Bottom Line: Flint Brenton’s vision for the future of Centrify and cybersecurity, in general, prioritizes the need for privileged access management to become core to the multi-cloud architectures and DevOps environments he sees pervading customers’ enterprises today.
Every new cybersecurity company CEO is writing their vision of the future by their decisions and the priorities they are based upon. From tech dominance to sales success, each CEO has their own long-term strategy and idea of what they and the company need to excel at to succeed.
Defining Cybersecurity As A Core Part Of DevOps
It is always fascinating to speak with new CEOs at cybersecurity companies and see what their vision for the company is after they’ve been there a few months. I recently had the opportunity to sit down and talk with Flint Brenton, who joined Centrify as President and CEO in July of this year. Flint leads the strategic direction and execution of the company’s vision drawing from an exceptional track record of accelerating growth through product innovation and sales execution. He recently served as president and CEO of CollabNet VersionOne, which pioneered the Value Stream Management market. He previously held president and CEO positions at AccelOps and Tidal Software and has successfully led engineering teams at NetIQ, Compaq, BMC Software, IBM and more.
Flint sees the needs of enterprise developers creating new apps using DevOps as pivotal to the future of Centrify, specifically and cybersecurity in general. A core part of those developers’ needs is securing privileged access management (PAM) in multi-cloud environments while supporting agile development.
My interview with him provided five key insights into why cybersecurity will increasingly be defined by how well it can be incorporated into “DevSecOps,” and how Centrify’s vision for the future looks to capitalize on that demand and drive PAM into the DevOps pipeline to further automate built-in security practices:
- Cybersecurity providers’ cloud-based architectural platforms will define the competitive landscape for the next several years in the industry. Since accepting the CEO role in July, Flint has been spending most of his time talking with customers to gain in-depth insights into their greatest challenges. He is hearing about the challenges customers face when attempting to make different cybersecurity vendors’ solutions work together and function in a multi-cloud architecture. “Having a clear architectural advantage where features can be added quickly is going to be key in cybersecurity for years to come,” he explained.
- Any cybersecurity company’s vision needs to consider the speed at which infrastructure and workloads are moving from on-premise to the cloud – it’s faster than predicted. One of Centrify’s financial services customers in APAC is launching a virtual bank and wants the new venture to be entirely cloud-based. Like many Centrify customers, they are considering a multi-cloud architecture, including Amazon AWS, Google Cloud and Microsoft Azure. Flint explains they will need a security model and identity management controls that run in the cloud to accommodate their current and future computing plans. The FinTech is relying on Centrify to secure privileged access for administrators to its multi-cloud environment.
- Viewing every enterprise customer as a software business first helps remove roadblocks to delivering more value faster. Cybersecurity companies need to consider how they can streamline DevOps and DevSecOps cycles by providing enterprise developers with new tools to integrate identity management efficiently. “The developer is now building identity management into apps and frequently those apps are built using container-based models and they are then deployed either into cloud, on-prem, or a combination of both,” Flint said.
- Design in flexibility for the many different buying communities you’re trying to serve early on and continually monitor them to learn about what’s most valuable to them. DevOps leaders’ buying community is among the most self-sufficient, willing to download a trial, install it and buy it. Enterprise sales are more research and time-intensive. Flint observed that a company’s vision needs to encompass each buying community’s unique nature and be willing to extend platform-level features and DevOps tools if necessary.
- Buy-in from the DevOps community will become increasingly important in cybersecurity in general and is a core part of Centrify’s vision. Prior to taking the helm at Centrify, Flint was the CEO of CollabNet VersionOne, where he helped define value stream management as a market standard. I asked him if he sees any parallels with value stream management’s success and the vision he has for Centrify. “The key with value stream management is to understand how developers wanted or needed to build software more successfully in the future. So you have to get the buy-in of the development community to include it in what they’re building, rather than making an appetite of adding it after it’s already been deployed. So I think that’s a major focus in the DevSecOps market. Make it part of what is built. Don’t allow it to become an afterthought,” Flint said. The future of cybersecurity will increasingly be defined by how easily Identity Access Management (IAM) and Privileged Access Management (PAM) can be designed at the beginning of DevOps and DevSecOps cycles.
