Difference between DevOps, SecOps and DevSecOps
SREs sometimes get compared to DevOps and friends. Let's clear up any vague notions you may have about these 3 philosophies.
DevOps key points
“Ops people who get paid MORE than developers? Wow!”
Priority: deliver value faster through a marriage of code and systems
Involves: developer and operation roles in one happy(ish) family
Cloud preference: likely to use public cloud for cost-effectiveness and scalability
Commonly seen in: early-stage startups in less regulated spaces
Example product: social media video app
SecOps key points
“Like what banks pay IT millions of dollars to do, right?”
Priority: security above all else
Involves: security guiding operations to secure everything — e-v-e-r-y-t-h-i-n-g
Cloud preference: likely to prefer running on-premise software, but that’s changing — still would prefer private cloud with several failsafe mechanisms
Commonly seen in: regulated industries - government, healthcare etc.
Example product: human clinical trial database
DevSecOps key points
“We care equally about performance and security. No, really!”
Priority: deliver value fast while scaling up securely
Involves: the whole gang — developers, security experts and operations
Cloud preference: likely to use hybrid infrastructure (public + private cloud)
Commonly seen in: rapid growth companies in regulated spaces e.g. FinTech
Example product: your favourite Buy Now Pay Later app*
* Well, I hope they employ DevSecOps as a philosophy
Google has lately between big on DevSecOps, so it’s worthwhile looking deeper into this philosophy in a future post.