DevOps is a worldwide phenomenon, which is reflected by the global popularity of its major event, the DevOps Days.
I was fortunate enough to attend the DevOps Days 2014 in Brisbane.
The keynote speaker was Sidney Dekker, a Dutchman who has extensive experience on human factors and safety. He argued that a lot of major incidents don't have any precursor events.
You can have a clean track record with regards to security and still suffer a huge incident. Do I agree ? Not completely, but nonetheless thought provoking.
Personally I think that the inverse will always hold true: There is a higher chance on a major security incidents after a number of several minor security incidents. Cluttered desks mean cluttered minds after all.
Some buzzwords and issues that were (frequently) discussed:
- Docker - A lightweight virtualization platform (can it live up to its sky-high expectations ?)
- Microservices - Build small, independently deployable services
- Terminate random virtual machines to test (and improve) resiliency
- Edwards Deming - The godfather of Devops ?
For me the key takeaway was that DevOps doesn't really changes your (level of operational) security. Whether system administrators deploy code built by developers or developers push their own code to an environment - in both instances the implicit level of trust doesn't change. Yes, procedures change, quite profound sometimes.
Still I was left with the overall impression that there are more developers interested in moving towards DevOps than system administrators....