Rocket Internet: Security as top driver for DevOps

Delivery of Things World team and Gianluca Varisco sat down to discuss the impact of the emerging issue DevOps.

Delivery of Things World: There has been growing buzz about DevOps. What is DevOps and how can it best be deployed in the enterprise?
Gianluca Varisco: I like to quote Jay Schulman’s definition: DevOps is about creating a conveyor belt to systematically pull together all of the pieces that need to go into production using automation to create a safe and reliable application deployment. Enterprise developers and large organisations are already embracing the movement’s culture, processes and tools, although the timing of its adoption differs. I don’t think that enterprises as a whole fear change so much; what I think happens is that individuals fear change and erect a number of barriers to change. A successful DevOps implementation is a journey that involves people, process, and technology.

Delivery of Things World: Do you see DevOps as a technical movement at Rocket Internet?
Gianluca Varisco: Definitely yes! We started by establishing cross-functional teams and broadening the skill sets of delivery-team members to increase collaboration and break down the traditional barriers that prevent software from being delivered continuously. Our adoption of such methodology also required to look for breakdowns in how we deploy and maintain applications, services and infrastructure.

Delivery of Things World: What is the role of Security within DevOps?
Gianluca Varisco: “The majority of security practitioners view DevOps as a huge threat,” said Gene Kim, co-author of a book about IT and DevOps called “The Phoenix Project.” The beauty of Security within DevOps is that it becomes part of the operational process of integrating and delivering code. I’m a huge fan of using automation and other approaches to mitigate potential security problems while maintaining high velocity.
Said that, the adoption of DevOps creates more security risks for organisations. Getting visibility into the possible security gaps before an application is launched is more complicated because there isn’t the time to take weeks or months to ensure the security is hardened. The lack of visibility makes it challenging to make an informed decision on security.

Delivery of Things World: How can organisations encourage a broader use of skills?
Gianluca Varisco: A successful journey starts with the right people in the right roles with the right skills—and a willingness to collaborate. I don’t see such thing as a DevOps team, as it’s purely just an approach. The key to DevOps is greater collaboration between engineering and operations. It currently encompasses existing roles of the agile teams, engineering, product, security, IT, QA and operations.

Delivery of Things World: Shout-outs: Any sites/people/articles or books that have inspired you lately?
Gianluca Varisco: I’m definitely fascinated by Elon Musk: his vision, how he wants to make a positive impact on humanity and leave his mark. But most importantly, he’s done a lot more in his first 40 years than even the most productive people do in their lifetimes. He’s a role model for entrepreneurs and anyone with a drive to change the world.

The Delivery of Things World team thanks Gianluca Varisco for sharing his opinion and insights.
About Gianluca Varisco: Gianluca Varisco is the Head of Global Security at Rocket Internet, responsible for overseeing the security architecture and compliance of the company’s massive, globally distributed network. All aspects of corporate security, including information protection, ID management, network security, threat analysis, emergency response, security policy, and audit/compliance programs fall under his purview.
Gianluca has over 8 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. He has been tinkering with systems engineering and the people who make the magic happen for a long time. His passion is creating and leading teams of creative people to deliver products that are so great they become invisible – they just work. Big fan of self-organization, he loves to help teams evolve into that elusive state of flow where products, skills, and ideas just materialize. Prior to Rocket Internet, he held engineering roles at Red Hat, Bravofly Rumbo Group, PrivateWave.

Previous ArticleNext Article