Today at DevOpsDay Austin Puppet Labs VP Tech Operations, author and recovering security professional James Turnbull gave a presentation on DevOps and Security. I’ve embedded his slide below, but the key point that he made that I’d like to emphasize is the importance of getting security into all IT conversations early.
As Turbull puts it: security is often the last team you call when you have a problem because no one wants to have a security problem. It’s a backwards way of looking at things – hoping you don’t have a security related issue and putting off any resolution until it may be too late. Bringing security into conversations, preferably BEFORE a problem happens, is best practice.
But why doesn’t it? Well, Turnbull illustrates it pretty well in this slide:
I find this funny because in a lot of ways the non-security related IT team sees security the same way many see IT operations overall: as the no team. The people who tell you why you can’t do something, rather than the team that tells you HOW you can.
What’s the solution? Unsurprisingly, the answer is better communication and collaboration across silos. But how exactly do you do that? First, we should look at the root of the problem. Turnbull blames the culture of blame. CYA is a mantra for just about anyone in a corporate setting, and there needs to be a way to reverse that trend. There will be a lot less blame to go around if things are done from the start.
It’s crucial, for the reasons Turnbull mentions, that DevOps include all of ops, including security.
include IT services, enterprise technology and software development.
Prior to SiliconAngle he was a writer for ReadWriteWeb. He's also a
former IT practicioner, and has written about technology for over a
decade. He can be contacted at firstname.lastname@example.org.
Latest posts by Klint Finley (see all)
- SpaceOps: How NASA Uses Agile Development in the Search for Life on Mars - May 14, 2012
- Big Data and DevOps: 5 Projects to Watch - May 11, 2012
- TacoConf: Ride a Bike, Eat Tacos and Learn How to Run Your Own “CultureConf” - May 10, 2012