Enterprise software ‘security gates’ needed to lock down automation intelligence 

We are of course living in an era of spiraling automation intelligence.

Every month we are fed with more messages detailing how software platforms, products and tools are being bumped-up, bolstered and boosted by AI & ML driven automation through advancements in Robotic Process Automation (RPA) and all forms of so-called ‘industry accelerators’ designed to codify, control and coalesce compute resources where repeatable processes can be handed over to the machines.

All well and good then? Well, yes and no. Prudent thought teaches us that we shouldn’t apply excessive automation without an appropriate and commensurate level of control.

Cloud-native era gating controls

Software intelligence company Dynatrace this autumn/fall season has explained how its its platform now includes security gates, enabling DevSecOps teams to automatically assess each new software release to ensure only secure code moves through the delivery pipeline.

With many areas of hard core code creation now being dovetailed with Low-Code No-Code tooling, the opportunity to provide additional cloud-native era gating controls would appear to be a sensible move.

The company says that just as Dynatrace quality gates have allowed development, DevOps and SRE teams to ensure code meets Service-Level Objectives (SLOs), Dynatrace security gates, powered by the platform’s automatic and intelligent observability, now help these teams assure code is secure as it progresses from preproduction to production.  

According to IDC, “The primary drivers for adopting DevSecOps are to improve the overall application security posture by identifying security issues earlier in the software development lifecycle (SDLC), without impacting the velocity of DevOps teams”.

The esteemed IDC analyst team suggest that the importance of unifying observability, automation, intelligence and security within development processes is underscored by additional research, which reveals more than a quarter of CISOs say development teams sometimes bypass vulnerability scans to speed up software delivery. 

Cloud-native workloads 

The Dynatrace platform enables teams to precisely identify vulnerabilities found in cloud-native workloads and applications across the SDLC, while also prioritising these vulnerabilities based on the risk they pose to the business. 

“As organisations accelerate their pace of innovation with cloud-native technologies, they are increasingly integrating security into software development workflows,” said Steve Tack, SVP of product management at Dynatrace. “A DevSecOps approach elevates security as a shared responsibility throughout the entire software development lifecycle, yet manual processes slow progress.” 

In addition here, the AI and automation capabilities at the core of the platform help orchestrate application development processes at scale, including automating code tests and quality checks against an organization’s SLOs. 

Automated intelligence is smarter

With this latest enhancement, customers can now leverage Dynatrace’s automation and intelligence, along with the extensive observability data that is already flowing through the platform, to automatically detect, assess, and manage vulnerabilities in real time, and with greater accuracy than traditional security tests that operate on static code. 

The theme here – as we have seen played out by so many vendors in the enterprise software space over the last half-decade and more – is continuous automated process intelligence that matches the rapid release pace required in modern cloud environments.