Skip to content

Posts tagged ‘CheckMarx’

How LogicMonitor Buying Airbrake Unleashes DevOps To Do What They Do Best

Bottom Line:  LogicMonitor knows first-hand how much pressure DevOps teams are under to produce high-quality code in record time during the pandemic. Acquiring Airbrake proves they get it: DevOps has a high need for speed right now.

LogicMonitor Aims To Solve Today’s DevOps Paradox

The pandemic is forcing every business to make DevOps a core part of their DNA faster than any of them expected. The competitive strengths many banked on in a pre-pandemic world aren’t as relevant as having a steady pipeline of new apps, platforms, and digital channels are. It’s creating a paradox for DevOps: on the one hand, they’re expected to deliver perfect code, and on the other, it needs to be delivered in record time. Pre-pandemic, a typical DevOps team in a $500M+ enterprise has over 200 concurrent projects in progress, with over 70% dedicated to safeguarding and improving customer experiences according to IDC. Today, there are up to 2X more projects, and up to 80% are focused on cybersecurity.

No organization is perfect at DevOps today. Everyone is at various stages of maturity and growth. The pandemic puts a lot of pressure on DevOps teams to get their code right quickly and into a released app in record time. LogicMonitor must see it in their customer base every day. The trade-offs DevOps teams have to make for speed versus quality – and even security – when pushing out a release are real and often tend to overlook diagnostics. That’s why the Airbrake acquisition makes so much sense today. LogicMonitor bought Airbrake to help DevOps teams do what they do best.

The often-quoted Boston Consulting Group (BCG) article, Going All In With DevOps, illustrates the typical pressure DevOps is under to perform, including catching bugs early, solving them, and getting code into test and deployment. According to Airbrake, 73% of their DevOps customers are pushing code multiple times per week – and many said they were deploying code “multiple times per day.”  What makes Airbrake a perfect fit for LogicMonitor is how their developer-centric application error and performance monitoring service provides detailed diagnostics beyond the first layer of a bug or problem. In the context of the BCG graphic below, LogicMonitor buying Airbrake gives DevOps teams the diagnostics they need to move faster through error detection and into the test, deploy and release phases.

How LogicMonitor Buying Airbrake Unleashes DevOps To Do What They Do Best

Competing In Real-Time Is DevOps’ New Reality

  • 46% of DevOps teams are expected to build and deploy software faster now than before the pandemic, according to a recent survey by Checkmarx.
  • 36% of DevOps team members are struggling to keep up with increased dev speeds and demands, according to Checkmarx’s survey.
  • 55% of DevOps team members have taken on more security responsibility during the pandemic, according to Checkmark’s survey.

DevOps teams are struggling to keep up with their workloads today. LogicMonitor believes that by automating more monitoring processes and providing deeper contextual data and insight, DevOps teams can improve their response times and quality.

Automation pays off with more efficient continuous integration and deployment (CI/CD) cycles across DevOps teams, speeding up time-to-market and improving software quality in the process. Buying Airbrake extends LogicMonitor into developer environments and enables their shared customers to gain visibility into CI/CD workflows while reducing risk and ensuring every code release meets customer expectations. The following graphic illustrates how the CI/CD pipelines support DevOps. The more efficient continuous integration, testing, delivery, and operations, the more code releases DevOps can deliver at a higher quality, on time, and to customers’ expectations.

How LogicMonitor Buying Airbrake Unleashes DevOps To Do What They Do Best

Source: Deloitte, DevOps Point of View, An Enterprise Architecture perspective, Amsterdam, 2020

Conclusion

The best aspect of LogicMonitor acquiring Airbrake is how practical, pragmatic, and immediately useful their vision of providing unified observability is in supporting DevOps teams under pressure to perform today. Airbrake is LogicMonitor’s second acquisition in just over a year, having also acquired Stockholm-based log analytics company Unomaly in January 2020. LogicMonitor’s Airbrake page provides additional information.

Why Security Needs To Be Integral To DevOps

Why Security Needs To Be Integral To DevOps

Bottom Line: DevOps and security teams need to leave one-time gating inspections in the past and pursue a more collaborative real-time framework to achieve their shared compliance, security and time-to-market goals.

Shorter product lifecycles the need to out-innovate competitors and exceed customer expectations with each new release are a few of the many reasons why DevOps is so popular today. Traditional approaches to DevOps teams collaborating with security aren’t working today and product releases are falling behind or being rushed to-market leading to security gaps as a result.

