Marco Comastri, CA Technologies EMEA General Manager, delved into the topic of DevSecOps with CBR’s Tom Ball at CA World 17.
AI, collaboration, security, IoT, GDPR and blockchain are all tech topics that have been red hot throughout 2017, but it seems that another merging of two IT spheres is set to become the latest buzzword on the already crowded tech landscape.
DevSecOps seems to be stepping into the digital transformation spotlight in recent times, so much so that it took a leading role in the opening keynote of CA World 2017 with CEO Mike Gregoire clearly stating the importance of DevSecOps in his own company’s transformation.
“At CA we have plotted a path and have transformed our business into an agile DevSecOps environment, which helps drive maximum digital impact and this transformation is available to all of you,” said the CA Technologies CEO.
DevSecOps essentially builds on the thinking that everyone is responsible for security, but CA Technologies is pitching the approach not just as a superior way to work securely in the enterprise, but as an enabler for business.
“Security and DevOps go very well together. Without automation you cannot have security as a critical success factor, and an enabler for making additional business,” Marco Comastri, CA Technologies EMEA General Manager, told CBR.
DevSecOps is a combination that is becoming increasingly common, with its capability of providing security at scale across an organisation an exciting prospect given the growing need to leave no stone unturned in terms of security.
“It is not just about having smart security solutions, it is about managing the smart security solutions through an industrialised DevOps approach that makes the entire corporation go in the right direction, with the right level of speed to go to market,” said Mr Comastri.
While the principles of DevOps and collaboration swell with popularity, Mr Comastri made it clear that there must be a structure behind projects that are centered on openness.
“If you think about developing new applications, new applications can be developed with the new techniques of agile, but the new techniques of agile can become limitations,” the EMEA GM said.
“It is only when you have a common methodology and a common platform across the different projects that things can happen through collaboration… If you do not make the collaboration based on the methodology and the specific framework available at enterprise level, then you miss the efficiency that enterprises need.”
One area which would benefit from the DevSecOps approach is IoT, a key area which CA Technologies is trying to position itself as an enabler of the Things market.
Saying that the key to IoT is in the managing, securing and leveraging of the vast quantities of data generated, Mr Comastri acknowledged the potential cybersecurity risks posed by connected devices but was clear that risks must be taken in this market of opportunity.
“It is as if to say I don’t want to go on the next travel in my life because it is risky, of course you need to take the right measures in managing the risks, but that is reality. New business opportunities need to be managed and need to be secured properly.
“What we are doing is providing tools to the companies that are leveraging IoT to make security part of the application – as a kind of DNA. What we have done through the acquisition of Veracode is to give the ability to manage security to the enterprise from the beginning of the application development cycle,” Mr Comastri said.
CA Technologies was able to bring in the capabilities of Veracode, a firm focused on securing applications, in a $614 million deal earlier this year. The acquisition, combined with the bold rhetroic at this year’s CA World, makes it clear that CA Technologies is backing DevSecOps in the digital transformation race.
This should be welcome news to the those in the world of cybersecurity – it shows that the old way of thinking that security is just the job of the IT department is slowly becoming redundant.
We have been told over and over again that security is everyone’s problem, but with DevSecOps, that way of thinking may just become reality.