Chapter 3. DevOps and DevSecOps

While there are probably a lot of other reasons for the value, importance, and uptake of DevOps and DevSecOps, a significant one is the rise of web applications. When you start to deliver applications using the web, the way you structure your development process starts to change, because deployment can be (and often is) done much faster than the traditional approach, which can take months. Once your deployment cadence starts speeding up, there is a burden on the operations team to support that deployment—after all, it’s your operations team that has to handle the deployment now, since the customer is no longer performing the installation.

DevOps has become a much more prevalent set of practices over time, as operations teams continue to get more say in the overall development process. There are advantages for others as well using DevOps. From a business perspective, of course, there is the potential to reduce overall costs. From the perspective of the development team, there is the potential to increase overall quality across the life cycle of the product being developed.

DevSecOps is another set of practices that is gaining a lot of traction, again driven by development shops focused on web application development. It is simplistic, though, to say that DevSecOps is just a question of inserting security into the existing DevOps culture. As security itself is as much a culture as anything else, it’s not as simple as just saying “we do security with ...