Summary
Digital transformation is a force to be reckoned with. Across every vertical, businesses strive to become technology companies and increasingly differentiate on how well they live up to that description.
The cloud and DevOps play a massive role in this transformation and overhaul how we develop and operate software. Software has never been easier to create, has never been updated as frequently as it is today, and has never innovated to adapt to customer needs so quickly.
These changes are all made possible by unlocking the power of independent teams to run fast. Agile drove these teams to be customer centric, iterate on ideas rapidly, and own the quality of their code. DevOps lets developers operate what they build, combining code and infrastructure to better deliver on customer needs. And security, as an industry, has been left behind.
In the face of such change, security has no choice but to adapt. Businesses must and will continue to strive for speed, and independent teams are the only way to achieve this. The way we secure applications has to transform, making it part of the daily work of these independent development teams. Security teams need to focus, first and foremost, on helping these teams embrace security. Security needs to become dev-first.
As we shift the security industry to the dev-first approach, we need to catch up to another change that passed us by. The cloud, and with it cloud native application development, has moved infrastructure into the hands of developers. Under the same mantle of unlocking speed, dev teams create, manage, and monitor their application infrastructure, removing obstacles to shipping value. We need to make sure they secure these new responsibility domains well, and expand application security to encompass a broader CNAS scope.
I hope this book helped you understand the value of embracing a dev-first CNAS approach and equipped you with some techniques for how to make it happen. As we work hard to match security transformation with digital transformation, it’s worth remembering there’s another reward if we get it right.
DevOps has demonstrated that businesses that employ it well are rewarded with significant business success. Companies that unlocked the ability of teams to run fast proved themselves to be resilient and available and are beating their competition. And ops teams have gone from being a cost center to a valued business competency.
Security has the opportunity similarly to help the organization thrive. By helping dev teams build secure software without slowing down, you can not only reduce risk but also grow the top line. You can help your business respond to customer needs faster while differentiating on being more secure and trustworthy. This could similarly turn security from a cost center to a true business partner, driving the company’s success—which is an even bigger security transformation.