As success with DevOps continues to make progress, it ventures into taking on other areas where traditional SDLC / IT practices have been less than optimal. Alongside this need, the IT Security technical landscape has been in rapid transition, making it near impossible for security teams to keep up with both increased DevOps velocity and the changing security landscape. Now, teaming up security in the continuous integration (CI) and continuous delivery (CD) model has a potential to be a game changer.
In the beginning, the movement started out being called DevOpsSec. ‘Sec’ was appended on to the end – almost like a caboose on a train – an afterthought. But in reality, security must be thought of, designed, and practiced throughout the process. In light of this, the more current term is DevSecOps – one where we weave security into our integration. Originally, marketing hype from each security software vendor clouded the concept. But, the movement is less about tools, and more about the way in which we work together, in parallel.