Speed, security and smooth collaboration with Stretched DevSecOps

17 September 2021

Speed, security and smooth collaboration with Stretched DevSecOps

Although working in the cloud has now become a given for many organisations, making the switch fully and the corresponding follow-up steps are not always so easy. Collaborating with an experienced Secure Managed Service Provider ensures that you can make that switch optimally, but how do you maintain speed and security if Development and Operations are vested in different organisations? The answer: Stretched DevOps.

Innovation and development are high on the digital agenda. Organisations that develop applications want to be able to respond to trends and developments in the market immediately and have no time for long-term development processes. In order to be able to make that possible, organisations are working ‘cloud native’ – directly in the public cloud – more and more often. Cloud native development of applications has numerous advantages: applications are endlessly scalable and easy to modify. Moreover, cloud native applications can easily be connected with cloud services without code being required for that.

"Stretched DevOps is not a generic ‘outsourcing package’ that is rolled out everywhere in the same way."

Switching securely

The switch to such a new way of working is a very big one for many organisations, which they cannot make just like that. The IT architecture has to be designed for a new model, old applications outside the cloud have to be phased out, and everything outside and in the cloud has to be connected with each other in the correct manner. And that all has to be done in a secure way to avoid cyber risks.

Collaboration with an experienced Secure Managed Service Provider like Solvinity helps to steer the switch to cloud native development in the right direction in a proper and secure manner. Outsourcing IT in that way raises a lot of questions for many organisations, for example about how to maintain control and speed. In order to dispel those concerns and to be able to collaborate in a truly optimal way, Solvinity has designed the Stretched DevOps model.

That Stretched DevOps model is completely set up to enable close collaboration between the engineers from Solvinity and the teams of the client. The engineers from Solvinity spend a large part of their time with the client at the office and collaborate there with the in-house developers. In that way, the knowledge transfer between both teams is stimulated enormously, obstacles hindering progress are removed and slow information exchange is prevented.

Customised approach for every organisation

Stretched DevOps is not a generic ‘outsourcing package’ that is rolled out everywhere in the same way. The maturity of the organisation and strength of its own IT teams is carefully examined together with the consultants from Solvinity, in order to subsequently draw up a customised programme. That means that this ‘stretched’ collaboration can look different for one client than for another. In the case of our client FRISS, for example, which develops fraud detection software for insurers, Development is rock-solid. Because the Ops team of Solvinity, which is collaborating with them in the Stretched DevOps construction, is looking at the application from the outside and can apply knowledge previously gained, optimisation opportunities come to light quicker.

Developers ensure that the system works as it’s supposed to - Operations monitor the reliability and maintenance options of the system and security is immediately integrated in order to test the system against the highest possible security standards.

Security-by-Design

When organisations roll out and optimise this IT outsourcing, that is the perfect moment to immediately incorporate Security-by-Design. In the case of many IT processes, a foundation is laid first, and then consideration is given to how best to secure that foundation. Solvinity prefers to look at how security can be directly embedded in that foundation. Due to the shift from security to the design and development phases (‘shift-left’), you get better systems, you avoid extra work and you reduce the chance of delays.

That is possible with a Stretched DevSecOps, in which security consultancy forms an integral part of the close-knit collaboration and optimal security is already examined during the development phase. Developers ensure that the system works as it’s supposed to – Operations monitor the reliability and maintenance options of the system and security is immediately integrated in order to test the system against the highest possible security standards. For a company like FRISS, which processes a lot of privacy-sensitive information, the high level of knowledge and safeguarding of security were also one of the most important reasons to opt for Solvinity.

Solvinity also works with such a Stretched DevSecOps model for the Netherlands Police. Continuous Integration/Continuous Delivery (CI/CD) is used when setting up the new environment for the Web Application Hosting services (WAH services) of the police. Any change to the applications developed are immediately tested against the highest security standards, so that each part of the system is secured from the start. By collaborating in this way, new developments and functionalities can be efficiently and securely incorporated in the WAH services. Moreover, with this model the police are given greater self-sufficiency and it becomes possible, due to the high throughput, to quickly respond to urgent social developments that require new tools.

Ready for the future together

With Stretched DevSecOps, you work in an optimal collaboration on the basic security of your organisation and you can set to work in the cloud securely. When you collaborate with a Secure Managed Service Provider that also incorporates experience from previous, similar processes, you avoid pitfalls and you prepare your organisation optimally for the speed of the future.

Would you like to know more about Stretched DevSecOps, and how it can benefit your organisation? Get in touch with us. We’re happy to tell you all about it.