Recently, Chris Hoff wrote that he would like the DevOps movement to place enough emphasis on network and security issues – and generate enough buy-in from the NetSec crowd – to give us a legitimate reason to re-label it “NetSecDevOps.”

I agree. For Service Providers automating operations is the key to all things cloud.  Ops automation will dictate scalability, economies of scale, success and sustainability for all cloud service providers, as we have written about at length here at SecureCloudReview.  But for ops automation to be relevant, especially to public cloud environments, getting DevOps religion must start with prioritizing network and security issues.

Says Hoff:  “Leaving the network and security teams — and the infrastructure they represent — out of the loop until they are either subsumed by software (won’t happen) or get religion (probable but a long-haul exercise) is counter-productive.”

This observation is especially true when considering IaaS providers, PaaS providers and public cloud service providers.  IaaS and PaaS providers are inherently focused on and dependent upon automation, but they know that as they automate/scale they must remain true to their security models – especially those providers to the enterprise … an increasingly large percentage of the IaaS/PaaS crowd.  Public cloud providers are less dependent on defined security models today, but that will change.

Today, paying customers of public cloud services are somewhat limited to either development and test environments, or production environments of early-stage or other small companies.  Security is a key reason.  Public cloud service providers are doing a great job of abstracting core infrastructure functions – computing, storage, network, load balancing, etc. – but have not yet abstracted security.  This is where operations automation is key, and perhaps most challenging.  I won’t go so far as Hoff in saying “security doesn’t scale,” but it takes focus on automating security operations and integrating security operations with (ideally SaaS) security software to tackle this challenge.

The folks at DevOpsDays have it right when they say DevOps is the elephant in the room, because the key to delivering on the promise of cloud computing lies in bringing developers and operations teams together in joint pursuit of automation operations.  But rather than just talk about Operations in the abstract, let’s focus first on NetSec issues!  NetSecDevOps anyone?

Reblog this post [with Zemanta]

Previous post:

Next post: