DevOps is a business-driven approach to deliver solutions using agile methods, collaboration and automation. While the main goal of DevOps is to automate and deliver things faster and implement a higher level of integration between teams in an organization, implementing proper security controls can be challenging and therefore security can become an after thought in the evolution of operational paradigm shift to DevOps. Let’s take a look at some of the challenges that DevOps pose to security.

Consider an organization just started the journey of micro-segmentation and has to implement simple policies and nothing complex in terms of blocking new applications when are deployed. Microsegmentation policies are not fully developed or rather loosely in place, DevOps team might spin up new workloads and applications. After all, DevOps is meant to automate things at a faster pace, deploy things often. When DevOps brings up a new application, in this case, the applications might just work fi ne and connects to all the required services and tiers without issues. 

While the security team wants to know about the application to apply policies, there might be some collaborative gaps between both the teams and security team might be blinded in some cases in this scenario and not be fully aware of New Applications and its tiers to properly secure them.