Security can throw a spanner in the DevOps works

Rapid issue of certificates key to tackling fast deployment headache

The agility and speed to market that DevOps can offer can be undermined by security, which can slow deployment drastically by sticking to more traditional methods for ensuring data and applications are secure.

This was the warning from Carl Bourne, global solutions architect at Venafi, who was speaking at the Computing DevOps 2016 conference in London on Tuesday.

Bourne acknowledged that it is not possible to just do away with security, instead noting that a balance between security and agility is key to making DevOps work, and ensuring data and applications remain safe.

However, he said the traditional method of using certificates issued by a certificate authority does not work with DevOps as they can take weeks to be issued, negating DevOps' ability to put new products to market quickly.

"It's painful, slow and clunky," he said. "IT security tends to hinder your efforts and slow you down."

Instead, Bourne said organisations should look to services that work to issue security certificates in an on-demand manner, akin to how most cloud computing based offerings work, scaling as users require.

"You can request certificates every time you need them when your systems goes online or experiences a surge in demand, then revoke them when they're not needed," he added.

Security within DevOps is becoming a challenge for organisations, with the phrase DevSecOps commonly used to refer to the issue.

Increasingly this is also including compliance, with many organisations wary of letting new builds of software and apps into the wild that have not been thoroughly tested to ensure they meet the right compliance requirements.