Cloud-based, distributed information technology is plowing everyone out of their comfort zone. Developers and operations teams are trading hats as software release cycles become too frequent for after-the-fact fix-ups. Now, developer operations faces a cranky security department shackling agility. Can security and DevOps make friends for the greater good?

The grievances aired in these conflicts are often the same, according to Dan Hubbard (pictured, left), chief executive officer of Lacework Inc. “The DevOps people say, ‘Security slows us down. They’re getting in our way.’ And security says, ‘Developers are insecure. We’re totally going to get breached,'” he said.

DevOps is more distributed than security right now and often races to production first; equalizing the two is in order to eliminate friction, Hubbard states.

Hubbard and Ilan Rabinovitch (pictured, right), vice president of product and community at Datadog Inc., spoke with Lisa Martin (@LisaMartinTV), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, and guest host Justin Warren (@jpwarren), chief analyst at PivotNine Pty Ltd., during the AWS re:Invent conference in Las Vegas. They discussed why security and DevOps must blend together in cloud and cloud-native IT environments. (* Disclosure below.)

Seeing over the fence

Security has much to gain from collaborating with the folks on the other side of the fence. “Quite often, security people don’t know enough about the application or the infrastructure to know if it’s a risk,” Hubbard said.

DevOps can more easily say whether a security alert is serious in many cases. When DevOps transfuse its knowledge to security and security can see how apps are developed and deployed from the start, what you have, essentially, is DevSecOps. 

DevSecOps is crucial for companies committed to cloud-native practices like continuous integration/continuous delivery. It can prevent security issues and performance glitches before they occur. Some argue that DevSecOps requires a new kind of monitoring platform. Datadog has partnered with Lacework to enrich its new security-monitoring platform with Lacework’s threat data. It also includes metrics and monitoring for applications and infrastructure. The platform provides the visibility needed by every syllable in DevSecOps, according to Rabinovitch.

“We find that a lot of time, the first sign that something is going wrong might be a change in how your infrastructure or how your applications are performing — or a request that came in. If we’re able to marry the two together, [it gives] people a much, much clearer insight into what’s going on,” Rabinovitch concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Invent event. (* Disclosure: Lacework Inc. sponsored this segment of theCUBE. Neither Lacework nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE