(5) Continuous security
According to Werner Vogels, CTO and VP of Amazon.com in this post, “
In the past, many companies treated security as if it were magic dust—something to sprinkle on an application after it was ready for release. This doesn’t work well in a continuous release cycle, so organizations had to take a new approach to security, building firewalls around the entire application. But this also introduced challenges. The same security settings were applied to every piece of the application, which is problematic if an application is built with independent microservices that may need different settings.”
“For this reason, in modern applications, security features are built into every component of the application and automatically tested and deployed with each release. This means that security is no longer the sole responsibility of the security team. Rather, it is deeply integrated into every stage of the development lifecycle. Engineering, operations, and compliance teams all have a role to play.”
The role of DevOps isn’t just about development and operations any longer. IT security must also play an integrated role in the full life cycle of your apps. As a result, the term “DevSecOps” has emerged to mean planning for application and infrastructure security from the start.
So, do you need ALL of these in order to be considered modern? No.
To us, it’s all about evolution – it can take time and intentional steps to adapt.
But adapt you must.