From a focus on improving software delivery to discussing the metrics teams need to keep track of during periods of elevated traffic, the world of enterprise IT has been abuzz with exploring questions around DevOps, as it has been for the past few years. The idea of more frequent deployments, thereby getting to business value faster, is simply too appealing for enterprises to ignore.
As Gartner states: “With digitalization, there is a critical need to support businesses that must operate at higher speeds and with greater agility. This has resulted in DevOps growing quickly and becoming key to many organizations in their pursuit of competitive advantage.”
As an open-source company with a global community of thousands of developers, Liferay has been at the forefront of addressing developer demands for a more streamlined release cycle. In this eWEEK Data Points article, Fernando Areias, CEO at Liferay Cloud discusses the five trends he sees reshaping the world of DevOps.
Data Point No. 1: DevSecOps
DevSecOps refers to the increasing practice of bringing security teams in as active participants in the application development process, not just when an application is deemed “finished” by a development team. While less relevant to small startups, DevSecOps is an important practice for organizations with stringent security and compliance concerns, such as enterprises (particularly in financial services and healthcare) and government agencies.
The challenge is that development and security teams have historically operated separately, with the latter often only made aware of a new business application when it is ready to go live. In many cases, security would then veto the application for not having met compliance standards–thereby rendering hundreds of developer hours wasted and causing friction between teams.
The practice of DevSecOps seeks to change this by adding mandatory security checks into key points in the development process so that by the time an application is finished it has already been thoroughly vetted. As a result, potential problems are addressed early and problematic applications are rejected before a great deal of work has been sunk into them.
Data Point No. 2: Continuous delivery
Code freezes and packaged releases may soon go the way of the dinosaur. That’s because continuous delivery and its close cousin continuous deployment (in both cases code is always ready to be pushed to production, in a continuous delivery model this is done manually, whereas with continuous deployment it is automatic) are increasingly becoming standard operating procedure for development teams. Traditional release cycles are incredibly inefficient. They require code freezes to go into effect at set times intervals, at which point developers have the option to either sit on their hands and do nothing, or move on to another projects, so that code contributions can be hardened and packaged into a release.
Continuous delivery enables a more streamlined, efficient deployment process whereby code is automatically pushed to a non-production environment to run through a continuous series of tests meant to mirror a production deployment. In other words, rather than wait for large releases to go out infrequently, continuous delivery entails teams pushing out smaller, more frequent, releases. This process allows for software to get into the hands of users faster and for teams to gather feedback more quickly, ultimately resulting in faster time-to-market and greater business value.
Data Point No. 3: Cloud
It’s no secret that we continue to see the migration of ever more enterprise workloads to cloud environments. Far from being immune to this trend, DevOps benefits from–and often drives–cloud adoption in the same way that the process derives gains from continuous delivery: by increasing the efficiency of development teams. For example, developers can actively provision resources with just a credit card and the push of a button. Similarly, standardized governance procedures within a cloud deployment allow users to use their own test environments without needing to seek additional approvals.
Data Point No. 4: Increased Awareness
In this day and age, it’s hard to come across an IT manager or engineering director that’s not familiar with the concept of DevOps. That wasn’t true as early as five years ago. We live in a world in which DevOps methodology and best practices are actively exchanged and debated online, in small meetups and at established IT conferences. That’s great for driving results, but it also presents businesses with their own share of risks, because a more nimble competitor can leverage the collective wisdom of the global developer community to beat them to market without sacrificing reliability or stability.
In other words, when everyone knows about DevOps it switches from being a competitive advantage to a potential liability if not properly applied (or not applied at all).
Data Point No. 5: Automation
Automation lies at the heart of DevOps. In order to empower developers to do more directly, certain repeatable processes have to be automated so they can be executed without manual input. To illustrate, under continuous delivery code is automatically pushed to successive test environments which are, in turn, automatically provisioned. Once there, certain checks (compatibility, functionality, performance, etc.) are performed on the code in an automated fashion without requiring a developer’s time.
These methods are already being used today, what’s changing is the breadth of functionality that can be automated. For example, with the rise of multi-cloud environments the future will likely see test environments provisioned in interoperable environments across cloud deployments. Drawing on DevSecOps best practices, security checks are also likely to need less manual input from human security and compliance teams, relying instead on a series of automated tests. None of which is to suggest that the human element will entirely disappear. Successful DevOps execution relies on clear communication between teams. It’s just that the gray areas where humans need to be directly involved for manual approvals will increasingly diminish.
If you have a suggestion for an eWEEK Data Points article, email cpreimesberger@eweek.com.