Google Trends shows that DevSecOps is a popular term. This has been evident for the past two years. It’s easy to grasp the high-level definition of DevSecOps: it’s security integration to DevOps. It’s an agile approach towards IT security. It can be a bit tricky to dive deeper though.
There is a lot of confusion surrounding DevOps’ definition. It’s bad when Wikipedia doesn’t clearly define DevOps. DevOps being the most popular “xOps” term can cause confusion about what SecOps or DevSecOps really are. It becomes even more confusing when you consider that “SecOps” can sometimes be used to refer to DevOps-related-security.
We’ll be discussing the DevOps debate, giving our take, and explaining SecOps and DevSecOps more in detail.
How do we define DevOps?
Despite our best efforts, it is unlikely that everyone will agree on a definition. The debate has been ongoing for some time. There are many people who will tell you that DevOps does not fit the description of a job or a role.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start training You can also find out that there is a lot of demand for DevOps jobs by doing a quick internet search.
You may also read that DevOps doesn’t refer to a technology or tool. You might also notice that many “DevOps” tools and technologies are being promoted online.
We can understand the argument of those who claim DevOps culture. DevOps culture is based on the principles of delivering applications quickly and improving quality. DevOps is all about people, teams and communication. DevOps, which is an agile approach to software engineering, emphasizes cooperation between operations and development teams.
They seem to be the most “right” when you look at the origins of the term. DevOps is now an adjective. It shouldn’t have, but it did. DevOps is commonly used to describe jobs and tools that meet a certain criteria. We prefer a pragmatic definition that covers most uses of the term. Although AWS does a great job of providing such definitions, we prefer to keep it to the first part.
“DevOps” is a combination of cultural philosophies and practices that increase an organization’s ability deliver applications and services at high speed.
Although DevOps refers to a culture at its core DevOps can also be used to refer more than just philosophies. When someone asks you about a DevOps product, they will likely refer to products like Puppet, Jenkins, and Docker. It’s not uncommon to think of “DevOps Engineer” as a role that requires *nix administration and automation skills, as well as scripting skills.
Although some may find this a bit odd, it is essential to understand that there is much debate about DevOps and how it is used. You can create your own, more nuanced definition as you dig deeper into DevOps.
DevOps can be referred to as either a noun and an adjective. It’s the culture and philosophy that underlies the underlying ideas. It can be used to modify terms such as “engineer” and “tool” in order to indicate a specific thing.
Understanding SecOps
We now have a (hopefully acceptable) definition of DevOps. Let’s first review SecOps before we move onto DevSecOps. Although the term SecOps is less commonly used than DevOps it does convey some details about how IT security is done. In a nutshell the term “SecOps”, which refers to an agile shared responsibility approach in security, focuses on collaboration between IT operations and security (e.g. sysadmins). SecOps eliminates silos and ideally improves security and performance.
As with DevOps there are also