What Can the DevOps Philosophy Teach Cyber Security?

Image via Pixabay (modified)

In light of last week’s large-scale cyber-attack on the NHS, what must cyber security do in order to prevent these damaging attacks from taking place? Perhaps security has plenty to learn from the DevOps culture in tackling these growing challenges?

The ransomware that hit the NHS on Friday the 12th of May 2017 saw almost 200,000 machines infected in 150 countries, with 47 trusts impacted. Delays and cancellations of NHS services were prevalent as the ransomware attack took hold.

Cyber-attacks of this scale and public exposure prove that there is an ever-growing need for efficient and proactive cyber security, which must be taken seriously throughout every fragment of society in order for the threat of breaches to be eliminated. With billions of people’s data at risk and millions of pounds in question, what else can be done to ensure attacks like this are managed?

Perhaps cyber security can take a leaf out of DevOp’s book? Does cyber security need to be brought closer to a DevOps way of thinking and working?

Is the DevOps Model Effective for Cyber Security?

Cyber security isn’t just the IT department’s problem anymore — it’s a large-scale problem affecting everyone; companies of all sizes and public services too, it seems. With data protection and financial implications at risk, what can cyber security learn from DevOps?

What is DevOps?

DevOps is a culture and set of tools grounded in encouraging collaboration between software development and operations teams, with the main aim being to build, test and release software with speed and reliability at the core.

“DevOps has been a huge boon to start-ups, enterprises and service providers seeking to adapt to a cloud-centric world in which popular services can be quickly rolled out to many users while still maintaining a high level of quality.”[1]

What Can Cyber Security Learn from DevOps?

If cyber security can encourage a better alignment of security with business objectives and with data protection goals implemented early on, as well as the application of automation (the foundation of many DevOps cultures); this may lead to cyber security practices becoming increasingly innovative and agile.

A lesson for cyber security comes from DevOps association with automation. What was once known as one team’s job may not scale in the most reliable or effective fashion. To encourage repeatability, scalability and quality as DevOps has done, security needs to be innovative and discover methods of automating processes to improve its abilities.

Perhaps the most important feature that cyber security can take on from DevOps is speed and agility. Cyber security increasingly needs this level of speed and attention to detail, if it is to keep up with the threats posed by denial-of-service attacks, malware and phishing; issues that recently, have had massive implications for the NHS. There is plenty to learn from DevOps in re-shaping cyber security around its intensifying challenges.

A DevOps-esque approach to cyber security is also one that keeps everyone on the same page; communication taking prime position. Communication and shared understanding are especially important during the adjustment period that security is currently facing, as we come to terms with large-scale cyber-threats and how best to tackle them. There must be an end to the disconnection between ops and security, as common ground such as; joint requirements, roles, responsibilities and aligned objectives are communicated.

So, perhaps it’s about taking influence from what the DevOps culture has learnt and placing it into security?

Cyber Security and DevOps: A Match Made in Heaven?

Are cyber security and DevOps a match made in heaven? Can cyber security be improved with DevOps? They definitely speak the same language. The lessons that development and operations teams learnt in amalgamating into the DevOps culture, cyber security can learn from.

Both DevOps and security set down the metrics for quality, reliability and user experience. They ultimately have the same goal — keep the data reliable and the public content. So perhaps it would be wise to bring security closer to a DevOps way of working?

Will this kind of implementation ensure that breaches of this scale are managed? It seems as though cyber security teams can learn a lot from the experiences of DevOps, and if this is the case, will breaches become less likely?

What are your thoughts on the recent NHS cyber-attack? What do you think that cyber security can do to tackle growing cyber-threats? Is the DevOps model an effective model for cyber security? Tweet me your thoughts: @Alex_Rosengren.

http://blog.trendmicro.com/how-devops-can-be-a-model-for-effective-cyber-security/

http://www.business2community.com/cybersecurity/5-things-security-can-learn-operations-transition-devops-01719564#9QKDcThqwIYx081A.97