Application Security Testing: An Integral Part of DevOps
By Pete Brown, Director of Product Marketing at Acquia
There are many choices of articles, blogs, and forums that discuss how often Web sites require redesign. If you're wondering, the consensus seems to be two to three years. However, the discussion does not include the technology used to support and deliver the actual digital experiences visitors to those websites expect. Instead, the focus tends to be on the creative side of the equation.
But, that is only half of the story. In fact, digging a little deeper, your approach to choosing a digital experience platform directly impacts the creative boundaries of your project. The more open and ambitious your platform is, the more ambitious (and, yes, creative) your digital experiences can be.
Coupling a redesign of your digital experience with re-platforming gives you an opportunity to consolidate into a single CMS, remove operational silos, increase efficiency, and develop a truly responsive design. It also gives you an opportunity to move your work to the Cloud, which has proven advantages over traditional hosting services or on-premises deployments. Migration to the Cloud enables benefits from not only the technology standpoint, but the business model of Cloud subscriptions, as well. Using these services shifts you from capital expenses (hardware and software licenses) to operating expenses (subscriptions).
Determining the Cloud Path That's Right for You
Once you make the decision to move to the Cloud, you have to figure out how. By "how," I mean the type of Cloud services you procure to support your experience. The Cloud brings you into the world of "as-a-Service" offerings. You need to determine the best path forward, whether it is Infrastructure-, Platform-, or Software-as-a-Service (IaaS, PaaS, or SaaS). The choice among these options comes down to the balance between your desired level of effort and level of control and responsibility over your infrastructure, platform, and software. Deane Barker on Gadgetopia breaks down and defines each of these models, providing a solid guideline of what to expect from each type of service.
My preferred path to the cloud, PaaS, offers you the advantage of a partner that manages the IaaS, deploys core functions, and provides the development environment for the type of application you're building. Today, the Cloud has matured to the point in which leading platforms now include pervasive security, compliance support, and key functionality out of the box. An evaluation of each vendor's security and compliance practices should reveal the information you need to make your decision.
Next, Add Open Source
In my experience, PaaS plus open source can deliver a far more powerful digital experience. But first, let's get this out of the way. Open source software is free. But, free isn't always better, so let's focus on what makes open source better than free.
The codebase is available for anyone to download, make changes, and submit the changes back to the community for testing and approval. This is one of the reasons developers love open source software. If something doesn't work for their use case, or they identify an opportunity to make the software more efficient, they can just fix it. For many developers, the opportunity to be part of a vital community is a major benefit of open source. This means that bugs or security risks can be addressed much faster than in a licensed software company. No more waiting.
For example, in the digital experience space, Drupal is a leading open source CMS with over 1 million global Drupal Community members. The community built around the software provides a deep talent pool to help you build your application and develop your team's skills. Beyond the individuals contributing to an open source project, companies (like my company, Acquia), provide support and resources for ensuring the success of an open source project. This allows developers to build and author digital experiences faster.
Open source communities want you to succeed using their software. Most communities provide documentation and training. The Drupal Community offers extensive documentation for multiple versions and developer guides to ensure your team gets running quickly. Furthermore, developers can learn from and connect with the community through worldwide conferences and meetups. The Linux Foundation and Drupal host annual conferences. The Apache Foundation has several across their many projects.
One of the common misconceptions about open source software is that it is unsecure. Although I recommend evaluating the security of any software you use, most open source is far from unsecure. In fact, in February 2016, CSO addressed how the perception of open source changed. This change in perception highlights the strength of choosing open source solutions in today's enterprises. The very arguments used by traditional software companies to drive concerns about open source a decade ago were the attributes that led to the current perspective. These include: code availability, community, and usability.
PaaS + Open Source = A Winning Team
Putting all of this together, if you adopt a leading PaaS tuned for an open source application, you have a winning solution that will position you for the future. PaaS provides you with a pre-configured environment on which to build, freeing your teams from the complexities of orchestrating, automating, and operating your environment. Open Source Drupal CMS provides your team with the availability, community, security, and usability to focus on developing and delivering the next generation of digital experiences.
Cloud PaaS allows for automation and scale at a greater frequency and faster rate than IaaS by merging the process of sourcing software, services, and hardware. When you have a true PaaS, you source, configure, and go; this simplifies the process of developing, delivering, and managing digital experiences for teams, whether for a single site or thousands.
About the Author
Pete Brown is Director of Product Marketing at Acquia, where he focuses on the company's Drupal-hosted Cloud platform. He works with companies to help them build digital experiences faster and manage those experiences easily and securely. Prior to Acquia, Pete worked at Intralinks, Sonian, and IMS Health.
# # #
This article was contributed. ©Codeguru.com. All rights reserved.