By now you’ve read the first and second parts of our series on culture change within the cloud. Undoubtedly the cloud brings fruitful results for organizations despite the challenges of scalability, employee engagement, and application innovation. Nothing in innovation has come easy, and the cloud serves as no exception.
Besides purchasing the right applications and getting organizational buy-in, technology leaders face one last hurdle when putting together their DevOps strategy: Security. With data breaches and security issues being at the center of the news these days and research firm Ponemon reporting an average data breach costing $4 million dollars, this area is of absolute importance.
DevOps and Security: Dual Potential
Considerable change occurs when applications and teams are migrated into the DevOps model. For one, the qualities, capabilities, and vulnerabilities of those applications stretch across the entire team while for another, teams are more stretched to deliver their innovations to the market. While hiring a DevOps team with the right security background may not be necessary, technology leaders looking to sleep soundly at night may want to consider the following types of subject matter experts on their team:
- Future-thinking senior leadership: Security is a transient issue in today’s cloud world and organizations must hire CIOs and executives who understand this as much. Thinking for today is no longer enough.
- Security champions: Application development must focus on innovation while keeping security at heart. Without a focus on security, the organization will be doing double time to make sure nothing gets breached and that is always a costly add-on.
- Operations: These individuals do not need to know how to develop applications but should be able to manage security in real-time for applications. With cloud enabling accelerated development, there is also accelerated hacking and DevOps teams must match tit-for-tat.
- Analysts: Last but not least are the analysts who keep abreast of platform behaviors. These individuals help bridge the gap between development and operations to create a solution that can’t be penetrated.
The Cultural Ties that Bind
As we have discovered through the work of Rymer, et al, culture is a necessary yet difficult component to implement within a cloud-first organization. The addition of security is paramount for the success of the business and must be discussed. Topics of discussion should include:
- Communications channels: As development and continuous innovation or deployment occur, vulnerabilities will be discovered. How will the team pass on the news to other members?
- Prioritization: While innovation is important, preventing security pitfalls is probably even more. How will innovation and protection be prioritized when security breaches occur?
- The post-mortem: When all is said and done, where does operations fit into the picture? How can processes be further streamlined to ensure that breaches occur as infrequently as possible?
Read part one here.
Read part two here.
Learn More
Where do you think security fits within your organization’s pursuit of innovation? As you migrate into the cloud, how do security and culture compare? Let us know in the comments below or explore the answer by emailing us at sales@perficient.com.
Learn more about our partnerships here.