How development data security operations can benefit the enterprise
For technologists looking to stay up to date with the latest relevant acronyms, add Developmental Data Security Operations (DevDataSecOps) to the must-know list.
DevDataSecOps builds on the commonly used terms DevOps and data ops. Although the term is not yet widely used, data practice in many organizations suggests that it will soon.
Increasingly, we are seeing a need for organizations to move to a DevDataSecOps model that encompasses the core of the DevOps model, while including the critical security and data decisions that drive operation and development decisions, while a DevDataSecOps approach may feel unfortable at first and come with initial challenges (as devops did), we believe it comes with big benefits that data-first organizations can no longer ignore.” Karthik Ranganathan, CTO, and cofounder at Yugabyte
What’s the big deal about DevDataSecOps?
In order to be an effective data-driven business, it is important to set up a strong foundation for the data architecture upfront as businesses evolve to meet the needs of distributed workers, partners, and customers, they cannot build modern applications that provide the desired user experience with a legacy approach to data. Distributed users require distributed data. Trying to change the data layer after building an application results in reduced developer productivity and slower time to value.” Karthik Ranganathan, CTO, and cofounder at Yugabyte
Furthermore, “working in modern environments where being highly secure from day one is essential, security can no longer be an afterthought. Just as the data architecture is critical to how an application is built and what experiences and capabilities should be expected the exact same is true for security.”
By embracing DevDataSecOps practices, data and security architectures are recognized as integral parts of the building and rolling out services rather than ‘specialized’ or ‘expert’ aspects. This enables teams to identify key requirements and thoughtfully make holistic design decisions during planning phases to ensure the key objectives of the service can be met.
The result is that IT groups face fewer surprises and blockers in building and shipping new features due to major re-architectures.
“DevDataSecOps would also require upfront investment into these areas. This means that IT groups would need to take a little more time to plan and architect ahead of time to make the later development and testing processes, which are usually more costly and time-consuming, more successful,”
Benefits of a DevDataSecOps strategy
In the same way, DevOps brought developer skills and insights into operations teams, DevDataSecOps would enable organizations to build similar bridges to data architects and to information security teams.
By creating natural times for when and why the teams should interact and establishing shared objectives for the development of new services or capabilities, the end result should increase the chances of meeting all the goals of an initiative, The end-to-end approach should increase the efficiency of the developer teams by providing them all the requirements upfront and minimizing major rework later in the process.” Karthik Ranganathan, CTO, and cofounder at Yugabyte
When done right, some key gains to be realized are:
- Faster time to value by taking a small hit upfront but greatly reducing the chance of major delays later in the project.
- Increase developer productivity by maintaining focus on value-added efforts and ensuring the right data and security architectures are used to minimize unnecessary churn and work.
- Decreased risk by having core needs of data and security established as a foundational element of any project, versus an add-on, though where it becomes harder to ensure full compliance or address all the needs correctly.
Cultural change will be an obstacle
Despite these potential gains, adopting a DevDataSecOps strategy is not without its challenges.
“As we saw with the adoption of DevOps, the major challenge that will come with DevDataSecOps is making the cultural change and training teams have a holistic, end-to-end approach, While some inefficiencies may exist at first as new processes are established and additional voices become part of the early design phases, over time the overall key requirements and needs will be better understood by the larger organization so that smarter decisions and approaches are proposed from the start.”
Most IT teams, especially at larger organizations, would also need to work with other outside teams to build the required skill set and establish the proper processes for reviewing data and security requirements.
In the meantime, many leading organizations have already started down the path to DevDataSecOps adoption, even if they don’t recognize it.
“While the DevDataSecOps term is not widely embraced yet (and is a mouthful to say), the reality is that many forward-looking organizations that rely heavily on data to power their business, such as large financial institutions and retailers, are already prioritizing their data and security architectures as fundamental parts of their business.”