JAX DevOps Blog

JAX DevOps, 14-17 May 2019
The Conference for Continuous Delivery, Microservices, Docker & Clouds
20
Mar

There is no ‘Waze for DevOps transformation’

DevSecOps should be a priority

DevSecOps needs to be a priority. Source: Unsplash

DevOps is all about collaboration but it’s not always easy to put theory into practice. After we’ve solved this dilemma, we need to get past the “What is DevOps?” question and answer “Where do we start?” instead. We invited Mike D. Kail to clear things up for you.

JAXenter: Who is leading the DevOps show? Develops or operators?

Mike: The first tenet of DevOps is “Collaboration”, meaning that it’s about self-organizing teams and moving away from the concept of an individual or group “leading the show”.

JAXenter: The focus is slowly shifting from “What is DevOps?” Where do we start?”. How do we answer the second question?

Mike: The second tenet of DevOps is “Automation”, so I would first start with the basic manual tasks that can be automated, measure the productivity gains, and continue along that path. I will also add that ensure that the tasks that you automate are actually needed, meaning that they will serve to increase productivity and efficiency.

Ensure that the tasks that you automate are actually needed.

JAXenter: How important is it to incorporate security into DevOps (DevSecOps)? What are the benefits? Should it be a priority or an afterthought?

Mike: Given the “rise of the developer” and the continued increase in delivery velocity, it is paramount to “shift left” and seamlessly embed security testing into the entire software development life cycle. Two key benefits of continuous security testing and scanning are increased security assurance and visibility into code lineage and delivery pipelines. Security needs to move from being an afterthought, or mildly important, to a key priority if organizations want to have any hope of leveling the playing field against malicious hackers.

JAXenter: How important is automation in a DevOps context and what are the areas where automation is really needed?

Mike: The cultural transformation of DevOps is to streamline existing tasks and processes and move to a world where everything is continuous; Continuous Integration, Continuous Deployment, Continuous Delivery. Automation is a key component of making that a reality and every area along the way from commit to build to delivery should be assessed for where automation can be implemented.

JAXenter: Should testing become an essential component of the CI/CD pipeline? Are we underestimating its importance?

Mike: As with security, the testing phase of the CI/CD pipeline needs to leverage automation and measurement of results and testing effectiveness. I don’t think the importance of testing is underestimated, I just believe that it is sometimes bypassed in order to not decrease delivery velocity, mostly because it tends to be manual tasks. Automation will help reduce or remove the friction on velocity.

JAXenter: Some companies are still struggling with DevOps metrics. What are the key metrics that matter and how can they enhance DevOps success?

Mike: Every key initiative has 3 basic components: People, Process, and Technology. The latter two are the easy part, so the people part is what you want to spend a decent amount of time measuring. A couple of standard metrics that can be applied are: LTV (is the employee adding value over time by increased contribution and engagement) and Churn (are you able to retain key talent). Process metrics will continually evolve, but the initial key metrics are: time to build and deploy, time to rollback/remediate, number of deployments per day/week, and incident response time.

JAXenter: How important is it to not skip steps in the DevOps transformation cycle? What are the steps that companies and/or teams usually ignore or underestimate?

Mike: My view of DevOps transformation is that it is a continuous evolution/journey, not a destination that has a predetermined route. There is no “Waze for DevOps transformation”. There are plenty of poster children for DevOps transformation (Netflix, Etsy, etc…) and going back to a previous answer, companies tend to underestimate the challenges around people and removing cultural inertia.

JAXenter: Do you think the abundance of DevOps tools has helped or slowed down DevOps adoption?

Mike: Much like with the cybersecurity sector, the overabundance of tools and point solutions tend to create (more) Fear, Uncertainty, and Doubt (FUD). A good analogy is purchasing a large piece of furniture from IKEA and then attempting to assemble it. The sheer number of parts and pieces is overwhelming and serves to add to the aforementioned cultural inertia.

JAXenter: There’s a huge demand for DevOps professionals. What skills do you need to have in order to tap into the perks that accompany the job description?

Mike: I’m really not a fan of using DevOps as job title or function. To me, it’s about a culture or methodology, and you should look to hire professionals that understand the core tenets of that culture, which are Collaboration, Automation, Measurement, and Sharing (CAMS). The truly great additions want to continually evolve and always look to automate and measure wherever and whenever possible.

Thank you very much!

JAX DevOps Microservices Track Sessions:

Behind the Tracks

BUSINESS & COMPANY CULTURE
the process of becoming fully agile
CLOUD PLATFORMS
Cloud-based & native apps
DOCKER & KUBERNETES
Docker, Kubernetes, Mesos & Co
CONTINUOUS DELIVERY
Build, test and deploy agile
MICROSERVICES
Maximize development productivity