The notion of developer operations, or DevOps, has become synonymous with information technology agility in the enterprise, combining software development teams with information technology operations personnel to get software out faster.

But too often, that can cause bull-in-a-china-shop application development and deployment, raising sticky security issues. That’s the broad problem that Chenxi Wang (pictured), founder and managing general manager of Rain Capital, is looking to solve.

“One of the areas that I’ve been focusing on in the last two or three years is looking at the impact of DevOps practices to IT, including security — and it’s a huge impact,” said Wang, whose early-stage venture firm is focused on cybersecurity innovation and artificial intelligence for its clients.

The old rules for developing and securing applications are going out the window thanks to DevOps, according to Wang. Traditionally, teams would build applications, and they would go on to a round of security tests before receiving the green light for deployment. “DevOps practices disrupt all of that,” she said.

Wang spoke with Peter Burris (@plburris), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, at theCUBE’s studio in Palo Alto, California, to discuss the current state of enterprise security and the ways Rain Capital is working to mitigate risk in DevOps.

This week, theCUBE spotlights Chenxi Wang in its Women in Tech feature.

‘We have a long way to go’

After years of observing roadblocks to IT security, Wang founded Rain Capital to help companies find new approaches to dependable security as capabilities are increasingly sourced from public cloud or service providers.

“I think we are different because we have a deep understanding of the market and … technology, and also very extensive relationships with end users,” Wang said.

Through conversations with technology end users, Rain is finding that security and DevOps can make squirmy bedfellows. “What DevOps says is: ‘I’m a developer; I can deploy my application directly onto a production server without going through all those gates because business agility demands it.'”

Though this zealous approach might sound promising at face value, it leaves pipelines vulnerable to security risk. Last year, Uber Technologies Inc. exposed the data of 57 million customers when the company’s developers mismanaged credentials by using a workaround in the company’s software repository.

The event rattled confidence in the company, but Uber isn’t alone. A recent industry report showed that 73 percent of orgs have no DevOps security strategies in place.

Once developers or testers have ultimate say-so on what hits production servers directly, old heavy-handed security practices go away, according to Wang. As the acceleration of the market toward cloud outpaces security protocols, organizations and their customers are left vulnerable.

“It’s very common for companies to want to move their workloads” from their internal data center to Amazon Web Services, Google Cloud and Microsoft Azure. “[They] don’t want to go through all the testing and pre-implementation practices. The portability also disrupts existing security practices.”

Enhancing enterprise security

In its security work with businesses, Rain Capital focuses on developing standards and creating greater visibility. The company stresses real-time monitoring as crucial to optimal security and performance.

“What we want is monitoring capabilities that are able to do it in a platform-independent way, but give you real-time visibility and response capability,” Wang said. “That’s where the innovation comes from.”

Even with these tools in place, Wang believes tech’s true security rehabilitation must start with a fundamental mindset shift. She has already observed companies beginning to erase the boundaries between IT and applications teams, and she sees a future in which applications are developed collaboratively with security built in from the start.

“[The team] breathes the application demand, knows what the application wants to do, and then works with the developers to establish policies and deployment practices as opposed to being arms length from the developers, which creates all kinds of tension,” she explained.

A shift toward more collaborative institutions looks all but inevitable as businesses scale into the cloud and manage an increasing number of heterogenous workloads. According to a recent study, 56 percent of organizations have application containers running in production, and 24 percent more plan to move into production over the next year.

As businesses are put in the position of negotiating, monitoring and managing security relationships with third parties, Wang advises a strategy founded in flexibility.

“Don’t get locked in,” she counseled. “All the platform providers want to give you all these enriched capabilities as long as you buy into [their] services. What you want to do is … stay at the level that [you] can easily move.” Although that may mean compensating with third-party technologies as opposed to buying into a vertically integrated notion of platform providers, Wang assures retaining the option is worth the work.

Led by women

Rain Capital differentiates itself as a company committed to transforming DevOps cloud security, but it also holds another distinction as well. “It’s a woman-led venture fund, which is a rarity in Silicon Valley,” Wang said. Women remain severely underrepresented in science, technology, engineering and math, working only 24 percent of STEM jobs. Women make up only 11 percent of tech security employees, according to Wang.

A longtime advocate for women in tech, Wang serves as program co-chair for the Grace Hopper Conference and develops the event’s security and privacy content. “People go to the Grace Hopper Conference and they come back so inspired, because they see all these women representing them,” Wang stated.

With significant work to be accomplished in both security and inclusion, Wang and Rain Capital stand to serve the industry and society at large. “The need for an ecosystem that is inclusive, that is enabling for underrepresented, either gender or race, is huge,” she said. “I think in Silicon Valley we need that; in security we need that even more. We have a long way to go.”

Here’s the entire video interview with Chenxi Wang, one of many CUBE Conversations from SiliconANGLE and theCUBE:

Photo: SiliconANGLE