Does your team need to learn how to break things?

Does your team need to learn how to break things?

Steps to building tools (automation) and changing people (culture).

Fire fist breaking glass
Image credits : 
x

Get the newsletter

Join the 85,000 open source advocates who receive our giveaway alerts and article roundups.

I don't think I need to start off by telling you that security and reliability are important in our code. We've heard it over and over and over again.

Big—scale big—problems happen when we don't bake security in at the beginning, and then, make adjustments as we go.

So, let's cut to the chase. How do we integrate security into DevOps?

1. Embrace automation: Use and/or build the tools.

2. Change the culture: Make security our friend, not our foe.

Embrace automation (tools)

Let's take the problem of stolen or weak passwords. It's a simple problem but at huge scale. "If you wait for a human being to get involved, it's not going to scale."

Vincent Danen, Director of Product Security at Red Hat explains on the latest podcast that we're seeing more, not fewer, vulnerabilities every day. We will not reach a day when security is done, reached, complete. It's as "normal as breathing now." In terms of our continuous integration and deployment processes, there's so much coming out "every day, every hour. You write code and it's deployed ten minutes later."

What to do? Get your automation tools in place and security becomes baked in. 

That's half of it.

Change the culture (people)

The other half is the mindset. The people setting up the meetings, giving direction, and telling each other what's important.

How do we get developers and operations in the kitchen together baking in some solid security?

Training exercises. At Netflix, it's chaos monkey. At Google, it's the DiRT program. The idea is to break things at massive scale so your team can a) experience it and b) study and learn from it.

It all comes down to strong, reliable, and secure code.

Security: the next level

Will user-behavior one day decide the level of security needed for access? We don't know yet, but the thing we know for sure is security matters if you want to be relevant in today's tech landscape.

For an audio and more robust discussion with people at the ground level doing this work, download the Command Line Heros podcast.

About the author

Jen Wike Huger - Jen has been an editor on the Opensource.com team for six years. In that time, she's worked with countless developers and engineers, helping them with the magic of turning their technical expertise and experience into written form. On any given day, you'll find her managing the website's publication schedule and editorial workflow (on kanban boards), as well as brainstorming the next big article.