Data protection and GDPR have taken center stage in global tech conversations — especially in the wake of the Facebook and Cambridge Analytica scandal, which exposed the personal data of at least 87 million users. On the eve of the EU’s General Data Protection Regulation (GDPR) coming into force, which introduces strict limits on how companies collect, store, and use personal data, DevOps professionals — responsible for bridging software development and IT operations—are facing a whirlwind of crisis and transformation. These teams now feel the pressure to rapidly evolve toward DevSecOps and embrace a “Security as Code” culture that embeds security practices directly into the development pipeline.
“By developing security as code, we will strive to create awesome products and services, provide insights directly to developers, and generally favor iteration over trying to always come up with the best answer before a deployment. We will operate like developers to make security and compliance available to be consumed as services. We will unlock and unblock new paths to help others see their ideas become a reality.”
DevOps, the first iteration in this evolutionary line, brought down the walls between development and operations, recognizing the necessity for a shift toward a new collaboration to give “everyone an equal seat at the table,” according to Patrick Debois, who created the movement. “The biggest advantage is the insight that we work in a system. We have to optimize for the whole system and not just for the silo. By optimizing for the whole, we are improving for the business, not just for IT.
Now, DevSecOps is in the second stage of this evolution where, seamlessly, IT security teams are immersed in these new software engineering processes, rather than outside of it. This creates a new culture where everyone is responsible for security in a continuous delivery environment. Given the present landscape of data breaches worldwide, this integration of security into DevOps — of bringing the sometimes at-odds IT security and operations teams together with a new philosophy where security is a constant in the entire operations process — serves best to “adapt our ways quickly and foster innovation to ensure data security and privacy issues are not left behind because we were too slow to change.
Ours is a new world, one where data protection and GDPR are not merely concerns for enterprises and high-value individuals. It’s now about everyone everywhere, and they’ve finally figured that out — well, at least the 2.2 billion users on Facebook. Those in data protection and GDPR compliance who are pushing DevOps teams to this precipice recognize that this perilous new world is a place where existing security models no longer work, and that a fundamental change must become systemic. “We will not wait for our organizations to fall victim to mistakes and attackers,” the manifesto says. “We will not settle for finding what is already known; instead, we will look for anomalies yet to be detected. We will strive to be a better partner by valuing what you value.”
There is no longer any doubt that data protection standards as they exist today — which have failed billions of individuals — must evolve in their processes, protocols and regulations, not only at the scale the EU’s GDPR envisions, but worldwide. At the World Economic Forum’s Annual Meeting in Davos this year, German Chancellor Angela Merkel challenged this reality within the framework of its immediacy concerning much larger social constructs. “The question ‘who owns that data?’ will decide whether democracy, the participatory social model, and economic prosperity can be combined,” she said.
Every two days, we generate as much data as we did from the dawn of time up to 2013, so the solutions will not come easy — and with every passing few days the complications become more and more manifold. Without a new cultural philosophy that tears down current divisions between software and IT security teams, these solutions cannot emerge. And as Merkel challenged, speaking to a global audience, this must be a global solution. The information age has all but eliminated the idea of silos. Populations of people may still live in countries with borders, varying cultures, values, beliefs and languages. However, information and related protection of data know no borders. This is truly international, and it demands a global effort. DevSecOps begins that work and Opinov8 Technology Services is providing a voice and opinion.
If your organization is ready to take action, fill in the form below and let’s explore how we can help you build secure, future-proof systems together.