CI/CD / DevOps / Security / Sponsored

DevOps World: DevOps Moves to Resilient Collaboration

7 Oct 2020 1:20pm, by

Is DevOps a lifejacket in times of crisis or does crisis mode accelerate DevOps? The theme of this year’s conference was “accelerated resiliency.” Frankly put, if organizations aren’t focusing on resiliency, they may have difficulty competing.

That was one of the issues put before the media panel at this year’s DevOps World, CloudBees’ annual user conference. Attendees enjoyed an enthusiastic discussion among Tracy Miranda, executive director of the Continuous Delivery Foundation; Amit Bhandarkar, director of engineering at American Express Global Business Travel; Gerard McMahon, head of cloud center of excellence at Fidelity Investments; Mitch Ashley, CEO of Accelerated Strategies Group; and Sacha Labourey CEO of CloudBees.

As Labourey put it in our pre-conference interview, “DevOps has been perceived as winning competitively, but before that, it’s about being resilient.”

So how does DevOps increase resiliency? And where will it take us over the next couple of tumultuous months? Here we share some of the panel’s perspectives and predictions.

Does DevOps Cause Resiliency or Benefit from Dire Times?

Accelerated Strategies Group and CloudBees released a survey on the Future of Remote Work and Software Development. This research found that since the impact of COVID-19 earlier this year:

  • 63% of organizations increased the priority of and investment in digital transformation projects
  • 52% increased their acceleration to the cloud
  • 62% increased their investment in automation
  • 46% expanded cross-functional teams

In addition to these numbers, organizations have significantly increased the application of DevOps and agile practices including daily stand-ups and asynchronous communication. Collectively, these results show that DevOps has accelerated in direct response to the pandemic.

It’s uncertain if DevOps practices led to resiliency in response to rapid change, or if the scramble to rapidly respond to the crisis at hand resulted in a broader adoption of DevOps.

Organic collaboration is the trademark of DevOps, and said that the pandemic has been the true stress test for the core principles of DevOps, Miranda said. It seems to have passed that test with flying colors.

A Zoom chat with give people

One reason is that the COVID-19 pandemic forced cloud migration forward, Bhandarkar argued, is because “now that everybody’s working remotely, you are part of the cloud.” The Platform-as-a-Service “is portable by virtue of being built for the path.”

He says there are many factors that go into choosing your DevOps tooling, especially with often limited budgets and zero face time. He says decisions come down to an organic set of criteria, which is a blend of feature sets and guarantees of reliability and security.

“And since DevOps improves the quality of the end product and support, it enables security and accelerates time to market. It is one of the best ways to solve these increasing demands from customers,” he said.

There Is No Future of DevOps without Broader Pipelines

McMahon says soon DevOps acceleration will take us from agile to agility, asking: How do we scale up and scale down? Securely can be the only modifier to any scaling or resiliency planning.

While DevOps has broken down the silo between development and operations, it has unintentionally built one from the rest of the organization.

Miranda rests broader DevOps adoption on providing clarity, accessibility, and, where possible, simplification of what DevOps even is to all its direct and indirect stakeholders. These must include all the different functionalities and roles involved in the development process, including user experience and other customer-facing roles.

And in order for DevOps to accelerate further, chief information security officers and chief information officers must be included.

Extremely distributed, containerized systems have left some holes in their wake — especially in security. Bhandarkar predicts a demand for “Tools to patch and repave containers on the fly.”

He says there has been sophisticated patching for VPNs and servers, but now it’ll be applied to container security.

“I’ve seen the marketplace evolve — it’s not that the tooling isn’t there, it’s just that the adoption isn’t there,” Bhandarkar said.

This will be part of an overall maturation of containerization. He expects to see a broader integration of security controls plugged into DevSecOps.

Both Bhandarkar and McMahon are in leadership roles at highly regulated financial institutions. They both predict an increased demand for automating the governance process within the CI/CD pipeline and for greater education within enterprise security teams. In 2020, auditors need to understand what it means to be in the cloud and how that evolves their policies and practices.

McMahon says this will drive a sort of “self-compliance” where people are using services that are inherently compliant by the nature of the application. He sees a louder call for logging and instrumenting tools that can produce an audit report from an application, simplifying a still arduous, high-touch process.

When asked about his CI/CD wishlist, Bhandarkar says consolidated security tooling tops it.

He said, “We have some really great quality scanning tools that have some security scanning features, and then there are great security tools that have really poor scanning features — nobody that does both.”

McMahon built on that by saying all of these tools are on a critical path toward higher levels of availability.

The next level of DevOps accelerated resiliency and automation must integrate post-deployment activities, including security checks.

Bhandarkar says the vast majority of CI/CD pipelines conclude at deployment. They may have automation implemented post-deployment, however, it’s not integrated with the rest of the pipeline.

He says at Amex, they are “trying to figure out, besides just validating the change, what else does the post-deployment team do? Depending on that validation, what other actions can be triggered? You want certain conditions to be evaluated. If certain conditions fail, you develop an auto-rollback.”

Whether, as Miranda put it, the DevOps-driven collaboration is organic or not, it’s clear that cross-silo collaboration is what will take organizations to the next level of resiliency in 2020 and beyond.

A newsletter digest of the week’s most important stories & analyses.