Why DevSecOps is Just a Fancy Acronym for Kubernetes Service Ownership
Written By: Joe Pelletier
Yes, software development is becoming one of the most prominent and critical industries in the world, but it’s still in the throes of its own evolution-especially as it pertains to DevOps, security and the need for better Kubernetes service ownership. DevSecOps has emerged as a way to address the need for security within DevOps practices, but this is not the only way to imagine this cultural and practical shift.
If DevOps can simplify the Kubernetes chaos, a similar recipe for success will emerge. DevSecOps and Kubernetes service ownership are both striving for the same ultimate goal-more autonomy, speed and accountability for DevOps teams. But there is still considerable work to be done. If we want to ship code quickly and securely, with less risk, DevSecOps needs to become synonymous with the secure management of Kubernetes and microservices.
The Rise of DevSecOps
Historically, software development has consisted of several teams, all working towards a singular goal-to produce excellent products. Despite this shared effort, the development process itself has typically employed a siloed approach, where one team of developers writes the code, a quality assurance team tests the code, and another operations team deploys it to production. Nowadays, a security team must also weigh in to ensure the quality and security of software meets all modern standards and governance requirements.
These siloed groups, however, have led to friction among teams, cultural gaps and the need for more collaborative, effective workflows. Where DevOps once emerged as a development methodology to increase the level of coordination between development and operations, DevSecOps has quickly followed to ensure security is integrated throughout all stages of the software development life cycle (SDLC). This evolution to DevSecOps has created tighter integration among teams and empowered practitioners to increase their velocity while also baking security into the larger process, not bolting it on later as an afterthought.
The Reality of Service Ownership
DevSecOps is not the only way to describe this emerging model of accountability. As a DevOps philosophy of “code it, ship it, own it,” Kubernetes service ownership asks engineers to be responsible for the code and services they hold, from code commit to production to deployment. Instead of tossing code to operations or depending on the reliability engineering (SRE) team, engineers are responsible for the security and reliability of the code they create-from start to finish.
As teams are restructured to facilitate faster movement and closer relationships with customers, they are expected to establish complete ownership of the services they support. In this operational model, service ownership spans from software design and development to deployment in a production environment to eventually managing the sunsetting of the software. This Kubernetes ownership model is highly scalable, as it allows teams to deliver and respond to customer issues quickly. Ops teams can then build a foundation that allows for organizations to scale.
As the value of DevSecOps increases, so too does the need for security throughout the development process. Using best practices, Kubernetes service ownership makes this “shift left” possible and enables the type of changes espoused by DevSecOps believers-increased reliability, cost-effectiveness and better application security.
A Better Way Forward
To learn more about the essential elements of Kubernetes service ownership and how Fairwinds Insights can enable a more manageable experience for your organization, read our Complete Guide to Kubernetes Service Ownership.