Secure application development using the DevOps approach
By Cameron McKenzie
For many software teams, especially those who have not embraced the DevOps approach to integrated design, secure application development, performance optimization and managing other nonfunctional requirements are tertiary concerns that can be dealt with when programming is complete, and all of the unit tests pass muster. But important nonfunctional requirements like security aren't something that should be left to the last minute. "Often, we do the quality or security after the product is made, and that becomes a cost function. It's ten to the nth, depending on the number of processes," says Don Brancato, an enterprise architect at Hewlett-Packard.
What is a better, more Agile approach to dealing with nonfunctional requirements? According to Brancato, there are significant gains to be made by dealing with security early on. How early? As early as the initial design phase, before the first line of code even gets written. "The idea is that if we can get the notion of security to the design side, then the cost will be less," says Brancato.
That cost can be quantified and verified in a variety of ways. Fines can be eliminated when certain security requirements are not met. Development costs can be reduced by not extending the development phrase (for instance, by eliminating a nonfunctional testing routine when application developers hand off their code to the operations team).
Listen to the full interview with Don Brancato to learn more about how forward-thinking organizations are working with DevOps to reprioritize security, performance and other nonfunctional requirements by dealing with these concerns early on in the application design phase.
07 Feb 2013