4 minute read

A PRIMER ON DEVSECOPS

GREGG OSTROWSKI, EXECUTIVE CTO, APPDYNAMICS, ON HOW DEVSECOPS CAN ESTABLISH SECURITY TEAMS AS CX INNOVATORS

In 2022, people across the UAE will continue to carry out many of their daily life activities online via digital services and applications.

Advertisement

Everything about an application — from its performance, to its use or the handling of its data — will come under much scrutiny. AppDynamics’ recent

App Attention Index established that 69% of UAE consumers hold brands accountable for poor application performance. And 73% say that brands have one chance to impress them or they will lose them forever if their digital service does not perform well.

In this digital era, software relies on cloud-based and distributed service, but it also means an ever-expanding security perimeter. Customers are understandably wary of entrusting their personal and financial details to brands, so they need to find ways of keeping their platform safe while delivering the very minimum of intrusive security requirements for their users at the front end.

Not an afterthought

Today, security as an add-on is no longer the most effective method from the agile-development and compliance standpoints. The development cycle must include security as an integral element, meaning DevOps and security teams must work together to secure the IT stack while enhancing digital offerings. Our report — Agents of Transformation 2021: the rise of full-stack observability — found that 96% of IT professionals recognise the negative consequences of not using systems that provide insights into the full IT estate, incorporating performance as well as security.

On the journey that security and UX teams take together, security professionals need to contribute their own insights to the experience of users. Having left the siloed past behind, UX and security can consider how to lessen the inconvenience of protection measures, implementing tighter controls that keep users safe while being non-intrusive. Too many pop-ups

will spoil a CX quickly, for example. A balance must be found.

In a competitive region, UAE companies eager to keep innovating will, unfortunately, see security professionals as standing in the way of progress. This too will change if the security team plays a more active role in enhancing CX. In the UAE, our research shows that almost all consumers (95%) consider digital services to be a critical part of their daily lives, but as a result, 74% will assume the application is to blame for any issue they encounter. High performance, 24-hour availability and flawless security are the bare minimums expected by today’s digital consumers.

No room for error

There is no shortage of cautionary tales to illustrate the damage that can be done to a brand’s reputation in the event of a data breach. Loyalties waver and customers churn, often never to return. This leaves no room for error in the new collaboration between application design and security teams. End users, as a rule, should not be the ones to discover bugs.

But if the unification of security and DevOps is handled with care, the results can include both better CX and better security response capabilities. Increased trust is always good for a brand. DevOps has established itself as the best framework for agile development. Now security personnel have joined developers and operations teams to optimise the time to market by incorporating security from the start of the development process. Welcome to DevSecOps, where security issues are easier to fix as they are discovered during the debugging process. Now there is less chance that an end user will find a bug and report it to the world before teams have an opportunity to fix it. Security that is integrated into each layer also prevents the need for expensive and arduous fixes. A recent ESG Research report revealed 78% of enterprises that leveraged DevSecOps had faster time-to-market (TTM).

Full-stack observability on the rise

But mature DevSecOps does not happen in isolation. Uniting the security team with DevOps will only work if all contributors have a comprehensive view of the entire technology stack. A full-stack observability platform shows an organisation the processes and interdependencies within architecture that can affect the security and performance of its applications and their supporting layers.

Along with the silos of the past, DevSecOps needs to get rid of the various department-specific tools that came with those siloes. And their data needs to be warehoused to provide a single view of the digital estate. The DevSecOps team will, as a result, plan its launches and iterations using a common baseline of knowledge. This accelerates development cycles and reduces downtime. Performance and security data, including real-time alerts and vulnerabilities, is available to developers and their operations and security colleagues. What follows are secure experiences that delight consumers and ensure their return. 2022 will be a period of hot competition for the region, in which companies will vie for the attention and approval of more and more online customers. DevSecOps is the ultimate collaboration, bringing together everything that those customers care about — “Dev” for the experience, “Sec” for the safety, and “Ops” for the performance. Companies that get this mix right will enjoy greater loyalty and trust and become leaders in the experience economy.

IN A COMPETITIVE REGION, UAE COMPANIES EAGER TO KEEP INNOVATING WILL, UNFORTUNATELY, SEE SECURITY PROFESSIONALS AS STANDING IN THE WAY OF PROGRESS. THIS TOO WILL CHANGE IF THE SECURITY TEAM PLAYS A MORE ACTIVE ROLE IN ENHANCING CX.

This article is from: