Despite the popular rhetoric that DevOps is a miracle which can solve many problems, management continues to complain that their costs are out of control, their level of risk unknown and they have problems delivering software on time.
Managers typically have 3 levers within their control that they try to balance – cost, time and security. Adjusting any one lever has an effect on the other two. For example, increasing costs can decrease time to market while increasing security. On the other hand, a reduction in security controls often translates to a reduction in cost and faster time to market.
“Working with numerous customers from various industries, New Context often discovers an organization is working with a broken incentive model and their priorities are misaligned.”
Product teams look to deliver features faster and more often. They value change and a faster moving development pipeline. The teams in charge of operations put a stronger desire on reliability and uptime. Security and compliance departments seek to gain more control and compartmentalize which oftentimes results in a slower process and more speed bumps. Surprisingly, security’s requirements can conflict with operations – security will prioritize the installation of patches to reduce risk even if it means an increase in downtime.
DevOps initiatives succeed when the business transforms itself and becomes aligned with the desired behaviors. In contrast, security initiatives fall short in the opposite manner to DevOps’ success by failing to address business misalignment and not fundamentally transforming how the business functions through permanently embedding the desired behavioral norms within organizational culture.
- The incentive model is broken. People across the organization are not incentivized to make better decisions.
- Priorities are misaligned. Often security programs are attempting to influence and implement changes that are at odds with the desired outcomes pursued by the business.
- People are seen as a problem, not a solution. Organizational culture is fundamentally broken, creating disincentives for improved decision-making, collaborations, and integrating desirable behavioral changes into overall policies and priorities.
Lean Security: Our Solution
Lean Security™ answers these challenges by drawing lessons learned from Lean manufacturing, Lean startups, Agile, DevOps, test-driven development (TDD), and other similarly progressive approaches. As a business management model, it seeks to first reform organizational culture as a necessary catalyst to making security a truly emergent property of organizational behaviors and functions.
One of our financial services customers improved infrastructure deployment efficiency by 99.93% while maintaining strict security and compliance and meeting federal regulation requirements. They were also able to recognize other values, such as reducing deployment time for a new server from six weeks to 10 minutes.
Looking Ahead to Full Lean Security Transformation
New Context continues to guide customer advancements and enable them to make changes to their technology at a faster rate, satisfy regulatory requirements, and do business more competitively in their space.
New Context has deep experience driving the successful, holistic transformation of organizations, their technology, and how they do business by implementing automation, collaboration, and increased security, leading to increased efficiency, effectiveness, resilience, and reduced costs.