Open-source software boosts development but struggles with security and scalability

Arvind S Shetty, Kyndryl Leader- Global Development, CTO org, shared a deeper understanding of how DevSecOps and open source reshape IT organizations’ operations, emphasizing the importance of security, scalability, and effective team management in today’s rapidly changing technological world.

The role of IT organizations is continually evolving in the changing technology realm, requiring adaptive strategies and forward-thinking approaches. In a conversation with Nisha Sharma, Principal Correspondent at CIO&Leader, Arvind S Shetty, Kyndryl Leader- Global Development, CTO org, provides insights into the complexities of modern IT landscapes. This discussion explores the integration of DevSecOps in software development, the impact of open-source communities, the importance of accessibility in software design, the need for transparency in technological environments, and the management of remote work and distributed teams. 

Arvind S Shetty
Kyndryl Leader- Global Development
CTO org

Arvind Shetty’s expertise illuminates how these factors affect IT organizations’ operation, culture, and success in an era of rapid technological change and significant cybersecurity concerns. His analysis reflects current trends and anticipates the future, offering an overview for IT professionals navigating these changes.

 Q. With the current prominence of Dev SEC OPS in many IT organizations, how do you see its immediate impact on the software development lifecycle, especially regarding security integrations?

Arvind Shetty: Software development has evolved significantly, transitioning from the traditional waterfall model to more dynamic methodologies. Initially, the waterfall model focused on a linear approach: build, test, then deploy. This method often delayed quality assessment until the later stages of the development cycle.

The introduction of Agile methodology marked a significant shift. Agile allows for incremental development and continuous feedback, enabling teams to demonstrate value and functionality regularly. This approach transformed development into a more flexible process, accommodating various coding styles and solutions.

Following Agile, the adoption of DevOps practices further refined development. DevOps emphasizes continuous code integration from all developers, fostering collaboration and early detection of integration issues. This shift moved quality assurance from later stages to earlier in the development cycle, enhancing overall quality.

Security considerations led to the emergence of DevSecOps. This approach integrates security practices from the beginning of the development process, ensuring secure coding and standardization of security measures. It also automates testing and focuses on proactively addressing cybersecurity threats.

Despite these advancements, challenges remain, particularly in standardizing DevSecOps practices across different development teams within an organization. Each team may develop its own DevSecOps pipeline, creating potential integration issues at the broader organizational level. Thus, understanding and implementing standard practices, tools, and assets essential for effective DevSecOps is crucial.

In this context, the focus is on managing and optimizing development pipelines across organizations. This involves standardizing practices and facilitating secure and efficient development processes, ensuring cohesive and secure software development across the enterprise.

Q. Open-source communities have always been pivotal in tech. How do you believe they shape the technological landscape, especially in areas you’re actively involved in?

Arvind Shetty:  Open-source software is vital in accelerating development and problem-solving through crowdsourcing. It offers speed and agility, allowing developers to contribute to innovative solutions. However, challenges exist in terms of security, scalability, and quality. Open source may only sometimes address large-scale requirements or focus heavily on security. The effectiveness of these solutions varies depending on their integration within an organization. Enterprises must carefully evaluate and choose open-source options that align with their needs. Successful implementation requires integrating these solutions into existing systems, emphasizing security and quality to meet organizational standards.

Q. Given the importance of accessibility in today’s software solutions, how do companies prioritize and implement it in their development processes?

Arvind Shetty:  The concept of bridge thinking, particularly in the context of the Kyndryl platform, is fundamentally anchored in flexibility. This flexibility is characterized by the capacity to integrate capabilities from various sources seamlessly. These sources include internal offerings within the Kyndryl platform and external services from other technology vendors or providers.

Such an approach is crucial for rapid value realization. Using exposed APIs and compliance with industry standards makes integrating various components securely and efficiently possible. This capability is central to the vision for Kyndryl Bridge, focusing on creating significant value for customers, particularly in infrastructure and automation.

Infrastructure automation is particularly vital, aiming to accelerate deployment, facilitate the smooth retirement of systems, and efficiently tackle infrastructure-related challenges. This not only speeds up problem resolution but also cuts down the costs associated with managing incidents for customers.

Moving up the value chain involves a strong focus on applications, modernization, and migration layers. Clients demand solutions that are not only quick and secure but also seamlessly integrated. They prefer flexibility over being tied to monolithic products that necessitate complex modifications within their existing systems. This desire for flexibility is crucial in delivering efficient, secure, and tailored solutions that align with the dynamic requirements of the contemporary technological environment.

Q. In today’s competitive landscape, total transparency of the technological environment is crucial. How can enterprises ensure transparency, and how can it impact decision-making processes?

Arvind Shetty:  Transparency and trust in organizational processes are crucial, varying significantly depending on one’s role. Each role, whether a service desk agent, a call center operator, a bank manager, or a C-suite executive, requires a different level of transparency appropriate to their responsibilities and decision-making needs.

For instance, a call center agent needs access to comprehensive information to make informed decisions during customer interactions. This level of transparency is vital for them to serve customers effectively. On the other hand, a CXO requires a broader view of the organization to make strategic decisions. This might include insights into customer issues, service modifications, and agent empowerment.

The key to empowering decision-making at all levels is syncing and governing data effectively across the organization. This governance ensures trust in the data, which in turn builds trust in the responses provided to customers. Transparency and trust in the representation of the company to customers are equally important.

In addition to transparency and trust, data integration, governance, and quality are essential. These elements ensure that the data is reliable and secure. With different roles accessing varying levels of data, it’s critical to have robust security practices in place to prevent unauthorized access and data misuse. Rule-based engagement across the organization must be meticulously managed to maintain data integrity and prevent leakages.

Balancing transparency with data governance and security is fundamental in an organization. This balance ensures that all employees, regardless of their role, have the appropriate level of access to information, empowering them to make decisions effectively while safeguarding sensitive data.

Q. With the increasing reliance on remote work and distributed teams, how do you ensure that your company’s technological infrastructure is flexible and robust enough to support these changes while maintaining security standards?

Arvind Shetty: Effectively managing a distributed workforce involves:

  • Critical elements like maintaining productivity with flexible work arrangements.
  • Ensuring workstation security against data breaches.
  • Implementing DevSecOps for standardized and secure development.
  • Embracing cultural inclusivity to integrate diverse teams.

Secure remote access to company networks and aligning organizational culture with remote work practices are also essential. These factors collectively ensure efficient, secure operations and team cohesion across various locations, neglecting any aspect potentially leading to security risks, reduced productivity, and cultural misalignment.

Image Source: Freepik

Share on

Leave a Reply

Your email address will not be published. Required fields are marked *