Creating Value for Your Enterprise with Continuous Delivery
Companies that succeed and thrive understand how critical it is to innovate and deliver value to their customers. In the digital economy, this means reducing the time between releases of software. Historically, the time between releases was measured in months or even years, limiting innovation and productivity.
As cloud native software is becoming the norm, customers expect high-quality software and services that meet their needs, keep pace with their market and are reliable and secure. An enterprise that consistently meets these demands creates value by having their teams (the who) do the right thing (the what) at the right time (the when) in the right place (the where, such as in the cloud) by plying their trade (the how).
Creating value for customers requires early and frequent feedback from your customers. This feedback is prioritized and mapped to requirements for teams who develop, test, deliver, support and maintain software. Empowering these teams with modern software development capabilities, including platforms for continuous delivery, helps them quickly respond to this feedback. A rapid feedback-to-response arc yields better customer feedback, which primes a virtuous cycle of iteratively receiving and responding to feedback. This co-creation of the best possible digital experience with continuous delivery (CD) delights customers and creates value.
Cybersecurity is essential to protect the value your enterprise creates as you improve and scale your CD capability. Of course, the software being delivered to customers needs to be secure and validated against appropriate security and compliance standards. However, software delivery pipelines also need to be secure. This means that the CI/CD logins, infrastructure, builds, integrations, tests, platforms and images must be managed with procedures and practices that are reviewed and approved by the security team, including security testing and compliance assurance.
Motivated by a shared mission to satisfy customers, collaboration among teams continuously improves the software they deliver, even though they play distinct roles, possess various skills and see CD from different perspectives. So who are these people? How do they come together to create value with CD? What do they do? And what are their concerns? Let’s start with the people, the teammates on the application development, site reliability engineering and operations teams, to understand what they do and how they do it.
App Developers (AppDevs)
AppDevs are concerned with the delivery of new features and the quality of their software, as assessed by a QA team. They want to deliver frequently and deploy on demand from an integrated automation platform. A gold standard for AppDev teams is to achieve elite velocity by deploying tens to thousands of times per day from reusable software pipelines. Achieving elite stability is equally important. In many markets, this means 99.9% of deployments must work the first time and be equally reliable over time. Thus, elite stability equates to less than nine hours of downtime per year.
AppDevs must balance the benefits of creating value as they write software with the security risks associated with delivering new and innovative products, or updating products that are in production. They depend on security teams for guidance to design, implement and validate the security of “everything as code,” including the CI/CD workflows and the software that moves through them. Thus, part of CD is continuous risk assessment within a risk management framework. As security and privacy are both shifted left within CI/CD pipelines, AppDevs must assure the security and compliance of all code and data, by anticipating threats and addressing vulnerabilities and by protecting configurations and databases. Thus, AppDev teams require significant automation since the target environments (the where) usually are ephemeral from database to application.
Site Reliability Engineers (SREs)
According to Google’s book “Site Reliability Engineering,” SREs know what can go wrong and have a strong desire to prevent it. They focus on scaling software and services and addressing operational issues as they arise. They want to build templates based on application type and deployment target so they can develop reusable modules in their tools. They are measured by their ability to seamlessly deliver applications to production with little or no manual intervention while monitoring key performance indicators (KPIs), and keeping service-level agreements (SLAs). These activities require deep integration of third-party products into the automation platform to generate data about policies, performance and error rates to establish decision support criteria that appear on dashboards.
Customers become unhappy when they can’t do what they need to do because of a software glitch. SREs are responsible for the reliability and stability of software in production to minimize the impact of these glitches. When they happen, quick and effective incident response and short mean time to recovery (MTTR) depend on collaboration with other teams. Elite stability is achieved, and therefore value is created, when your SRE teams maximize uptime and minimize MTTR.
When things go wrong in production, SREs are the first line of defense. Part of this defense is proactive, helping AppDevs with CD to minimize the percentage of deployments that fail. The other part of this defense is incident response to address failures in production, by marshaling the necessary resources to recover from and address the failure at hand. Root cause analysis of such failures is often difficult, however, since deployments from different teams can trigger issues in production that were not present during integration or test.
Ops teams can be technically focused or business focused. Technical ops teams want to create ways for other teams to work efficiently and consistently. They create value by providing secure infrastructure platforms to AppDev, QA and SRE teams, and provide a central point of decision-making for high-level concerns, such as consistent user experience for important features and compliance with security and privacy standards. They work to automate tasks to drive consistency, control costs and simplify software delivery to your customers.
In a world where security is part of everybody’s job, SRE and technical ops teams must also seek guidance and help from the security team. Together they take the application artifacts and infrastructure targets that are continuously delivered and wrap them in security standards to help your enterprise and your customers protect themselves from cyberattacks. By following the NIST cybersecurity framework, for example, these teams implement both proactive and reactive best practices for cybersecurity, inspect traffic and assess threat intelligence with automation to apply the necessary countermeasures when they see anomalies. The platforms, software and target environments should all be managed to expose security policy violations and keep artifacts from being promoted that don’t meet security or compliance requirements.
Business ops teams create value by providing the leadership, management and support that other teams need to succeed. In part, these teams are focused on allocating budget and resources to implement the right platforms for the company to maintain revenue targets, deliver innovative software and services, and build confidence that the company can deliver on roadmap targets to be competitive.
These teams delegate the decision-making about what platforms are necessary to the people closer to maintaining the reliability, stability, security and compliance of the continuous delivery of software. Ultimately, these platforms will increase revenue while reducing the cost and deliver software at enterprise scale.
In conclusion, an essential component of developing a customer- and value-driven culture in your enterprise is selecting the right platforms for CD and ensuring that they provide the feedback needed by your AppDev, SRE and Ops teams. With the right platforms, your teams will iteratively design, implement, align and improve your software delivery pipelines and make it easier to create value for your customers.
Armory enables enterprises to unlock innovation by reliably deploying software at scale, leveraging our enterprise-grade, multicloud continuous delivery platform, and 24/7 expert support.