Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
For those technologists anxious to keep up with the latest relevant acronyms, add development data security operations (DevDataSecOps) to the list of need-to-know.
DevDataSecOps builds on the commonly used terms devops and dataops. While the term is not yet in wide use, data practices at many organizations suggest it soon will be.
“Increasingly, we are seeing a need for organizations to move to a DevDataSecOps model that encompasses the core of the devops model, while including the critical security and data decisions that drive operation and development decisions,” Karthik Ranganathan, CTO and cofounder at Yugabyte, told VentureBeat. “While a DevDataSecOps approach may feel unfortable at first and come with initial challenges (as devops did), we believe it comes with big benefits that data-first organizations can no longer ignore.”
What’s the big deal about DevDataSecOps?
What is driving this new trend?
Event
MetaBeat 2022
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
Register Here
“In order to be an effective data-driven business, it is important to set up a strong foundation for the data architecture upfront,” Ranganathan says. “As businesses evolve to meet the needs of distributed workers, partners and customers, they cannot build modern applications that provide the desired user experience with a legacy approach to data. Distributed users require distributed data. Trying to change the data layer after building an application results in reduced developer productivity and slower time to value.”
Furthermore, Ranganathan stressed that “working in modern environments where being highly secure from day one is essential, security can no longer be an afterthought. Just as the data architecture is critical to how an application is built—and what experiences and capabilities should be expected — the exact same is true for security.”
By embracing DevDataSecOps practices, data and security architectures are recognized as integral parts of building and rolling out services rather than ‘specialized’ or ‘expert’ aspects, Ranganathan said. This enables teams to identify key requirements and thoughtfully make holistic design decisions during planning phases to ensure the key objectives of the service can be met.
The result is that IT groups face fewer surprises and blockers to building and shipping new features due to major re-architectures.
“DevDataSecOps would also require upfront investment into these areas. This means that IT groups would need to take a little more time to plan and architect ahead of time in order to make the later development and testing processes, which are usually more costly and time-consuming, more successful,” Ranganathan said.
Benefits of a DevDataSecOps strategy
In the same way devops brought developer skills and insights into operations teams, DevDataSecOps would enable organizations to build similar bridges to data architects and to information security teams, Ranganathan believes.
“By creating natural times for when and why the teams should interact, and establishing shared objectives for the development of new services or capabilities, the end result should increase the chances of meeting all the goals of an initiative,” Ranganathan said. “The end-to-end approach should increase the efficiency of the developer teams by providing them all the requirements upfront and minimizing major rework later in the process.”
When done right, some key gains to be realized are:
- Faster time to value by taking a small hit upfront but greatly reducing the chance of major delays later on in the project.
- Increase developer productivity by maintaining focus on value-added efforts and ensuring the right data and security architectures are used to minimize unnecessary churn and work.
- Decreased risk by having core needs of data and security established as a foundational element of any project, versus an add-on thought where it becomes harder to ensure full compliance or address all the needs correctly.
Cultural change will be an obstacle
Despite these potential gains, adopting a DevDataSecOps strategy is not without its challenges.
“As we saw with the adoption of devops, the major challenge that will come with DevDataSecOps is making the cultural change and training teams to have a holistic, end-to-end approach,” Ranganathan explained. “While some inefficiencies may exist at first as new processes are established and additional voices become part of the early design phases, over time the overall key requirements and needs will be better understood by the larger organization so that smarter decisions and approaches are proposed from the start.”
Most IT teams, especially at larger organizations, would also need to work with other outside teams to build the required skill set and establish the proper processes for reviewing data and security requirements, Ranganathan said.
In the meantime, many leading organizations have already started down the path to DevDataSecOps adoption, even if they don’t recognize it.
“While the DevDataSecOps term is not widely embraced yet (and is a mouthful to say), the reality is that many forward-looking organizations that rely heavily on data to power their business, such as large financial institutions and retailers, are already prioritizing their data and security architectures as fundamental parts of their business,” Ranganathan said.