X
Business

Data security, the achilles heel of DevOps

Survey finds speed and quality in software delivery are the name of the game in DevOps. But does data get put at risk?
Written by Joe McKendrick, Contributing Writer
There has been overwhelming momentum to the practice of DevOps in recent years, and for good reason. Organizations are under tremendous pressure to get software up and running -- or out the door if that's the nature of their businesses -- and to do so quickly and efficiently. The way to accomplish this turnaround while still maintaining quality is to align the work of developers with the schedules of operations teams.
img1056.jpg
Photo: HubSpot

However, it takes data to test and ensure that everything is running properly, and all too often that data comes out of live production systems. Once data leaves the data center, there's less assurance that it is being managed in a secure way.

That's one of the takeaways from the latest "State of DevOps" report, released by Delphix and Gleanster Research, covering the views and experiences of more than 2,000 DevOps leaders and practitioners across North America and Europe.

Forty-six percent of DevOps leaders report data issues as the biggest challenge to enabling their organizations to use DevOps in testing environments. A majority indicate that developers and quality assurance personnel have access to production data, yet this access is not audited (72%). More than two-thirds of all respondents (71%) report that masked data is refreshed from production only once a week or less. Still, a majority, 62%, say full production data is necessary for development and quality assurance.

What's unclear is how much of this data may be sensitive or personally identifiable information. The more copies that get sent out to other parts of the organization -- or even outside -- the greater the risk of it being compromised.

Overall, the report finds that DevOps continues to gain traction in the industry, with 87% of DevOps leaders and 73% of practitioners reporting that they have groups dedicated to DevOps initiatives, and nearly half of all respondents (44%) reporting DevOps budgets of $1 million or more.

Quality and speed are the names of the game. DevOps leaders report the pressure is on to deliver software to production with fewer defects (70%), identify defects earlier in the software development lifecycle (68%), deliver software faster (65%), delivering software with fewer resources (32%). The challenge is acute -- 39% admit they can't keep pace with ambitious software delivery schedules.

There is also value being realized from DevOps efforts. Forty-eight percent of DevOps leaders reported that DevOps initiatives resulted in more defects being identified earlier in the software development cycle.

For the future, two in five respondents say their goal is to achieve a daily production release cycle.

There are probably just as many definitions of DevOps as there are implementations. The leading definitions that emerged in the survey include the following:

  • Developers and system administrators collaborating to ease the transition between development and production (84%)
  • Using infrastructure automation to facilitate self-service provisioning of infrastructure by development teams (69%)
  • Evolving operations to meet the demands of agile software development teams (60%)
  • Developers taking full responsibility for all operations tasks (42%)
  • Increasing the frequency of deployments to uncover defects earlier in the development lifecycle (35%)
Editorial standards