Cons
The main problem with the integration of a DevOps team is that the security takes a back seat, and the company becomes at a risk of security issues. This is because the security team is not integrated with DevOps, and they have no clue what tools or methods are being used for the speeding of the app development process. In order to streamline the process, the DevOps choose speed over security many times, such as skirting around the necessary scans and code checks. This, in turn, introduces vulnerabilities and makes it difficult for the security team to keep track of the many security holes and clog them.
Security measures protect the company, but at a cost of lower speed. DevOps teams, in trying to speed up processes, consider the security measures as obstacles and steer clear of it, and tend to avoid the security teams so that they can have their work done without any hindrance.
Transport layer security is the most vulnerable in companies where DevOps is adopted. The usage of unprotected keys by the DevOps teams in order to use shortcuts allow malicious users the opportunity to pose as trusted factors, or hide in the data, which puts the company at risk of spoofing and man in the middle attacks.
Challenges
The main challenge of integrating a DevOps team is that the security takes a back seat. In order to prevent that, companies must create a strategy in which the security team collaborates with the development and operations teams and comes up with a middle ground that all parties can compromise on. The development and operations teams can try to compromise speed in the cases where security is extremely important, and the security teams can come up with some new tools or techniques to provide security measures that do to not hinder the development process of applications.