The DevOps methodology has completely revolutionised the way that businesses develop IT services. And, that spirit of collaboration is now permeating throughout organisations, as the worlds of business and IT continue to merge. Such has been its success, that the philosophy has attracted interest from the security and wider business teams – and given birth to the tongue-twisting phrase, BizDevSecOps.
The appetite to explore the opportunities that BizDevSecOps presents is clear. It is helping companies become more agile, move quicker and make better informed decisions – which, in turn, is enabling businesses to react to customer needs faster and gain competitive advantage.
But inevitably, with change comes trepidation. There will always be members within internal teams that question the need to alter existing practices, especially if they have worked well for them in the past. And with the BizDevSecOps philosophy, these people will be asked to embrace new technology, new processes and work with different departments. This can be unsettling at first.
It’s important that we recognise and understand the reservations these people will have so we can address them – and get everyone on board.
Obstacles are inevitable
Any organisation embracing this approach will face obstacles, it’s inevitable. Whether that’s due to a migration from legacy tools and adjustment to new ways of working, nearly all (85%) organisations that have adopted DevOps have experienced some sort of hurdle. And now we’re also looking to incorporate the security and business teams into this equation – adding another layer of complication.
It's only when people start to see features, updates and security patches being deployed faster, or when business teams start to see performance analytics instantly that the benefits become obvious.
But this appreciation doesn’t always happen immediately. So, it is key to take it step by step, to build confidence, and to make the value abundantly clear to everyone. This will ensure all stakeholders are engaged and feel part of the journey.
If organisations try to do too much too soon, people can feel railroaded and this can increase the chance of resistance, and potential failure. By starting small with a single project, however, it will be easier to demonstrate value and get that initial buy-in.
It’s important to pick that first project wisely though. It’s vital that this achieves a positive outcome that can provide the proof of concept needed to build wider support for a BizDevSecOps approach.
Starting small will also give organisations time to put monitoring tools in place, which will provide the data needed to inform broader adoption later.
Encourage the right mentality
BizDevSecOps is as much about changing behaviours as it is about deploying new tools. It will require a cultural change and, for the technology to make a difference, everyone involved needs to embrace a mindset that embraces agile practices.
This is where we’ve seen businesses fall short. Organisations might have the right intentions and put the right tools in place, but they don’t fully commit to new processes – and traditional mentalities prevail.
For example, we’ve seen a company implement solutions that gave it the ability to release new features on a weekly basis. But the mentality didn’t change and they continued to wait and push them out together in bulk every six months – denying themselves a key competitive advantage.
Embrace automation wherever possible
Organisations need to trust the methodology. This includes embracing the automation tools that will free up teams to focus on adding value and speeding up processes.
However, it’s not unusual, for example, to see security teams replicating the work their tools have already carried out. This may just be part of the learning curve but this reluctance, to fully embrace the philosophy, does hold organisations back and prevents them from realising the benefits sooner.
Transitioning to BizDevSecOps will inevitably bring about changes – teams will need to operate in new ways and the roles that people fulfil will be altered. So it’s crucial to understand the impact this methodology will have and take it step by step. By all means think big, but take it slow.
Download our guide: Driving innovation using a BizDevSecOps methodology for more advice on how organisations can adopt a BizDecSecOps approach.