Page 30 - info_oct_2021_draft13
P. 30

DevSecOps








          Producing high quality, secure
          software at pace














              e   must  always  meet  customer’s
              requirement. Be it any role in the software
         W  industry - developer, tester, security   Enterprises across the world are demanding software release at high
          auditor or manager, our job is to support the
          business so that it wins in the marketplace. Now,   speed to meet business requirements. when software is developed at such
          there is tough competition among the business
          players in every field to woo the customers. So,   speed, security should not be left behind which can only happen if security
          they demand product innovation and delivery   is built in to SDLC. Such requirements gave birth to technologies like
          at a rapid pace. Three or four product releases
          in a year is no longer a norm, business demands   Agile development, DevOps and DevSecOps.In this paper we describe the
          the release every week or every month with new
          features or to support the customer requirements.   DevOps technology that enables Development team and Operation team to
          These paradigm shifts happening in the industry
          gave birth to technologies like Agile Software   collaborate with each other on day to day basis such that operational issues
          Development practices, DevOps, DevSecOp etc.  and customer problems reduce to a larger extent. We also explain DevSecOp
          Why DevOps?                        technology that allows security to be built in to the application through
            If Development and Operation work in silos,
          then when a developer writes code, builds it,   automation, cultural shift, application security programs etc. In the end we
          tests it and deploys it into the operation, it
          normally fails. Whatever the failure may be-   describe what technologies and tools NIC is providing to the developers to
          deployment failure, operation failure or crashes,   implement DevSecOp across organisation.
          the customer  faces the problem in running  the






                                             business. Normally, in such cases, the blame   and versions. Moreover, as discussed earlier,
                                             game begins, people from development say that   it  is  today’s      requirement  to  push  the  code  to
                                             there are operational issues and people from   deployment/operation at a rapid pace, certain
                        Anil Kumar Jha       operations blame it on development issues and   deployment each day. DevOps was created to
                        Sr. Technical Director   a lot of time is lost in the process. This usually   address all these issues.
                        (Application Security Group)  happens because development and operation   DevOps best practices can be narrowed down
                        aniljha@nic.in       are not in sync with the software stack, tools   to three basic principles called the three ways :



          30  informatics.nic.in  October 2021
   25   26   27   28   29   30   31   32   33   34   35