5 Ways DevOps and Automation Bolster Software Security


The fusion of DevOps and security goes hand in hand; a well groomed DevOps structure ensures faster and smoother software releases. Multiple releases might have been a farfetched dream 10 to 15 years ago; however, the true reality of today is that many software companies are functioning differently now.

DevOps has changed the very existence of how companies develop apps. However, what is important to note is that in the quest to get the software ready for deployment, the security of the launch should not be compromised. Fortunately, DevOps takes care of all the security nuances, since it has been fine tuned to provide risk free deployment, provided the right measures are taken at all times.

By fusing security measures into the working of DevOps, companies can ensure that maximum security measures are taken at all times. At the same time, it is also important to note that as developers and operations people start working together, there are a lot of security controls which can be affected or compromised in the long run. This show why DevOps tools are often met with resistance during the implementation stages.

When it comes to security, DevOps can be configured to secure all the phases of software development:

  • Security right from the start: Security, as a measure, does not have to be implemented at the last development stage only. It can be embedded from the initial stages itself, since it is a quality requirement. Through DevOps, one can incorporate automated security testing procedures efficiently and effectively to achieve compliance listed norms.
  • Automation security: As more and more tests are automated using DevOps, there are lesser risks of security flaws caused by human errors. With automation in place, the tests are more secure and efficient, making the development process more predictable and consistent.
  • Through security – through and through: DevOps security is implemented at every stage, which makes the process all the more consistent and useful. Right from development and testing to ops and security, everything is taken care of by DevOps, making the process simpler yet efficient.
  • Fix things quickly: Unfortunately, even DevOps implementation is not 100% security breach proof. However, since the deployment accelerates the lead time, it helps reduce the errors, since everything is following a consistent setup approach.
  • Enhanced governance for developers: DevOps is all about securing the governance for the developers involved in the production capabilities. Through consistent development, testing and release practices, developers are able to control the governance policies and provide utmost security to the software development and deployment. When everyone is aligned on the procedures and policies, a strict governance regime can be followed, in order to make the production stream more productive and conclusive.

Through DevOps, there are a lot of opportunities which can be explored with respect to software security. Automation, emphasis on software testing, feedback loops, collaboration and consistent release practices, companies are able to secure their software testing lines and provide faster

Can Automation replace manual testers?

“Is Test Automation going to help my business?”

We received this question from our customers for the umpteenth time:

To answer that question, we take a methodical approach… we assess the maturity level of the customer’s quality assurance organization. Many of the organizations do not treat Test Automation as a core practice but a supporting practice within the practice. Changing this perception and adopting Test Automation as core practice requires great shift in thinking and visualizing the benefits.

Once we are convinced with their existing practice, process and team’s mindset we recommend the test automation to our client. At this point, we face the next question:

“What is the ROI from Test Automation?”

For most of the project managers this is just a quantifiable number in terms of running more tests faster with fewer people. This number is used to justify the adoption of Test Automation in their projects. How do we arrive at this figure? There are many simple calculations in software testing organization to calculate the ROI, one such calculation is:

ROI = (Cost of manual testing – Cost of test automation)/cost of test automation

This looks simple, straight-forward and easy… this entire exercise builds a business case “We will run more test cases faster, with fewer people.

Many of the thought leaders do not completely agree with the business case and have a plethora of questions like:

“Do running more tests, faster produce better software?”

“Does manual testing and manual testers can be replaced by test automation?”

“Can we compare the cost of multiple executions of automation tests against manual tests?”

“Can we devalue the tester’s role in software testing? “

We at Idexcel believe that, Test Automation (once proven ROI is established) must be used to optimize the testing efforts but at the same time balance the Automation and Manual elements. Test Managers should not get sucked by the ROI black-hole. They should utilize their human (manual testers) element to test changes to the application (new and incremental functionality), cases that requires human judgment, situations that involve complex and implicit business knowledge. And utilize the Automation element for tests that are explicit, repetitive and black & white.

Now, coming to the subject of the blog:

“Can Automation replace manual testers?”

Our answer is a resounding NO!, especially when we are talking about applications and systems that are incrementally maturing.

When we address the automation needs of our clients, we don’t only convince our client solely on ROI. But we provide the detailed analysis of how we combine right set of tool with right set of people and process which can improve

• Reduce time to market
• Increase test efficiency
• Increase test effectiveness
• Improve test repeatability
• Decrease test defects escaping to production
• Select right set of test suite for a particular cycle
• Optimizing the test cases as software evolves
• More importantly Quality