Trending News

Industry News - Security - Technology Insights
DevOps
25 Apr 2019
Comments are off
, , ,

Security Teams Hold Organizations from Rapid Software Delivery


Considering the immense pressure that financial organizations face for speeding up their digital transformation and increasing their delivery speed, it isn’t surprising that software testing suffers a major setback, and the timeline for quality assurance is often compressed. Delaying testing until the very end of the development life cycle results in security and compliance issues sprouting up at the last-minute. Unfortunately, the financial sector is one of those that have close to zero tolerance for such vulnerabilities. Dealing with the security issues identified at the end of software development life cycle often forces organizations to change release plans which slows down the speed of delivery. Despite the increasing incline towards digital transformation and agility adoption, security and compliance in financial services are yet to receive the due consideration throughout the software development lifecycle instead of being treated as an ‘afterthought’.

The rise of DevOps during the past years has had several experts worrying about whether the security teams can keep up with the rapid pace of delivery in a DevOps model. DevOps teams, in their quest to achieve elasticity, cost reduction and rapid iteration, often leave security entirely in the hands of a segregated security team. Since manual testing does not go well with the automated workflows associated with the DevOps model, security takes the hind seat for the most part in the product development lifecycle. Another challenge is managing hybrid delivery models in a DevOps environment in which some processes and services are moved to the cloud. This results in a wider security perimeter, and the security teams are left to deal with the complexities of security monitoring and control on hybrid and multi-cloud environments. 

Bridging the DevOps Gap

The only way forward seems to be a dedicated security architecture that enables, not restricts, DevOps adoption. DevSecOps emerged as the perfect remedy for reliability and security in an environment of rapid innovation and fast time-to-market. Shifting security to the ‘left’ of the software development life cycle ensures that the security team and quality assurance become well-integrated with the DevOps team to bridge the gap between security and DevOps. Investing in a strong security architecture that keeps track of security practices across the delivery process chain is usually low on the priority list of financial organizations, but it can reveal security and compliance issues earlier in the software development life cycle; thus, reducing the cost of change. 

Risky Business

Besides, adopting DevSecOps comes easier to start-ups and SMEs due to their limited headcount which makes interchangeable roles and multifunctional teams a necessity rather than a choice. SMEs, owing to their smaller size, have a more favorable environment for DevSecOps, where in the absence of a dedicated security and quality assurance team, security is not delegated to the end of the delivery cycle and is rather considered a responsibility of the entire DevOps team including the developers who must know how to write a secure code. Absence of the silo mentality in SMEs is another important factor which enables DevOps maturity which is directly related with DevSecOps. On the other hand, enterprises struggle with adopting agility and innovation due to the rigidity of the enterprise hierarchy that, more often than not, resists change and is blind to the merits of public cloud, holistic teams and integrated security.

Once deemed as extremely risky by financial enterprises, DevOps and the cloud are becoming an integral part of the financial services as FinTech start-ups challenge the market share of enterprises. However, the lack of integrated security and awareness of DevSecOps within these enterprises is alarming. One of the most important reasons for the indifference of financial enterprises towards DevSecOps is perhaps the low DevOps maturity, which, in turn, is the outcome of their failure to recognize the threat posed by the increasing market presence of FinTech startups. Enterprises, sometimes, are adamant on layering a new security infrastructure on top of their existing architecture in the hopes of overcoming the divide between on-premise and cloud delivery, an issue alien to the ‘born-in-cloud’ SMEs. This creates additional complexities and unexpected loopholes that need to be dealt with manually. Inevitably, majority of the enterprises in financial services fail to match the speed of these startups that are more open and receptive towards the DevSecOps approach. 

Lack of Innovation Results in Poor Talent

With a strong opposition to change, lack of innovation and silo mentality, enterprises are not a major attraction for top tech-talent that is naturally drawn to the openness and agility of the SMEs, which allow them to work on innovative projects and bleeding-edge technologies. To make up for this lack of talent, enterprises need to train their existing staff which is both time consuming and expensive. This is another hindrance for DevSecOps implementation in larger enterprises. Add to that the additional complications of geographically distributed teams for development and operations, startups and SMEs do seem to have an inherent advantage over financial giants in this regard.

DevSecOps may not necessarily yield a significantly faster time-to-market in comparison to DevOps. Because with DevOps, the security strategy requires strong:

  • Feedback Loops
  • Repeated Code Reviews
  • Key Performance Indicators
  • Security Analytics
  • Internal auditing

However, in the end, all the hard work pays off because in the presence of a strong IT security strategy and meaningful audits, ongoing security management and risk mitigation becomes a lot easier and manageable. It also ensures notably less compliance issues once the product is rolled out. The growing FinTech market share suggests that it’s high time that CIOs and IT leadership of enterprises in financial services take bold steps towards overcoming the resistance of their hierarchy towards DevSecOps, that is, if they wish to maintain a competitive edge over FinTech start-ups.

, , , , ,

Direct to your inbox

Sign up to receive our latest research highlights, expert blogs and news about upcoming events.

Follow Us

Popular Services

IT Consultancy & Strategy

Network Design & Integration

Security Assessments

Managed Service Programs

Popular Solutions

VPN-Less Access

Digital WorkSpace (DAAS)

Geo Redundancy