Adding the Business Dimension to DevOps

DevSecOpsNess

1

DevSecOps… a relatively good state

Dev Ops

Sec

2

If you’re doing DevSecOps well, you’re:

✓ Collaborating

✓ Integrating security early and often

✓ Expediting releases

✓ Embracing automation

✓ Improving quality

3

Your product owner may be content.

4

But…what about the business?

5

DevSecOps still doesn’t ensure that you’re adding any value

to the business.

Sure, you’re delivering faster. Maybe even cheaper. Maybe

even ‘failing fast’. But are you really and truly delivering

what your business needs?

6

Does your Code/Automation/Security Control incorporate

business understanding and provide any business value?

7

What provides business value anyway?

8

Add the Business Dimension

9

Development: Challenge the Requirement

• What benefit is this providing?

• Would the end user really want it this way?

• Does this fit with the business’ strategy?

• Functionality

• Bug fix

• Chore

10

Operations: Challenge the Process

• What benefit is this providing?

• Is the expectation accurate?

• Is this being done efficiently?

• Continuous Deployment

• Continuous Delivery

• Continuous Monitoring

• Incident Response

11

Security: Challenge the Risk

• What benefit is this providing?

• Does the solution address the real problem?

• Is the solution based on quantitative analysis?

• Regulation

• Controls

• Assessments

• Monitoring

12

Ensure every person understands business impacts

13

• What is the purpose of the application or system?

Mission critical or not…

14

• How does the requirement/process/control fit into the business’ mission or

strategy?

Alignment, alignment, alignment!

15

• What is the cost of the proposed alternatives and how does that factor into

trade-off analysis?

$$$

16

• What are the business constraints? Are they real or perceived?

Pragmatic DevOps…

17

Innovative DevOps…

• Where is the market going for this?

18

And, for the Business…

…add Business Agility!

19

DevSecOpsNess: Thank You!