A Chat With Oseloka Obiora, CTO of RiverSafe

DevOps is a combination of approaches, practices and tools that aim to make software development more efficient. It does this in large part by bringing together the development and the operational aspects to work side-by-side, which is how the methodology gets its name. At RiverSafe, we’ve seen a rising need for businesses to upgrade their DevOps operations and now is the perfect time for them to engage with it.

By breaking down the disconnect between two very crucial teams and boosting cooperation, issues are found and rectified more quickly, and that allows DevOps teams to deliver high-quality software faster. And by shifting left and embedding security from the outset, teams can create code that is more secure and save valuable time down the road.

DevOps isn’t always easy to bring in, especially in large organisations with multiple teams and set processes. But, when done well, the efforts are well-rewarded with a more efficient software development process, huge time and cost savings and better-quality products, all of which can give organisations a competitive edge.  It has countless benefits and is definitely something organisations should be considering.

What Role Can DevOps Play In Cybersecurity?

DevOps can be massively beneficial to improving the security of software products. The practice of embedding security into the DevOps approach, known as DevSecOps, helps teams deliver more secure products by building in security from the very beginning of the software development lifecycle. This practice is known as ‘shifting left’: taking something that would usually come later in the process and moving it up to the beginning, preventing it from becoming an afterthought.

Traditionally, security has been something that’s tacked on at the end of the process, but with DevOps, security is top-of-mind throughout. That means developers and operations teams are considering security at every stage, searching for vulnerabilities early, and mitigating the risk of any issues making it to the end product.

The shift left approach brings greater value to the process by allowing teams to address security issues early on. Putting security on the back burner can create major issues in the late stages of the SDLC. If a vulnerability is discovered shortly before a product is due to go into production, it can be extremely costly, time-consuming, and stressful to fix. Plus, creating a product that has better security posture from day one reduces the likelihood of expensive and damaging issues like data breaches.

What Are The Main Benefits Of The DevOps Maturity Tool For Businesses?

DevOps is an iterative process. Teams should be thinking all the time about how they can improve the way they work, how their pipeline could flow more smoothly, and what else could be automated. And the best way to continuously improve a process is to assess it.

There are levels of maturity when it comes to DevOps. If a business wants to improve its DevOps practice, it first needs to understand its current capabilities and find out where there’s room to make things more efficient.

That can be a daunting task for many organisations, especially if they’re in the early stages of their DevOps journey. That’s why RiverSafe has created a free tool to help teams quickly size up their maturity, and get actionable advice on how to get to the next level. The tool is built on over ten years of insight from Google’s DevOps Research and Assessment framework, which is the industry standard for evaluating the value of DevOps practices.

How Frequently Should Businesses Self-Assess Their Security Measures And Why Is This Important?

The cybersecurity landscape changes on a daily basis. Cyber threats and the techniques employed by bad actors evolve so quickly, it’s critical that businesses are up to date on trends, patching vulnerabilities, and updating their systems against the latest threats.

If you’re fortunate enough to have an in-house security team, this is something they should be doing continuously. If you don’t, then the more regularly you can take stock of your security posture, the better. Most cyber-attacks are a result of repetition and brute force: criminals and hackers are making constant attempts to break through organisations’ defences, so if a vulnerability appears in your system, you need to find it before they do.

It helps to have a framework in place that you can use to review your security measures, so that your assessments are not only regular but consistent. The NIST framework is a good place to start. It’s also important to remember that cybersecurity posture is not just about technology. Human error remains the most common cause of security incidents, so be sure to assess your users and make sure their awareness of threats and the measures you have in place to protect them is up to scratch.

How Do You See The DevOps Market Evolving Over The Coming Years?

As DevOps evolves and becomes more refined, we’re seeing a lot of more niche specialisms and focuses spinning off it; not just DevSecOps but MLOps and AIOps, for example. DevOps is all about continuous improvement, and clearly the DevOps process is becoming more sophisticated all the time.

As automation continues to become more ubiquitous, AI and ML will likely play a bigger role in DevOps, allowing companies to scale more effectively. The increased presence of AI in DevOps will become critical as DevOps becomes more accessible, more businesses adopt its practices, and demand for DevOps professionals becomes even fiercer. So we’ll probably see more DevOps tools that are AI-infused to help businesses get the benefits of DevOps, even if they struggle for talent.

There’s also a lot of talk about platform engineering being the next stage in DevOps evolution. Sharing a lot of goals with DevOps, platform engineering focuses on creating the infrastructure, the tools, and the workflows that developers use to do their jobs effectively.

Often, platform engineers develop reusable, self-service tools that allow developers to push code faster, and reduce time spent on repetitive manual tasks. We could progressively see platform engineering used alongside DevOps practices, giving DevOps teams reliable platforms on which to build and empowering them to deliver great products faster.