Based on conversations with DevOps team leaders and my own experience being on a DevOps team the following are factors driving the urgency to integrate security into DevOps workflows:

  • Engineering, DevOps and security teams each have their lexicon and way of communicating reinforced by siloed systems.
  • Time-to-market and launch delays are common when engineering, DevOps and security don’t have a unified system to use that includes automation tools to help scale tasks and updates.
  • Developers are doing Application Security Testing (AST) with tools that aren’t integrated into their daily development environments, making the process time-consuming and challenging to get done.
  • Limiting security to the testing and deployment phases of the Software Development Lifecycle (SDLC) is a bottleneck that jeopardizes the critical path, launch date and compliance of any new project.
  • 70% of DevOps team members have not been trained on how to secure software adequately according to a DevSecOps Global Skills survey.

Adding to the urgency is the volume of builds DevOps teams produce in software companies and enterprises daily and the need for having security integrated into DevOps becomes clear. Consider the fact that Facebook on Android alone does 50,000 to 60,000 builds a day according to research cited from Checkmarx who is taking on the challenge of integrating DevOps and security into a unified workflow. Their Software Security Platform unifies DevOps with security and provides static and interactive application security testing, newly launched software composition analysis and developer AppSec awareness and training programs to reduce and remediate risk from software vulnerabilities.

Synchronizing Security Into DevOps Delivers Much Needed Speed & Scale

DevOps teams thrive in organizations built for speed, continuous integration, delivery and improvement. Contrast the high-speed always-on nature of DevOps teams with the one-time gating inspections security teams use to verify regulatory, industry and internal security and compliance standards and it’s clear security’s role in DevOps needs to change. Integrating security into DevOps is proving to be very effective at breaking through the roadblocks that stand in the way of getting projects done on time and launched into the market.  Getting the security and DevOps team onto the same development platform is needed to close the gaps between the two teams and accelerate development. Of the many approaches available for accomplishing this Checkmarx’s approach to integrating Application Security Testing into DevOps shown below is among the most comprehensive:

Why Security Needs To Be Integral To DevOps

Making DevOps A Core Strength Of An Organization

By 2025 nearly two-thirds of enterprises will be prolific software producers with code deployed daily to meet constant demand and over 90% of new apps will be cloud-native, enabling agility and responsiveness according to IDC FutureScape: Worldwide IT Industry 2020 Predictions. IDC also predicts there will be 1.6 times more developers than now, all working in collaborative systems to enable innovation. The bottom line is that every company will be a technology company in the next five years according to IDC’s predictions.

To capitalize on the pace of change happening today driven by DevOps, organizations need frameworks that deliver the following:

  • Greater agility and market responsiveness – Organizations need to create operating models that integrate business, operations and technology into stand-alone businesses-within-the-business domains.
  • Customer Centricity at the core of business models – The best organizations leverage a connected economy to ensure that they can meet and exceed customer expectations.  By creating an ecosystem that caters to every touchpoint of the customer journey using technology, these organizations seem to anticipate their customer needs and deliver the goods and services needed at the right time via the customer’s preferred channel.  As a result, successful organizations see growth from their existing customer base while they acquire new ones.
  • Have a DNA the delivers a wealth of actionable Insights – Organizations well-positioned to turn data into insights that drive actions to serve and anticipate customer needs are ahead of competitors today regarding time-to-market.  These organizations know how to pull all the relevant information, capabilities and people together so they can act quickly and efficiently in making the right decisions. They are the companies that will know the outcome of their actions before they take them and they will be able to anticipate their success.

BMC’s Autonomous Digital Enterprise framework, shown below highlights how companies that have an innovation mindset and the three common traits of agility, customer centricity and actionable insights at their foundation have greater consistency and technology maturity in their business model characteristics compared to competitors. They also can flex and support fundamental operating model characteristics and key technology-enabled tenets. These tenets include delivering a transcendent customer experience, automating customer transactions and providing automation everywhere seeing enterprise DevOps as a natural evolution of DevOps, enabling a business to be more data-driven and achieving more adaptive cybersecurity in a Zero-Trust framework.

Why Security Needs To Be Integral To DevOps

Conclusion

Meeting the challenge of integrating security in DevOps provides every organization with an opportunity to gain greater agility and market responsiveness, become more customer-centric and develop the DNA to be more data-driven. These three goals are achievable when organizations look to how they can build on their existing strengths and reinvent themselves for the future. As DevOps success goes so goes the success of any organization. Checkmarx’s approach to putting security at the center of DevOps is helping to break down the silos that exist between engineering, DevOps and security. To attain greater customer-centricity, become more data-driven and out-innovate competitors, organizations are adopting frameworks including BMC’s Autonomous Digital Enterprise to reinvent themselves and be ready to compete in the future now.

 

 

 

 

%d bloggers like this: