DevSecOps adoption, it is necessary the constitution of a common soul, declined in a team/technology center with cross skills for all areas of action of the model.
By Enrico Frescura, Head of Data Security Area at Kirey Group
The global DevSecOps market is trending positively, although current datatell this approach is still niche.
Both large and small companies recognize the benefits, but when faced with it the main question is: "DevOps is useful, but how can we implement it?
The situation becomes even more complex when we add the Security component, felt by companies as an increasingly strong need, today more than ever.
DevSecOps: a mission really impossibile?
Until recently, the main operational areas within an ICT infrastructure were typically 3, managed in vertical silos:- R&D: a mix of architectures where application and infrastructure projects were defined, overseeing the company ICT strategy;
- INFRASTRUCTURE: operational area for infrastructure management, from network to middleware;
- SECURITY: structure responsible for cancelling or mitigating ICT risk.
Analysts have found a possible solution, also supported by the market. This requires an evolution: the constitution of a common soul, declined in a team/technology center with cross skills for all areas of action of the model. The main task of these teams is to dictate the DevSecOps strategy of adoption and evolution, supporting both the design and the operational phases.
Synergy and overview with the "champions"
To ensure enough effort and know-how, the team often chooses some "champions", who can interoperate with each other, vertically covering all areas of the model. Each architect will not have a training and knowledge on every topic, so it will be crucial to create a team capable of confronting and that can overcome the barriers between the various fields of action and building a synergy and an overall vision.
The main tasks are:- continuous research of the best technologies, constantly updated with respect to the market offer;
search for orchestration without technological constraints (avoid vendor lock-in on both technologies and cloud providers); - definition of design procedures and processes, respecting agile frameworks and always considering security-by-design and by-default, ensuring their adoption;
- continuous training on internal frameworks, technologies and implementation processes;
- support to the various vertical structures, owners of the various processes and technologies.
The new approach of Kirey Group
To cover all Customers'needs in the DevSecOps area, Kirey Group anticipated the market needs, by creating an offer stream in 2019 that replicates the same organizational strategy and strategic setting, ensuring a common vision.
Kirey Group took the best from its Development, Operations and Security areas, creating a cross-functional team of specialists such as BDM, Architect and Delivery, able to implement the DevSecOps in all its phases, ensuring an overall "harmony".