As automation touches more of your organization, security will be far from automatic. Bots’ privileges need close scrutiny, for example.
10 bad DevOps habits to break
Some common DevOps practices can turn into bad habits. Nip them in the bud now for greater success in 2018
6. Counting too much on one DevOps tool
SPR: "One of the worst habits to keep a company from succeeding at DevOps is when they think a tool is their ‘DevOps solution.’ It’s not a tool. Instead, DevOps is a continuation/maturation or illustration of an evolved, iterative development methodology. Modernized operations teams that take advantage of automation are great, as are the automation tools commonly used by successful DevOps. However, the tools alone do not make DevOps. DevOps is a mix of culture, process, and tools – with the tools acting as support for both culture and process.”
7. Failing to automate security
Red Hat: “Security's still too much of a silo in DevOps; some of us use the DevSecOps term to remind people of this. You can do something about it though. Invite your security people to tell DevOps teams about their concerns. Involve them early on when developing new applications or implementing new tooling. Automate security processes as much as possible – shifting them ‘left’ (earlier) in the development pipeline. And work to create a security mindset in your developers. Most will never become true experts in security but, by involving them in security exercises, you can help to encourage an environment where security is everyone's job.”
8. Making DevOps one person or team’s job
Perfecto: “The leading derailment factor is assigning DevOps responsibility to one person or team. For me, Agile and DevOps is about improving team productivity to deliver more. In order for DevOps transformation to truly succeed, everyone should be involved and engaged. Teams will gradually change how software is built and maintained. This changes how you plan, evolve the architecture, and alter development and testing. In addition, you will also be changing how you deploy, monitor, and support your customers. This is why DevOps needs a full organization transformation – not just for individuals or team assignments. To kick this habit in the new year, assess the responsibilities of developers. Expand their role to also include streamlining deployment, monitoring and customer escalation issues. Redefine success from feature shipped to satisfied customer.” (For more perspectives on this topic, which still stirs debate in the DevOps community, see our earlier article, DevOps Lessons Learned. )
9. Not following through
Day Translations: “We accumulated some bad DevOps habits in our quest to develop new products and roll out projects faster. Our worst ones are not defining requirements to the core, not following sprints, and not understanding delays in the dev cycle. In 2018, we’ll be following an agile process and assigning a time for feedback and suggestions from the right parties at the right stage in the project.”
10. Failing to secure the entire DevOps pipeline
Red Hat: “Regarding security, secure the supply chain too. It's not just about worrying that your product/application in production is secure from attack, but that the supply chain of third party components and tools in the DevOps pipeline are also secure and deployed and maintained securely. Also for 2018 the idea of anti-fragility will gain greater awareness. The idea here is not about deploying systems/applications that are incapable of breaking/crashing but instead to assume they will, and even purposefully make them fail, so as to see how the system responds and self-heals. Think of Kubernetes autoscaling or auto relaunching failed pods.”
[ For more advice from your peers, see our comprehensive resource, DevOps: The IT Leader's Guide. ]
Want more wisdom like this, IT leaders? Sign up for our weekly email newsletter.