What exactly is technical debt? When discussing your organization’s technical debt - and possible changes to it - with various audiences, you need to articulate the key issues in plain terms. Here’s expert advice on how to do that.
4 DevOps trends to watch in 2020
Whether you’re just beginning with DevOps or you’re pretty far down the road, this way of working is about constant improvement. Check out four big trends
3. Tighter relationship between DevOps and security
Security and DevOps have been intertwined topics for several years; in fact, they’ve been “intertwined” because so many leaders and practitioners rightfully noted that security was missing from too many DevOps conversations. As other silos crumbled, security teams too often remained sequestered out of sight or bolted on at the end of the delivery pipeline.
That spurred terms like DevSecOps, which quite literally integrated security into DevOps, at least in theory. (It also fueled debates about whether there comes a point when there are too many buzzwords and acronyms.)
[ Related read: DevSecOps: 4 key considerations for beginners. ]
But that didn’t solve the security question overnight. Moreover, security is not a finish line, but an ongoing area of concern. Expect the new year to bring a fresh chapter on this front, especially as DevOps teams at lower levels, to borrow Iverson’s word, begin to mature and confront the security considerations of faster, more frequent deployments and other DevOps outcomes.
“DevSecOps will be front and center – and medium performers will begin to adopt this practice,” Iverson says.
You can call it whatever you want. DevOps experience and maturity is beginning to heighten awareness of the security issues that attend modern approaches to software and infrastructure – and strategies for addressing those issues.
[ Related read: Multi-cloud: 8 tactics for stronger security. ]
“We expect that the industry will continue to move toward increased security awareness and verification at all points along the software development pipeline,” Komoroske says. “People are becoming more and more conscious about the plethora of dependencies used to build services and software, and the potential for transitive security vulnerabilities. Scanning code during development, scanning [container] images at build time, and observing those containers for malicious behavior when deployed is quickly becoming a requirement for organizations.”
Visibility is key, especially in environments with a growing portfolio of containerized applications (and especially containerized microservices) and distributed infrastructure.
“When given the visibility, organizations are routinely surprised by the things that are deployed into both their development and even production environments,” Komoroske says. “Being able to stay on top of these deployments and having a plan to update them as vulnerabilities are found is a necessity.”
4. IT leaders can’t assume “my work here is done.”
DevOps poses a tricky leadership challenge for CIOs and other execs: While it’s fairly well-established that “command-and-control” styles are antithetical to DevOps culture, that does not also mean that leaders can turn a blind eye to ongoing developments. So consider a handful of parting “resolutions” for the new year – reminders for IT leaders to bear in mind as DevOps evolves in your organizations.
Donato recommends emphasizing (or re-emphasizing) and empowering visibility and collaboration as a means of ongoing process improvement. Donato puts this in the context of Six Sigma and the principle of “first time right.”)
“Start by mapping and documenting [your] processes to understand how [they] really work,” Donato advises. “That creates shared understanding, clarifies priorities, and leads to better technology.”
Iverson notes that IT leaders have a critical role to play in empowering the facets of a healthy culture, from knowledge sharing to staff engagement to an effective management structure. He expects the new year to be a key point of reflection and optimization for many DevOps teams, perhaps especially those that began undergoing significant changes in more recent years.
“IT leaders should look at their organization’s current DevOps capabilities and ensure the work they are currently doing is in alignment with long-term goals and the ‘three ways of DevOps,’ which include flow, feedback, and experimentation,” Iverson says, referring to Gene Kim’s 2012 blog post on key principles underpinning DevOps.
Given that so many teams began exploring DevOps well after 2012, there’s likely a critical mass of organizations ready for this kind of reflection en route to more mature culture and processes. Other fundamentals are also worth revisiting; change is ongoing rather than a check-box, and the need for strong leadership to empower that change remains important.
“Leaders should also ensure plans for change are communicated and transparent so that staff can get on board early and contribute to the change,” Iverson says.
[ How can automation free up more staff time for innovation? Get the free Ebook: Managing IT with Automation. ]