The culture of DevOps, the security focus and the efficiency it can create are not fully grasped, members of Protocol's Braintrust say.
Good afternoon and happy new year! We have a lot in store for Braintrust in 2022, and we’ll be in your inbox a bit more frequently moving forward. For this first edition of the year, we asked executives about what people don’t typically understand about DevOps. Questions or comments? Send us a note at firstname.lastname@example.org
Senior Vice President of Engineering at Netlify
DevOps isn't a role; it's a culture. One major area this is shown is with teams building modern sites and apps, where DevOps practices are blended and simplified. Developers today can quickly innovate because of the rising practice of codifying solutions for development operations (CI/CD, APM (Application Performance Management), scaling, security). Previously this used to be performed by a different person or, more recently, by another team. Most modern websites are developed with DevOps culture as an integrated part of the product lifecycle. With the rise of the Jamstack architecture, we see these operations made even more straightforward for web developers in a clear workflow with low friction and areas of concern separated. This architecture allows innovation velocity to increase and for web developers to go from idea to cloud in seconds. Most websites don't need full-stack, elegantly complex architectural solutions. This means most companies don't need large dedicated DevOps teams but rather DevOps practices that are incorporated and simplified for their web development team. DevOps shouldn't be one person's concern. It should be an integrated part of your engineering culture to have the most significant impact.
CEO at HashiCorp
The biggest constraint to the adoption of DevOps — the ability for dev teams to quickly iterate their applications — is in fact one of team organizational structure.
This is a key learning pioneered by the cloud-native companies: Rather than requiring each development team to learn the nuances of cloud operations, instead, a small ‘platform’ team is created — and that is really the enabler of DevOps. This team is tasked with defining the core elements of how those teams build and deploy applications in a consistent manner. Then, more importantly, they address the requirements of ops, security and networking upon deployment to cloud infrastructure. This is a contrast to the traditional model whereby each dev team interfaces to the ops, security and networking teams (all of which are independent entities with their own purviews) through a traditional workflow ticketing mechanism.
Paradoxically, the enabling technologies of DevOps are really well understood, but it is organizational alignment that is the constraint. In our experience, it is organizations that adopt the ‘platform team’ construct who excel in the DevOps discipline.
Head of Platform Strategy, Engineering, DevOps and Solutioneers at Unqork
Oftentimes, companies consider DevOps team members to be the next evolution of traditional operations, and structure a DevOps-specific team that reports into IT. Other times, companies hire new team members — often half operations, half software developers — to focus on automation, observability and tooling, and introduce concepts such as service-level objectives (SLO) and error budget. These teams are often referred to as DevOps.
In actuality, companies that truly understand DevOps tend not to use the term “DevOps” at all, nor do they have any "DevOps engineers.” That's because DevOps philosophies, cultures and processes work best when they are ingrained in every role and work stream.
Companies that genuinely understand DevOps understand it's not a siloed team or function, but instead a new way of doing business that brings with it a new culture, new processes, embedded SREs, a hyper-focus on automation across the board, a service-based architecture, specific SLOs and an associated budget. This approach also facilitates operational rigor: Software teams act as first responders on service issues, thorough root cause analyses result in clear Do Not Repeat action items, and error budgets force teams to resolve existing issues before launching more features. Companies that adopt this streamlined approach will see DevOps reach its fullest potential and be able to deliver a measurable positive impact to the business and true value to customers.
Co-founder and CEO at LaunchDarkly
Many don’t yet understand that though DevOps provides stability and happiness to the core practitioners, the ultimate value of DevOps is for the entire business.
DevOps is intended to unite Developers (building code) and Operations (running code) with a shared mindset that no code is done until it’s deployed and available for a user. The old model of “throwing code over a wall” led to long release cycles with unstable functionality. DevOps allows for not just smoother releases because both developers and operations are working together, but happier teams because issues are easier to track and fix, as well as faster cycles that lead to true business value.
I recently did a webinar with Patrick Debois, the founder of the first DevOps Day conference in 2009, and co-author of "The DevOps Handbook." We talked about how liberating it is for businesses to be able to break down releases to get to a continual state of “we can ship when we want to.” Instead of a release being a “push and pray” of uncertainty, DevOps allows developers and operations to confidently release upgrades and new functionality. This results in a continual value stream where not only can bad issues quickly get addressed but well-received functionality can also be quickly amplified.