What I find most compelling about his vision is how essential every person is to breaking apart complex cybersecurity problems and solving them. Flint’s vision of providing DevOps teams with the tools they need to design in identity access management is groundbreaking. No one is talking about design wins in this area of the market today.
Centrify is quickly turning into a company that actively seeks out their customers’ most difficult obstacles and uses them to challenge itself to grow and do excellent work. They are looking for cybersecurity leaders with cloud-based development skills, AI skills and automation skills who are up for the challenge.
Looking to reduce the delays DevOps teams are challenged with, software development tool providers are accelerating the pace of integrating AI- and Machine Learning technologies into their apps and platforms. Accelerating every phase of the Software Development Lifecycle (SDLC) while increasing software quality is the goal. And the good news is use cases are showing those goals are being accomplished, taking DevOps to a new level of accuracy, quality, and reliability.
What’s particularly fascinating about the ten ways AI is accelerating DevOps is how effective it is proving to be in assisting developers with the difficult, time-consuming tasks that take away from coding. One of the most time-consuming tasks is managing the many iterations and versions of requirements documents. A leader in using AI to streamline every phase of the SDLC and assist with managing requirements is Jira Software from Atlassian, widely considered the industry standard in this area of DevOps.
The following are ten ways AI is accelerating DevOps today:
- Improving DevOps productivity by relying on AL and ML to autosuggest code segments or snippets in real-time to accelerate development. DevOps teams interviewed for this article from several leading enterprise software companies competing in CRM, Supply Chain Management, and social media markets say this use case of AI is the most productive and has generated the greatest gains in accuracy. Initial efforts at using AI to autocomplete code were hit or miss, according to a DevOps lead at a leading CRM provider. She credits DevOps’ development tools providers’ use of supervised machine learning algorithms with improving how quickly models learn and respond to code requests. Reflecting what the DevOps teams interviewed for this article prioritized as the most valuable AI development in DevOps, Microsoft’s Visual Studio Intellicode has over 6 million installs as of today.
- Streamlining Requirements Management using AI is proving effective at improving the accuracy and quality of requirements documents capturing what users need in the next generation of an app or platform. AI is delivering solid results streamlining every phase of creating, editing, validating, testing, and managing requirements documents. DevOps team members are using AI- and ML-based requirements management platforms to save time so they can get back to coding and creating software products often on tight deadlines. Getting requirements right the first time helps keep an entire project on the critical path of its project plan. Seeing an opportunity to build a business case of keeping projects on schedule, AI-powered software development tools providers are quickly developing and launching new apps in their area. It’s fascinating to watch how quickly Natural Language Processing techniques are being adopted into this area of DevOps tools. Enterprises using AI-based tools have been able to reduce requirements review times by over 50%.
- AI is proving effective at bug detection and auto-suggestions for improving code. At Facebook, a bug detection tool predicts defects and suggests remedies that are proving correct 80% of the time with AI tools learning to fix bugs automatically. Semmle CodeQL is considered the leading AI-based DevOps tool in this area. DevOps teams using CodeQL can track down vulnerabilities in code and also find logical variants in their entire codebase. Microsoft uses Semmle for vulnerability hunting. Security researchers in Microsoft’s security response team use Semmle QL to find variants of critical problems, allowing them to identify and respond to serious code problems and prevent incidents.
- AI is assisting in prioritizing security testing results and triaging vulnerabilities. Interested in learning more about how ML can find code vulnerability in real-time, I spoke with Maty Siman, CTO Checkmarx, says that “even organizations with the most mature SDLCs often run into issues with prioritizing and triaging vulnerabilities. ML algorithms that focus on developers’ or AppSec teams’ attention on true positives and vulnerable components that pose a threat are key to navigating this challenge.” Maty also says that ML algorithms can be taught to understand that one type of vulnerability vs. another has a higher percentage of being a true positive. With this automated “vetting” process in place, teams can optimize and accelerate their remediation efforts in a much more informed manner.
