SOAR technologies strive to automate some of the repetitive human effort required to maintain a strong security posture. Here's how SOAR tools fit into an enterprise security strategy.
How DevOps teams can get more from open source tools
To get the best from DevOps, tackle your open source strategy in two dimensions: horizontal and then vertical. Consider this advice on tools and approaches that work
Open source software development is rapidly becoming a staple in DevOps teams’ toolkits. Open source software (OSS) allows organizations to — especially at the beginning of their journey — avoid the cost of expensive proprietary software that might not scale with the business or become obsolete as time goes on. While cost savings are an obvious draw, it’s actually the flexibility of open source that makes it such a great fit for DevOps.
[ Need to explain key DevOps terms to others? Get our cheat sheet: DevOps Glossary. ]
Software teams today are tasked with delivering automation across a diverse set of DevOps workflows. They must support a broad portfolio of applications and tools, while also serving the needs of different personas, inlcuding developers, SREs, and QA testers. The characteristics of open source software very much lend themselves to meeting these challenges, as OSS can be much easier (and cheaper) to integrate with elements in your pipeline than other solutions.
That’s why entire communities have now coalesced around these tools, and can provide essential guidance and support for others’ journeys.
[ Check out our sibling site, Opensource.com, for open source and Linux tutorials, advice, and resources. ]
Whether you need to connect your continuous integration server with your configuration management tool or something else, there’s probably already a playbook for that. These synergies have led to the creation of many open-source DevOps tools, many of which are now widely adopted and used (full disclosure: I work for Delphix, which has its own open source project).
From working with dozens of DevOps teams across Fortune 500 companies — as well as our own internal use of OSS tools — I’ve found that teams need to approach open-source strategy in two dimensions: horizontal and then vertical. Here’s what I mean:
Build horizontal: Focus on automation and speed
Continuous integration and continuous delivery or deployment ( CI/CD) is the holy grail of software — many are seeking it, but few have found it. Open source tools can be a key first step on the DevOps path to achieving software development’s nirvana state, but only when teams bring automation and speed across the various steps of the process. That’s why professionals refer to a DevOps “toolchain” (the products you use) that supports the software “pipeline” (the process of delivering software) — and visually depict these elements as unfolding in a horizontal fashion.
End-to-end tool coverage horizontally across an organization is the key to highly functional, mature DevOps practices. However, that’s easier said than done — and has traditionally been both expensive and difficult for businesses to do. The good news today is that there are many more open-source options across every sequential step of the software delivery lifecycle (SDLC). From managing source code, to storing build artifacts, release monitoring and finally to deployment — there’s an OSS solution for that if you know where to look.
[ Read also: 5 open source projects that make Kubernetes even better. ]
Go vertical: Add control to every layer of DevOps
Once you’ve leveraged open source tools to build speed and automation across the organization’s SDLC, what’s next? Perhaps less obvious is the notion that DevOps teams must think about tool coverage and instrumentation for a vertical stack, which at a basic level breaks down into code, infrastructure, and data layers. While the instantiation of these elements varies across different phases of the SDLC, these layers exist in one form or another at nearly every step of your DevOps practice.
For example, early in the SDLC the stack may be composed of a few lines of code, running on a laptop and tiny MySQL database containing dummy data. However, later in the life cycle the stack may equate to a fully-built production application on cloud infrastructure-as-service, and talking to a terabyte of data. Regardless of its composition, teams need to bring control and automation across all vertical stack elements in the SDLC.
Again, the good news is that there’s a preponderance of OSS tools that can help, from Git (code) to Ansible and Salt (infrastructure) to Liquibase, Flyway, and Titan (data). This is important because teams must bring speed, control, and automation to every layer of their DevOps practice, lest one becomes a bottleneck that holds up the entire train.
To add another example, it’s great to be able to automatically provision and configure your build on cloud-based test infrastructure in a matter of minutes. But if it still takes days to deliver test data to that cloud environment, you risk creating the illusion of speed but not speed itself.
That’s why each layer of the DevOps operation — from top to bottom — must be addressed to ensure the development process flows from one step to the next, without drag.
Open source state of mind
Whether you’re brand new to DevOps or a savvy veteran, solving for the right toolset to build out a modern software delivery pipeline can be intimidating. OSS can provide all the constituent pieces you need to make integration less daunting, but you must also have the right mindset.
Remember, you’re not just populating an array of open source tools — you’re actually building an array of arrays. Think about automation and speed in two dimensions instead of one, and address bottlenecks that can slow you down in each step of the DevOps process. Do that, and you’ll be right on your way to using open source for a highly-automated, lightning fast CI/CD pipeline.
[ How can automation free up more staff time for innovation? Get the free eBook: Managing IT with Automation. ]