As former director of IT production, I was responsible for managing critical information systems, in order to ensure the best possible levels of availability and performance (which implies a focus on stability), while launching quick and frequent application production runs (this time, with a focus on agility).
These two objectives are already antagonistic, without considering the need to control investment budgets (CAPEX) and operating expenses (OPEX), while facing an unprecedented shortage of talent.
The IT factory, the Holy Grail of CIOs
An equation that is a priori impossible to solve? In 2007, DevOps, the cousin of agile methods like Scrum, offered part of the solution.
The concepts of automation and orchestration moved to the heart of CIOs’ concerns, and the terms Software Factory or CI/CD Pipelines, from the industrial vocabulary, made their appearance and became an integral part of our jargon.
With a bit of hindsight, we see that IT entered its own industrial revolution at this time: where we used to do many operations manually, tools like Puppet, Chief and Jenkins took over and finally made it possible to automate laborious tasks that led to errors.
So, slowly but surely, we’re moving toward the creation of IT factories, looking for inspiration from more mature sectors, such as the automotive industry where automation occupies an essential place.
While this is a first considerable step, the DevOps movement has long been limited to systems and networks, ignoring cyber security.
However, to truly attain the Holy Grail of the IT factory, we need to demolish the last silo and integrate cyber security in a broader movement: DevSecOps.
The IT industry - Maturity
Automation and orchestration in cyber security offer solutions that radically improve companies’ security level by reducing incident detection and response time, reducing operating budgets and effectively compensating for the talent shortage.
With its global approach, DevSecOps helps to clearly define the responsibilities of the various teams, modes of collaboration and aligns the entire division on the same objective.
History constantly repeats itself: this new industrial revolution that is DevSecOps is the outcome of agile methods, which were born of Lean methods, which appeared in Toyota’s manufacturing plants and whose existence were made possible by Taylorism and Fordism.
The TechLABby Newlode, that Les Assises de la Sécurité and its partners share with us for the second consecutive year, demonstrates that the IT industry has reached maturity, illustrating, through concrete use cases how the automation and orchestration of key solutions on the market improves business efficiency.
CEO of Newlode