Does DevOps hurt or help security?
There is a firmly held concern in security circles that the automation associated with DevOps moves too swiftly, that security teams and their tests can’t keep up, that too many of the metrics measured focus on production, availability, and compliance checkboxes, and as a result, security falls to the wayside.
Early proponents of DevOps always have argued that when done right, DevOps can actually improve security. When it comes to the positive impact of DevOps on security efforts, Justin Arbuckle, vice president, EMEA, and chief enterprise architect at Chef, doesn’t mince words. Arbuckle also was formerly chief architect at GE Capital, where he was a big proponent of Agile and continuous delivery approaches to software development.