How CIOs Can Balance Boldness and Caution By Implementing DevOps Test Data Management - Security Boulevard

2022-09-02 20:45:36 By : Ms. Cherry Wen

The Home of the Security Bloggers Network

Home » Security Bloggers Network » How CIOs Can Balance Boldness and Caution By Implementing DevOps Test Data Management

Too often, modern businesses are forced to choose between the speed of innovation and privacy and security for valuable data. The modern CIO must balance immense market and board pressure related to cybersecurity risks and compliance requirements, all while innovating fast enough for the business to achieve its goals.

The truth is, data privacy and security can be a business enabler, not a hindrance— it just requires the understanding that data privacy and security is as much of a cultural, organizational, and managerial issue as it is a technical one. By making the right changes to culture and process, along with the appropriate investments for data automation software like the Delphix platform, CIOs can successfully make data privacy and security an enabler of fast application innovation and growth. 

The Delphix DevOps Data Platform is the only API-first DevOps Test Data Management (TDM) platform for multi-cloud that delivers continuous compliance while rapidly deploying data to accelerate development. With automated test data, companies can achieve fast, quality software releases, more seamless cloud adoption, and improved data security and privacy for meeting emerging compliance requirements. 

Remember that oft repeated and mocked broadside by former Microsoft CEO Steve Balmer of Microsoft at the company’s 2000 Windows Conference? “Developers, developers, developers” is more relevant today than ever before — just like at the turn of the century, developers remain one of the most critical talent areas within a modern company. 

What has changed in companies since 2000 is the fact that a dedicated team can no longer accomplish security on its own through trust and manual processes. 

This couldn’t be more evident based on continued data breaches of major companies like T-Mobile, which recently reached a  $350M settlement for a test data breach in 2021 that exposed the personal information of 77 million customers. It’s clear a more comprehensive approach to data security must be employed. 

Today, security is every employee’s responsibility. And finding ways to automate the delivery of fast and compliant test data can assist data security management across an organization significantly. 

In the end it’s all about empowering your developers to be as productive as possible, and one of the biggest roadblocks to developer productivity is quick access to production-quality test data. Developers are constantly being hamstrung and application releases delayed  due to security concerns of providing test data. Developers need to be enabled to work seamlessly, and they need high-quality test data, and a shift in culture and process to make that happen. 

CIOs must create the right working and coding environment in which their development teams can innovate. CIOs can best enable this shift in cultural thinking by applying a developer mindset — rather than a compliance mindset — to security issues. 

But what does a developer mindset entail? It means giving developers near real-time access to production-quality test data during their normal development cycle so they are not impeded by data security concerns while coding. Let developers be developers and code, not wait for permission or put up roadblocks to getting their core job done. 

It’s also about setting a zero-trust security framework so data can be protected down to all lower environments, abandoning the traditional castle-and-moat security model. A zero trust framework can be achieved through the automation of production-quality test data using the Delphix DevOps Platform, which helps enforce regulatory compliance through the technique of data masking, all while protecting referential integrity of complex enterprise applications.

One way to achieve all this is by employing a DevSecOps working model. This model, an extension of the DevOps concept, is a development model where security is integrated into each stage of an agile product life cycle rather than being done at the end.

According to Hasan Yaser , Technical Director of Continuous Deployment of Capability for the Carnegie Mellon Software Engineering Institute, “DevSecOps is focused on how to get the security practices into the DevOps pipeline, which includes DevOps pieces. Plus getting other thoughts and ideas related to risk and security, related to any possibilities of merging risk and security together, and how to change the company culture regarding risk, all within the right software delivery and the deployment pipeline.”

Additionally,  CIOs can modify how their teams are structured and interact with each other by having security and compliance professionals working in tandem with developers to address security issues before they develop.

Tools, Talent, and Culture Matter

Tools, product management, culture, and talent management can have the greatest impact on improving developer and business performance, according to McKinsey . The companies that have most effectively leveraged their developers focus on empowering them, ensuring technology investments align to customer value, and minimizing productivity barriers.

McKinsey reports that best-in-class tools are the primary driver of their Developer Velocity Index (DVI), which quantifies the improvement of business performance through software developer empowerment. The McKinsey report found that organizations that enable and empower software teams to experiment, learn, and even fail in a safe environment consistently see better results.

Companies that perform best in this area invest in the tools and platforms that can absorb and minimize the cost of failures, like Delphix’s automated DevOps data platform for application transformation.

With the Delphix DevOps platform, your organization can automatically deliver data into development environments, while  allowing for data refresh, rewind, integration, and version control. You can test with real, production-quality data to eliminate defects, and do this with confidence knowing sensitive data values have been automatically masked.

Finally, the McKinsey survey found that companies with high DVI scores frequently recognize employees for their achievements. These forward-looking companies will publicly acknowledge both individual and team efforts, and they’ll reward their outstanding contributors appropriately.

Making Data Security an Enabler of Speed and Growth

The CIOs who succeed in both securing their data and leveraging it for business value are ones that can not only deploy the right technology to meet their business goals, but can make the cultural, procedural, organizational, and talent-management changes needed to win. Companies that provide and apply the right tools, culture, product, and talent will succeed at not only developing software faster, but will deliver improved business performance.

In a recent McKinsey article on the CIO agenda for 2022, an unnamed CEO commented, “I’m more concerned about not being bold enough than about being too cautious.” Using secure  and private data, while leveraging a platform like Delphix to automate test data security, CIOs can balance boldness and caution to ensure the ability to innovate and drive business growth.

And do you really need to sacrifice speed for safety? Not according to the most famous race car driver in history.

“It is amazing how many drivers, even at the Formula One level, think that the brakes are for slowing the car down,” said Mario Andretti.

Download this solution brief for more information on how Delphix can help with data compliance for the Gramm-Leach-Bliley Act (GLBA).

*** This is a Security Bloggers Network syndicated blog from Resources - Blog authored by jasonaxelrod. Read the original post at: