While speed and agility are a few of the big drivers for service providers and enterprises embracing DevOps, there needs to be tighter integration between the security and DevOps teams, according to a report by HPE.
HPE's "Application Security and DevOps" report, which included both quantitative and qualitative responses from IT operations professionals, security leaders and developers, found that 99% of all respondents agreed that adopting a DevOps culture has the opportunity to improve application security. But just 20% were doing application security testing during development while 17% weren't using any technologies to protect their applications. According to the report, those issues highlight a large disconnect "between the perception and reality of secure DevOps."
"Our research shows that both security leaders and developers believe that the DevOps movement has the potential to significantly improve application security, but organizations are struggling to realize that potential so far," said Jason Schmitt, vice president and general manager of HPE Security Fortify at Hewlett Packard Enterprise , in a prepared statement. "By understanding the current state of DevOps and best practices for integrating security into the development culture, organizations can successfully secure software in this new DevOps world without impeding the speed and agility that it brings."
The report focused on the key barriers and gaps that were preventing organizations from integrating security into DevOps, including a significant lack of cooperation between developers and security teams. According to the report, 90% of the security professionals responded that integrating application security had actually become more difficult after their organizations started employing DevOps.
There was also a marked lack of security awareness and training for developers. Out of more than 100 job postings for software developers at Fortune 1000 companies, none specified security or secure coding experience and knowledge as part of the skill sets required, according to the report.
In order to overcome these obstacles, the report said that the responsibility for security should be shared across entire organizations, and that organizations should integrate security tools more heavily into the development ecosystem.
10/16/2017 Huawei Network Transformation SeminarThe adoption of virtualization technology and cloud architectures by telecom network operators is now well underway but there is still a long way to go before the transition to an era of Network Functions Cloudification (NFC) is complete.
In this Telco Transformation radio show, IHS Markit's Michael Howard will talk about the network domains that carriers are targeting for SDN, the top SDN services that are driving revenues and the deployment barriers this year. Howard will also address whether carriers are embracing open source or using vendor-specific implementations.
MEF is working to define, deliver, and certify dynamic communications services that are orchestrated across a global ecosystem of automated, virtualized and interconnected networks. In this radio show, MEF CTO Pascal Menezes talks about the challenges and the solutions that his organization is working on and provides a preview of the MEF17 conference in November.
Software-defined networking (SDN) is a key component of services providers' virtualization game plans and AT&T and Level 3 Communications have been at the forefront of its adoption.
In this webinar, Andrew Dugan, CTO of Level 3 Communications, and Amy Wheelus, Vice President of Cloud and D2 Platform Integration at AT&T, will discuss how their companies have leveraged SDN within their networks, services and applications. Some of the key areas that will be covered include:
Automation, APIs and lifecycle service orchestration
The continued evolution of SDN-based solutions and SDN in networks, including SD-WAN, dynamic cloud connections and scalable Ethernet and security solutions.