Google Reveals Security Best Practices Behind DevOps Success | CIO Insight
News & Trends
SHARE
Facebook X Pinterest WhatsApp

Google Reveals Security Best Practices Behind DevOps Success

Written By
Drew Robb
Drew Robb
Feb 26, 2022
3 minute read

Google has been at the forefront of the DevOps movement, signified by the release of the seventh annual 2021 Accelerate State of DevOps Report by the Google DevOps Research and Assessment team (DORA). It covers many factors found in top-performing organizations that contribute to DevOps success.

The points include how they manage to lower lead times for changes, incorporate site reliability engineering (SRE) best practices to gain higher performance, move more workloads seamlessly to the cloud, improve software quality using documentation, and develop a dynamic and engaged team culture. Researchers also highlighted how important it has become to integrate security practices into DevOps throughout the software supply chain.

According to the report, “as technology teams continue to accelerate and evolve, so do the quantity and sophistication of security threats.”

Last year, for example, Tenable’s 2020 Threat Landscape Retrospective Report showed that more than 22 billion records of confidential personal information or business data were exposed. That has created a climate where security can no longer be an afterthought.

The need to incorporate security into DevOps practices

The time-honored custom of building the app and then making security features the final step before delivery doesn’t work anymore. Instead, security must be integrated throughout the software development process—hence the growth of SecDevOps in parallel with DevOps.

The DORA report makes it clear that in order to securely deliver software, security practices must move as fast or faster than the pace of the ploys and strategies devised by malicious actors. Researchers used the example of the 2020 SolarWinds and Codecov software supply chain attacks.

Such broad-reaching hacks are becoming more commonplace, and more hackers are learning to bypass the old model of compromising one enterprise system. In the SolarWinds example, the hackers figured out how to compromise SolarWinds’s build system and a Codecov script. This enabled one hack to be multiplied effortlessly by embedding malware into the infrastructure of thousands of SolarWinds and Codecov customers.

“Given the widespread impact of these attacks, the industry must shift from a preventive to a diagnostic approach, where software teams should assume that their systems are already compromised and build security into their supply chain,” said the report.

Also read:  Can Companies Future-Proof Against Security Vulnerabilities?

Top industry performers Integrate DevOps and Security

To drive the point home, researchers stated that a small percentage of elite performers who are achieving the most business success and agility courtesy of DevOps excel at implementing security practices. The top performers had security better integrated into their software development process than less successful rivals. This enabled them to accelerate software delivery while maintaining a high level of security and reliability.

Further, those teams judged to be in the top bracket on integrated DevOps security are 1.6 times more likely to meet or exceed their organizational goals. The conclusion is clear.

“Development teams that embrace security see significant value driven to the business,” said the DORA report.

Advertisement

How to Enhance DevOps Security 

The report also included tangible steps businesses could take to securely improve their speed of software delivery and its impact on business results:

  1. Testing: It is vital to thoroughly test security features as a part of any automated testing process. This should include areas where pre-approved code should be used. 
  2. Integrate DevOps and security: Security needs to be made part of the daily work of DevOps throughout the software delivery lifecycle. This should also include the design and architecture phases. 
  3. Review security: Security reviews are needed for all major features. 
  4. Pre-approved code: Pre-approved, easy-to-consume libraries, packages, toolchains, and processes bake security into commonly-used coding elements, thereby reducing the burden on developers and IT as a whole. 
  5. Planning must include security: Even in the earliest planning stages, it is vital to pay attention to potential security weaknesses and allow enough time to fix them.

Read next: Best DevOps Tools
Drew Robb

Drew Robb has been writing about IT and engineering for more than 25 years. Originally from Scotland, he now lives in Florida.

CIO Insight Logo

CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need to maintain regulatory compliance for their teams and organizations. CIO Insight is an ideal website for IT decision makers, systems integrators and administrators, and IT managers to stay informed about emerging technologies, software developments and trends in the IT security and management industry.

facebook
linkedin
rss
x

Company

Contact us Advertise with us

Categories

IT Management IT Strategy News & Trends Blogs Case Studies Books for CIOs

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information