Latest devsecops publications

It is often overlooked just how fundamental compliance offers are as ultimately, they can make or break the success of open source adoption. A change in skills and culture, to prioritise compliance and security, whilst simultaneously allowing developers to run with the innovation involved, will be key to the growth of the industry.

Across the board, the bottleneck-reducing philosophy of DevOps has become the central approach for cloud-native enterprise software development and deployment, ushering in a cultural shift in how processes, code and technology are delivered. Those adopting DevOps practices have excelled in becoming more responsive to customer needs and are delivering software at blistering speeds. 

As DevOps Technical Lead at Virgin Atlantic, Martyn Coupland has two primary responsibilities. First, he is one of the subject matter experts for the airline’s Microsoft Azure platform and the subject matter expert for the Azure toolset which enables its DevOps program.

In addition to the technical legwork, Martyn also provides expertise “around the softer side of DevOps” – in other words, the people and process side of things: “As technology changes, people change and processes change. DevOps will always be here to ensure all three sit together and provide real value,” he explains. “This allows not just technology teams at Virgin Atlantic but other parts of the business to adopt DevOps methodologies.”

The shift towards cloud native architectures and micro services has accelerated the need to integrate security into DevOps environments.

I’ve seen first-hand how modern architectures have given agile DevOps teams a new and unparalleled velocity to create, release and deploy. But with that boost in speed comes the need to bolster processes and secure application estates.

The traditional handovers for software development are now obsolete. DevOps teams can do them autonomously and are encouraged to do so. Whilst that’s all well and good, as technical leaders we’re obliged to inspect our operations and introduce new methods to ensure pipelines remain secure. Modern checks and balances should automatically detect and reject forbidden changes before they are even applied.

European firms are outperforming other regions when it comes to integrating security into DevOps practices.

That’s according to automation software provider Puppet’s latest State of DevOps Report, which this year canvassed 3,000 organisations to determine how far they have integrated security into their software development lifecycles.