DevSecOps and hybrid cloud are two compelling technology trends that are transforming the contemporary data center. According to Statista, the hybrid cloud market will be worth close to $50 billion in 2018—just about double what it was in 2014—and will grow to almost $92 billion by 2021. Forrester Research and other analysts have shown that 50% of enterprises have already adopted DevOps methodologies and tools, and an additional 27% are planning to implement DevOps within the next twelve months.
In fact, Forrester has declared 2018 the year of enterprise DevOps.
The first association with “hybrid” is infrastructure—hybrid clouds that comprise private cloud, one or more public clouds, and on-premises and colocation data facilities. However, hybrid can also be used to describe today’s highly diverse enterprise IT tool stacks that are made up of multiple vendors and technologies, both proprietary and open-source.
Similarly, today’s app architecture is no longer monolithic but rather a framework across which many code components and services work together.
In the face of these complexities, hybrid infrastructures provide optimal flexibility. Sensitive and/or high-volume workloads benefit from the security and low latency of on-premises or private cloud deployments. Other workloads benefit from the agility and cost savings of the on-demand compute and storage services provided by the public cloud.
In a well-orchestrated hybrid environment, enterprises can easily shift workloads between private and public infrastructures as business needs change. They can also implement cost-effective yet highly robust disaster recovery and business continuity strategies.
For obvious reasons, these capabilities are an essential starting point to achieving an optimized data center. But where do you go from there?
DevOps and Beyond
Recently, and with Gartner’s help, DevOps teams have become DevSecOps teams, embracing a shift-left approach that makes app security an integral part of app design and deployment. And because the DevSecOps approach tightly integrates the infrastructure and app layers, it makes single-pane monitoring and control possible for real-time troubleshooting and dealing with security issues.
Today, according to the Linux Foundation, 60% of hiring managers in the US are offering DevOps engineer positions, and DevOps engineer ranks as #2 on Glassdoor’s 50 best jobs in the USA.
The DevOps approach breaks down the development/QA/operations silos, with testing and deployment processes being built directly into the app. Developers can provision infrastructures on their own in order to build consistent dev/test and production environments. Feedback and deployment loops are dramatically shortened through continuous integration (CI) and continuous delivery (CD), with as much automation as possible built into these processes.
How Hybrid and DevSecOps Work Together
Hybrid infrastructure, with its operational complexities, and DevSecOps, with its demand for agility, could easily be seen as being in conflict with each other. A closer look, however, reveals that there is a great synergy between them—a synergy that further amplifies their positive impact on business outcomes and operational security.
Each contributes in its own way to core business needs, including:
- Flexibility: Diverse infrastructures on which to run different workloads (hybrid) and multidisciplinary teams that handle the full application lifecycle (DevSecOps).
- Agility: Easy workload migration (hybrid), and high levels of automation for testing and deployment (DevSecOps).
- Cost Reductions: Cloud economics plus leveraging existing on-premises investments (hybrid) and reduced cost of delivery and fewer costly security breaches (DevSecOps).
- Operational Efficiency: Self-provisioning and single-pane monitoring (hybrid) and sharing of resources and assets (DevSecOps).
An Optimized Data Center? Not Without Inviolable Security
Last and certainly not least, both hybrid cloud and DevSecOps require a new security mindset. The DevSecOps team must ensure that each code component, microservice, and container that is integrated into an app meets an overarching security strategy.
With complex apps deployed across complex infrastructures, attack surfaces have become bigger than ever, and the network perimeters that have traditionally been protected by security tools have all but disappeared. Highly decentralized data management makes it very difficult for enterprises to effectively track, protect, and ensure the compliance of their data assets within a modern data center operation.
For an optimized data center, therefore, being able to consistently and completely enforce security and compliance across highly complex and decentralized hybrid cloud and DevSecOps environments will be one of the highest priorities going forward.
And that's precisely where Alcide’s Security Platform fits in. We empower DevSecOps teams by letting them synergize fragmented security policies into an effective, cloud-native security strategy.