Spotting DevSecOps Warning Signs and Responding to Failures

A pair of keynote presentations at ONUG Fall 2022 examined issues in the DevSecOps dynamic and how organizations can address such problems.

2 Min Read
DevSecOps logo
Alamy

The perfect blend of development, security, and operations (DevSecOps) can elude many organizations and hamper the digital transformation efforts, even if they think they are on the right path. Sorting out stumbling blocks in DevSecOps and dealing with outright failures in the process took center stage in two keynotes at last week's ONUG Fall 2022 conference in New York City.

James Wickett, co-chair for DevSecOps at ONUG Fall 2022, focused on warnings organizations should pay attention to while Vandana Verma Sehgal, chair of the board of directors with OWASP, examined failures and ways organizations can respond. The event, hosted by ONUG (the Open Networking User Group), brought out the enterprise cloud community to tackle issues.

Wickett gave a keynote on "DevSecOps Warning Signs and What to Do About Them" and dove into breakdowns within enterprises. He is also founder and CEO of DryRun Security.

"Why is DevSecOps not working in many organizations?" Wickett asked. He said in some cases, security might not be included in digital transformation, possibly as a byproduct of moving fast. Security professionals might also see themselves as different from others in the organization, Wickett said, and adopt rather Draconian perspectives. "Many security teams work with the world view where their goal is to inhibit change as much as possible."

Related:What Is DevSecOps?

Such sentiment can go too far obviously, Wickett said, especially if security puts guardrails around the wrong things and hobbles productivity in the process. "That is a place you don't want to be inside of an organization," he said.

The notion of pitting security versus IT and the business can just be counterproductive, Wickett said. "That is a false sense of transformation."

The premise of DevSecOps, he said, is to take DevOps practices and principles and build security into the cycle, not that security is swooping in to fix DevOps. Wickett suggested developers find ways to give telemetry back for application security, as well as conduct some self-testing. Operations should also add security and telemetry to the observability stack, he said.

Read the rest of this article on InformationWeek.

Read more about:

DevSecOpsInformationWeek

About the Authors

Joao-Pierre S. Ruth

Senior writer, InformationWeek

Joao-Pierre S. Ruth has spent his career immersed in business and technology journalism. He first covered local industries in New Jersey and later became the New York editor for Xconomy, where he delved into the city's tech startup community. He also freelanced for such outlets as TheStreet, Investopedia and Street Fight. Joao-Pierre earned his bachelor's in English from Rutgers University. 

InformationWeek

InformationWeek, a sister site to ITPro Today, is a trusted source for CIOs and IT leaders seeking comprehensive and authentic coverage of the constantly evolving world of technology and its impact on business. Our experienced and ethical journalists conduct in-depth examinations of crucial issues and the impact of global events on IT operations and strategies, helping forward-thinking executives stay at the forefront of their industries. InformationWeek also provides a platform for enterprise IT leaders and leading tech companies to share their insights and experiences through exclusive interviews, opinion pieces, and events, offering firsthand accounts of strategies, trends, and innovations.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like