Security benefits helping drive DevOps adoption, says Chef CEO

Faster software updates will help tackle security incidents such Heartbleed

Share

Having started out in the bleeding-edge data centres of the likes of Facebook and Google, DevOps is now gaining traction among more traditional enterprise businesses. But alongside the primary draw of faster, automated software development, there are other benefits to breaking the barriers between developer and IT operations teams.

“One of the reasons the enterprise is starting to adopt DevOps so quickly is security,” Chef CEO Barry Crist told ComputerworldUK in central London this week. “Security has been an obstacle or a barrier to the business doing what they are trying to accomplish, but we are seeing a change in that around DevOps." 

Crist says that chief security officers have typically been focused on slowing IT operations down to maintain control and ensure compliance standards are met. However businesses have also begun to realise the benefits quickly and automatically issuing patching and upgrades. “Take Heartbleed as an example, I can remediate against that very quickly if I have defined my infrastructure as code and if I have a delivery pipeline where I can very quickly test and remediate,” he says.

“We are finding the security officer is very much becoming our friend - generally this is not a place that has driven innovation, so we are seeing a real shift where the [security] officer is getting onboard with DevOps and really pushing for innovation, which is a really dramatic shift.”

Meeting compliance demands

DevOps is typically seen as a combination of a change in working culture, as well as use of tools to automatically manage provisioning and configuring of infrastructue such as servers, allowing software updates to be quickly released. Chef, alongside its rival Puppet, has been one of the major proponents of the DevOps approach, which according to a recent analyst report from Gartner, is set to be adopted in around a quarter of businesses by 2016

According to Crist, the early adopters of DevOps in the UK have been ‘web and tech innovators’. The next stage of growth has been in highly regulated sectors, particularly banks, where regulatory compliance is a major issue. DevOps can help address this, he says.

“We view that compliance should just be another test,” he says. “So the faster you are releasing software, it also means that you are more frequently testing that against compliance.”

Techniques such as continuous delivery – enabling small software releases to be made numerous times a day- can support this.

“So it starts with a discussion about how I can fix thing more quickly, but then it morphs into this ‘aha moment’ where there is a realisation that if we actually adopt continuous delivery and build in compliance checking as part of that compliance release process, then the faster we release software the more frequently we are testing our compliance footing,” he says.

Expansion into Europe

Chef, which recently released its Chef Delivery platform, is in the process of expanding into Europe. To support its aims it is considering making some acquisitions – potentially around compliance and analytics - to help grow its workforce and IP. 

“EMEA is our fastest growing market and we are heavily investing both in terms of head count and in terms of customer base,” he said, pointing to existing UK users such as Paddy Power and Capital One. In the US there is a wider user base Bloomberg, Disney, Facebook, Intuit, Nordstrom, Target and Yahoo.

There are also plans to open a ‘developer centre’ in Europe at some stage.

Crist continues: “There are a few European M&A targets we are looking at and we would love to help grow the team by find some additional companies to add to what we are doing. We are also scouting out a European dev centre because we would like this not to just be a field office, we [already] have a significant engineering presence here in EMEA.” 

"Recommended For You"

Chef sidles up to security for bringing automated compliance to devops Chef shifts towards app automation with 2.0 release