- Improving software quality assurance by auto-generating and auto-running test cases based on the unique attributes of a given code base is another area where AI is saving DevOps teams valuable time. This is invaluable for stress-testing new apps and platforms across a wide variety of use cases. Creating and revising test cases is a unique skill set on any DevOps team, with the developers with this skill often being overwhelmed with test updates. AI-based software development tools are eliminating test coverage overlaps, optimizing existing testing efforts with more predictable testing, and accelerating progress from defect detection to defect prevention. AI-based software development platforms can identify the dependencies across complex and interconnected product modules, improving overall product quality in the process. Improving software quality enhances customer experiences, as well.
- AI is proving adept at troubleshooting defects in complex software apps and platforms after they’ve been released and shipped to customers. Enterprise software companies go to great lengths in their software QA processes to eliminate bugs, logic errors, and unreliable segments of code. Retrofitting releases or, worst case, recalling them is costly and impacts customers’ productivity. AI-based QA tools are proving effective at predicting which areas of an enterprise application will fail before being delivered into complex customer environments. AI is proving effective at root cause analysis, and also has proved effective in accelerating a leading CRM providers’ application delivery and a 72% reduction in time-to-restore in customers’ enterprise environments. Another DevOps team says they are using AI to auto-configure their applications’ settings to optimize performance in customer deployments.
- ML-based code vulnerability detection can spot anomalies reliably and alert DevOps teams in real-time. Maty Siman, CTO Checkmarx told me that, “assuming that your developers are writing quality, secure code, machine learning can set a baseline of “normal activity” and identify and flag anomalies from that baseline.” He continued, saying that “ultimately, we live in an IT and security landscape that’s evolving every minute of every day, requiring systems and tools that learn and adapt at the same, if not a greater, speed. Organizations and developers can’t do it alone and require solutions that improve the accuracy of threat detection to help them prioritize what matters most.” Spotting anomalies quickly and taking action on them is integral to building a business case for AI software-based QA and DevOps tools.
- Advanced DevOps teams are using AI to analyze and find new insights across all development tools, Application Performance Monitoring (APM), Software QA, and release cycle systems. DevOps teams at a leading Supply Chain Management (SCM) enterprise software provider are using AI to analyze why certain projects go so well and deliver excellent code while others get caught in perpetual review and code rewrite cycles. Using supervised machine learning algorithms, they’re able to see patterns and gain insights into their data. Becoming data-driven is quickly becoming part of their DNA, a DevOps lead told me this week on a call.
- Improving traceability within each release cycle to find where gaps in DevOps collaboration and data integration workflows can be improved. AI is enabling DevOps teams to stay more coordinated with each other, especially across remote geographic locations. AI-driven insights are helping to see how shared requirements and specifications can reflect localization, unique customer requirements, and specific performance benchmarks.
- Creating a more integrated DevOps strategy where AI can deliver the most value depends on frameworks that can keep DevOps customer-centric while improving agility and nurturing an analytics-driven DNA to gain insights into operations. DevOps leaders interviewed for this article say integrating security into development cycles reduces bottlenecks that get in the way of staying on schedule. Several went on to say that frameworks capable of integrating Quality Assurance into the DevOps workflows are key. AI’s use cases taken together reflect the potential to revolutionize DevOps. Executing on this promise, however, requires a framework that empowers enterprise DevOps teams to deliver a transcendent customer experience, automate customer transactions, and provide support for automation everywhere. One of the leaders in this area is BMC’s Autonomous Digital Enterprise framework, which helps businesses harness AI/ML capabilities to run and reinvent in a rapidly transforming world. It’s helping enterprises innovate faster than their competitors by enabling the agility, customer centricity, and actionable insights integral to driving data-driven business outcomes.
Accelerating development cycles while ensuring the highest quality code gets produced is a challenge all DevOps teams face. AI is helping to accelerate every phase of DevOps development cycles by anticipating what developers need before they ask for it. Auto suggesting code segments, improving software quality assurance techniques with automated testing, and streamlining requirements management are core areas where AI is delivering value to DevOps today.