The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

ISACA: Eight Reasons to Address Security and Culture Shifts Earlier in DevOps

Rolling Meadows, IL, USA (14 January 2015) — The ultimate goal of DevOps is to improve business efficiency to meet market demands—but companies are overlooking two key components in the development and operations process, which can lead to significant problems, according to global IT association ISACA:


1. IT security

2. A shift in company culture


“IT security must be part of the design and development phases of DevOps,” said ISACA International President Robert E Stroud, CGEIT, CRISC. “Too often, organizations try to incorporate security late in the game, which can increase the cost and the risk of failure.”


Organizations must also make sure their culture supports DevOps. “DevOps requires flexibility and individuals who are willing to collaborate, share knowledge and be accountable,” Stroud said. “It also requires a company culture that embraces IT as a business partner.”


Incorporating security and cultural factors into earlier phases—along with ensuring the company’s processes and tools work in conjunction to support DevOps adoption—helps ensure successful adoption and eight key business performance benefits:


1. Reduce time to market

2. Faster return on investment

3. Improved performance

4. Better quality

5. Greater customer satisfaction

6. Reduced IT waste

7. Improved supplier and business partner performance

8. Reduced human factor threat


“Organizations can benefit tremendously from DevOps,” said Stroud, who is also vice president of strategy and innovation at CA Technologies. “But addressing security and cultural needs early on is a key success factor. When done right, DevOps can reduce enterprise risk and cost and enable technology to change at the speed of the business.”


ISACA explains critical successful factors for DevOps adoption, as well as seven critical challenges to overcome, in a free guide released today, titled DevOps Overview. This is the first in a series, and additional guides on DevOps risk and governance, security, and assurance will be issued later in 2015.


To download a free copy of the guide, visit



With more than 115,000 constituents in 180 countries, ISACA ( helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.


Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook: