While counterintuitive, brakes allow a race car to go faster. Knowing you can slow down when necessary gives you the confidence to drive faster, but they also contribute fine grained control over speed and handling to get the maximum performance out of the vehicle around the entire track. Well executed governance can achieve the same thing — demonstrated best in a DevSecOps environment.
Traditional (waterfall) IT project delivery have discrete phases with plenty of stops and starts between each so adding a clunky compliance check is hardly noticeable — barely an inconvenience. In contrast, an Agile-based approach is highly tuned to extract maximum efficiency. Compare driving to work with lots of stop lights on your route and racing on a track where seconds matter. Both are leveraging vehicles for travel, but the environments they operate in are very different and have very different technologies and rules.
Everything about technology is designed to improve efficiency — usually translated as moving faster. The old ways of doing cybersecurity governance clash with the new ways of deploying technologies. The shift to DevOps was a good example of this. The role of infrastructure teams changed sharply when developers needed the ability to manage infrastructure quickly. Similarly the role of cybersecurity teams needed to shift before the dream of DevSecOps could be achieved. Developers are given the tools necessary to perform compliance checks quickly and the security team shifts from performing the checks to ensuring the checks are being performed — and still meet the needs of the organization.
Organizations that have well-tuned security programs capable of supporting true DevSecOps are well placed to take advantage of new technologies like AI without risking everything. They already know how to move quickly, and have the tools in place to allow users to self serve necessary governance.
Moving to cloud, adopting AI, leveraging whatever comes next — it is only getting faster. Your cybersecurity program needs to enable the speed, not slow it down.
https://thehackernews.com/2024/12/data-governance-in-devops-ensuring.html