Ultimately, it’s easier to hire and retain technical employees if they have a stable foundation to build on, and businesses can implement the functionality they need to satisfy their stakeholders. Everyone wins with DevOps.
VP Internet of Things Group / GM Developer Enabling at Intel
With the surge in demand for IoT applications, developers need to be able to overcome complex requirements, unique connectivity needs and disparate edge infrastructures. As IoT and cloud intersect at the edge, there are even more opportunities to get rich sets of real-time or near-real-time data, apply AI to figure out how to use that data and be able to process the data and apply AI in a way that uses cloud innovation. That’s why DevOps is increasingly more valuable, and arguably, a catalyst for enabling business transformation. Leaders should prioritize DevOps because of how it combines people, process, automation and collaboration across product, engineering, security, IT, operations and other teams to help better achieve higher-quality software with a shortened development time. Organizations need to optimize for the whole system and improve the speed and stability of software development and deployment – successful implementation of DevOps may be the key to finally unlocking transformative technologies.
CTO at Puppet
Too many people think DevOps is useful only to increase the speed and agility of software development and delivery. They assume (incorrectly) that increased momentum is at odds with good security practices, and overlook the profound impact that DevOps can make on the development life cycle. In fact, the DevOps principles that drive good outcomes for software development — culture, automation, measurement and collaboration — are the same principles that drive good security outcomes. It is possible to achieve speed without sacrificing security. It starts by rethinking how security fits into your delivery workflow.
Puppet’s data from the 2021 State of DevOps Report proves that good security practices and better security outcomes are enabled by DevOps practices. As DevOps practices improve, DevSecOps naturally follows. Organizations with the most highly evolved DevOps practices have shifted left, with the majority integrating security into requirements (51%), design (61%), build (53%) and testing (52%). In contrast, for most organizations in the middle stages of their DevOps evolution, security is involved only when there’s a scheduled audit of production (48%) and when there’s an issue reported in production (45%).
Security is top of mind for most people this year with the dramatic rise in ransomware attacks and steady drumbeat of vulnerabilities (Log4j continues to keep people busy). Making security part of your development workflow is key to staying ahead, alongside other good security practices as well. The more security is woven into the best practices of everyone’s job, the easier it is to maintain your desired deployment velocity as well as ensure solid security practices. DevOps helps achieve that balance, but, as our data shows, it requires top-down buy-in throughout your organization.
President at VMware
With DevOps, there is no one-size-fits-all solution and it is practiced in a consistently inconsistent manner. While there is nothing wrong with it as all functions within an organization are structured based on the organizational needs, most functions have a clear mandate that has been established over decades — developing software for developers, selling for sales, creating demand for marketing or supporting customers for support. We believe DevOps is the glue that creates a better developer experience, drives faster velocity for software delivery or provides better up-time. This is what we strive to enable with our Tanzu portfolio of solutions that our customers love to use as they build their next generation of modern applications using multi-cloud.
Head of Product, DevOps at Atlassian
People often think that they can buy a piece of technology and - boom, they have enabled DevOps. However, DevOps is first and foremost a culture and a way of working. You can’t just buy your way into it. Companies need to shift from tool-first thinking to team-first thinking. Instead, organizations should focus first on ensuring they can bring teams together and foster a culture of transparency and collaboration, and then implement DevOps tooling. Knowledge sharing, collaboration, and the ability to fail without reprisal are some examples of culture changes teams can start with. Technology can play a part too, particularly as DevOps teams use dozens of different tools on a daily basis. Teams should look for ways to keep their tools connected and integrated by using automation and integrated solutions to deliver business value quickly, safely and repeatedly and reap the rewards of DevOps.
Staff Developer Evangelist at GitLab
While DevOps is typically associated with collaboration, DevOps alone doesn’t go far enough to help an organization work cohesively together — since marketing, security, product managers and other teams are often left in silos. Companies need to ditch these “DIY tool chains” and instead use DevOps platforms as a single place for communicating and solving problems. Using a platform lets all teams plan, build and deploy software with full visibility into everyone’s work — not just developers.
Kevin McAllister ( @k__mcallister) is a Research Editor at Protocol, leading the development of Braintrust. Prior to joining the team, he was a rankings data reporter at The Wall Street Journal, where he oversaw structured data projects for the Journal's strategy team.
More from Braintrust