Reuben Athaide from Standard Charter Bank gives a terrific interview in this debut podcast from IDC, DevOps and Drinks. He explains how and why COVID-19 and virtual work are accelerating productivity, digital value streams, and DevSecOps.Reuben says that there are opportunities now that everything has “gone digital” due to the pandemic. In a typical DevOps pipeline, you might have had handoffs of documents with written approvals, for example. “Now, that’s not going to be possible.”
The solution, he says, is to automate the pipeline as much as possible. This “will push the needle further, so a DevSecOps transition will happen sooner,” he says. More automation and more integrations are the future. These trends affect all groups within the pipeline, from policy control and governance to change management.
“Now is not the time to take the pedal off security,” adds host Gina Smith, with agreement from co-host Michael Araneta. DevSecOps is more important than ever, agreed Reuben, especially with so much moving to the cloud. To address DevSecOps he offers two places to start:
- Spend time observing patterns and standardizing development approaches.
- Create "guardrails, not gates" to automate open source governance.
The second point is his favorite, he says. To automate policy control, use a policy engine. “As part of the pipeline a policy engine can check to see if you are following the policy, and if you aren’t, it can break the build,” he explains.
One DevSecOps use case for a policy engine is when governing the quality and security of open source software components used by developers. “There’s a tool out there, Nexus Lifecycle Manager from Sonatype, that we’re onboarding at the bank,” he adds.
“Software Composition Analysis (SCA) is critical to the whole workflow because in most of the coding developers do these days, they use a lot of open source. [With Nexus Lifecycle in place as our SCA solution], we know what’s in the pipeline.”
Here, Reuben shares his views about the benefits of Nexus Lifecycle, but we encourage you to watch the entire episode, as it explores how work is evolving during COVID-19.