So you got your Series A banked, you celebrated, got some pool tables and tap beer for the canteen…Congratulations, you are now in the…
No, this is not an article about criteria for picking the Most Valuable Player in your company, this is about the DevSecOps culture in the year of the release of your Minimum Viable Product (MVP). You got a product released, it caught the eyes of some sharks, dragons or angels and they decided to back you up… awesome. So you got your Series A banked, you celebrated, you rewarded your employees with bonuses and office pool tables and tap beer in the canteen… Congratulations, you finished the intro level. You are now in the game.
What’s the next step?! You invest heavily in marketing, you start hiring ruthlessly, maybe you bring in a squadron of contractors, the brand is forming… Can you handle it?! It depends on your processes. The process is a term I do not use lightly. No company can handle rapid growth in both employment and/or customers without a well defined governing process on how things are done. Enter the DevSecOps culture. I intentionally used the term “culture” and not “team” or “engineer(s)” or something similar, because my belief is that DevSecOps should be more than just a job position. DevSecOps means above all else “awareness”. Awareness of your Development, Security, and Operations processes. The DevSecOps engineers are those that are responsible for putting those processes in place and have the not so gratifying role of “process police”. The moment right after securing your investment is the opportune moment to take a step back and reflect on several aspects of your software.
First things first. Get the band together, sit down in a circle, and take a birds-eye view of everything. But take an eagle-eye’s view (zoom in closely on everything). The most common corners cut during the development of an MVP are in the areas of:
Every company building an MVP is willing to sweep a bit of technical debt under the rug here and there in one or more of these areas, and that is understandable to some extent. But now that the MVP is out and investment is secured and expansion is more likely to happen, you have no excuse not to double back and address this.
When you started building the app you made all the users in your cloud provider account with administrator permissions. That’s fine, they all needed to get things done quickly, and having a single admin could potentially be a bottleneck.
Furthermore, your team is distributed, so you allow access to your resources (e.g. database) from everywhere because the developers can work faster if they can just hook up their local machine directly to the staging or even production database, but that’s also fine because you put a super-secure password on the database user.
Enter DevSecOps awareness. These corners that were cut to get things moving faster are now a potential risk for a major issue in the future. With business “booming” there’s bound to be someone that will look to exploit any vulnerability new software are likely to have. Whether that would be for a bounty, intentional damage, or just for the sake of it, is irrelevant.
In summary, here’s a security checklist:
Ok, in today’s world it is somewhat of a must to run CI at least, right from the start. If you do, great, this should make things easier. Nevertheless, with a sudden expansion of your team of engineers, a properly set up CI (or even better, CD) process can mean the difference between success and failure. How do you justify to your team a release process that takes several hours of on-hands work just to fix a certain bug or roll out a new feature?! You don’t. You automate it. You automate everything possible. In order to be able to cope with the sudden increase in traffic and team velocity, a proper CI/CD pipeline is a must.
DevOps and Cloud computing are joined at the hip, now that fact is well appreciated by the organizations that engaged in SaaS cloud and developed applications in the Cloud. During the COVID crisis period, most of the organizations have started using cloud computing services and implementing a cloud-first strategy to establish their remote operations. Similarly, the extended DevOps strategy will make the development process more agile with automated test cases.
In this article, see if there are any differences between software developers and software engineers. What you’re about to read mostly revolves around my personal thoughts, deductions, and offbeat imagination. If you have different sentiments, add them in the comment section, and let’s dispute! So, today’s topic…
What is DevOps? How are organizations transitioning to DevOps? Is it possible for organizations to shift to enterprise DevOps? Read more to find out!
DevOps automation tools help increase your application development agility and speed up delivery for software changes.
Custom Software or Off-the-shelf software, the question in mind for many business personnel. Read this blog to get help to make right decision that will benefit your business.