Software

Reimagining a Secure Student Experience with DevOps and DevSecOps

DevOps can radically improve student experiences, but can it be done without jeopardizing security?

Amelia Pang is a journalist and an editor at EdTech: Focus on Higher Education. Her work has appeared in the New Republic, Mother Jones, and The New York Times Sunday Review, among other publications.

As universities and colleges navigate new challenges this academic year, having the ability to quickly fix user experience snags is critical for maintaining good student experiences.

Imagine a scenario where IT staff members can seamlessly update university applications and learning management systems as they receive user feedback. This is achievable with the DevOps methodology, a set of processes and tools that allow universities to design, deploy and update applications much faster than traditional software development processes.

According to Ruben Chacon, CDW technology vice president and CISO, the speed is made possible through automation. “DevOps integration is based on automating infrastructure and workflows, allowing for the continuous delivery of applications into production,” he explained in a June CDW Tech Talk webcast. “It allows constant measuring of application performance.”

He shared his advice for universities and colleges looking to foster an efficient and secure culture of collaboration.

Click the banner below to explore more CDW Tech Talk content on our sister publication BizTech.

Tips for Securing DevOps in Higher Ed

With great speed come great vulnerabilities. When individual departments deploy new code independently in the DevOps discipline, security teams may find it hard to stay on top of a rapidly changing attack surface. How can these teams build security into the university’s new DevOps culture?

“The key here is to make everyone accountable for security,” Chacon said. “The objective is implementing security decisions and actions at the same scale and speed as development and operations decisions and actions.”

There is a term for that: DevSecOps, which is short for “development, security and operations.” It means security is automated and embedded into every stage of the development process.

The idea is that quality assurance and security testing should take place early, also known as “shifting left” in the “waterfall” style of software development.

“Ideally, one team manages all aspects of the service, including security and testing functions,” Chacon said. “The process and communication are focused on the end-to-end delivery of the entire service.” It’s important to note, however, that universities will still need to have teams focusing on their functional specializations.

At the end of the day, the DevOps and DevSecOps philosophies hold great promise and potential for higher education IT teams — but only if it is used wisely and integrated with university culture.

Olemedia/Getty Images