The snags holding back DevOps: culture, delivery and security

5 steps for making 2021 a great year for DevOps. 'We need to rethink connection and integrations, both on a technical level and a human one'

The idea of continuously delivered, quality software vetted through a collaborative and highly automated series of steps from inception to deployment is an enticing one, hence the appeal of DevOps. However, while just about everyone says they are pursuing DevOps, the reality on the ground has been mixed at best. 

DevOps: What is it, and how can it help your business?

Inspired by the world of just-in-time manufacturing and widely practised in 'greenfield' IT organisations such as web-scale businesses and startups, DevOps is now making inroads into the 'brownfield' enterprise market.

Read More

The urgency of DevOps has only increased over the past year, as the Covid crisis scattered corporate workforces and physically separated IT teams. "We need to rethink connection and integrations, both on a technical level and a human one," says Ed Macosky, head of product at Boomi ."While it may seem that many DevOps teams don't have any trouble working remotely, two out of five said that remote work is affecting their ability to innovate and be creative, with the majority noting this is due to a lack of in-person connection with colleagues. DevOps teams bring innovations to life at a company."   

However, it's been difficult to organize and maintain DevOps teams, especially at this time of uncertainty. "With employee churn, DevOps teams are often left to deal with a script-based dumpster fire," warns Ashish Kakran, principal with Thomvest Ventures. For instance, while DevOps is supposed to put development and operations on the same page, the two groups often are still taking their own separate paths. "We're seeing DevOps implemented separately and differently in different functional areas of the same organization," says Brian Dawson, DevOps evangelist with CloudBees. "Operations may implement their own DevOps tools and processes, while application development implements their own DevOps tools and processes."

So while the perception on the ground is everybody is doing DevOps, "the reality is also that we still have work to do it right, do it at scale and achieve universal maturity," Dawson adds. "DevOps is about connecting development and operations. The challenge is to build those connections, universally, between leaders and practitioners, Dev and Ops."  

Cultural issues create this disjointed relationship between Dev and Ops. "Culture is the number one missing component, but there is also a failure to truly connect and automate across functional silos," Dawson says. "This results in lack of shared visibility, consistent feedback to drive improvement and, potentially, a negative experience which inhibits adoption."  

There are too many tools competing for Dev and Ops teams' mindshare as well. "A single team may have anywhere between 20 to 50 tools," says Kakran. "Separating signal-from-noise when you are bombarded by hundreds of alerts per hour is quite challenging."

The continuous delivery piece is also a snag in the continuous integration/continuous delivery (CI/CD) that should flow effortless through DevOps. "Enterprises are lagging in test automation and are increasing efforts to automate continuous testing, which is a core component of CD," says Venky Chennapragada, DevOps architect with Capgemini North America.. "Some enterprises are unable to adopt a high level of CI/CD because their application portfolio mostly consists of packaged software, legacy software or ERP systems."

Security is another issue that slows down DevOps practices. "The modern DevOps environment is full of creative people who are encouraged to build fast and hard to hit innovation targets," says Kevin Breen, director of cyber threat research at Immersive Labs. "The problem is, security teams only step in at the end of the CI/CD pipeline and point out vulnerabilities. Often this is after code has been committed, and sometimes even after the developer has moved on to another build." As a result of the too-late entry of security-minded teams, "this causes friction and destroys productivity as it means resources are pulled back." 

What's being missed with DevOps efforts, Chennapragada adds, is strong governance. This "is leading to multiple versions of implementations and pipelines." These workflows, he continues, "should be built based on patterns so they are easy to replicate, leading to better maintenance and support that can be executed by DevOps engineers."

What can be done to make DevOps more cohesive and transformative? Industry thinkers provide some suggestions to get things on track:

  • Move more responsibility to developers. Yes, DevOps is not always a 50/50 proposition. Kakran calls for an acceleration of the "Shift-Left" phenomenon, which puts more responsibility for the process in the hands of developers. "In this world, dev tools filling the 'X-as-Code' category will have an outsized impact on an organization's ability to deliver faster, more frequently and with fewer number of failed deployments," he says. "The 'X' here is a critical application component - infrastructure, security, compliance, and others. This combination of more empowered developers and more efficient DevOps tools will dramatically accelerate software delivery even more than the past."  
  • Promote more DevOps training, education and awareness. "DevOps and security teams need to reduce tension through skills development," says Breen. "By imbuing engineers with an understanding of the baseline tenets of security, and gradually helping them understand the more technical nuances, they will begin to develop more secure code as part of their daily work. This reduces friction, stops code being recalled and helps innovation flourish."  
  • Tie DevOps to the ultimate customer. "We see more success in enterprises where there is a DevOps champion at the CX level who can remove obstacles due to culture, process, or tool issues when they arise," Chennapragada says.
  • Watch the market for more integrated solutions. "End-to-end integrated DevOps platforms will become a norm," says Kakran. "Such platforms will offer a few best-in-class components with built-in automation and will enable organizations to integrate other DevOps tools in a plug and play manner. Mergers and acquisitions will accelerate in 2021 with bigger companies rushing to acquire smaller companies who have the best-in-class tools which would help them provide an integrated solution."  As a result, he says, "CIOs will be able to dramatically improve their teams' productivity by leaving integration and maintenance hassle of CI/CD pipelines to integrated platforms. The trend of internal teams writing scripts or generating tickets will be replaced by automation provided by integrated tools from third party vendors will accelerate in a big way in 2021."   
  • Communicate more. "It's key that DevOps has the tools and resources to continue creating and integrating quickly at their disposal," says Macosky. "It boils down to improved communications and leveraging time saving tools like low-code. New ideas can emerge when we're connected. Then we can solve more problems and teams can prevail, regardless of the situation."

Ultimately, in the months and years ahead, "the adoption of cloud-native, container-based microservice architectures necessitates the adoption of DevOps culture and tools, says Kakran. "Newer applications are entirely being built using containers and Kubernetes and hosted in a hybrid-cloud environment. This is true even for the largest financial institutions that have historically been hesitant to adopt cloud. Lift-and-shift of legacy applications is a harder problem to solve but serious efforts are underway even there because the benefits of cloud outweigh the cost of adoption. 2021 will be the year of prominence for the 50 million software developers around the world delivering software with very high velocity with higher quality than ever before."