DevOps Evolution: Many Paths to Success and Failure
September 26, 2018

In a DevOps evolution, there are many paths to success, but even more that lead to failure, according to the 2018 State of DevOps Report from Puppet.


This year’s report reveals the five stages of DevOps evolution and a pragmatic, prescriptive approach aimed at helping organizations get started with DevOps, replicate and scale existing pockets of success and make forward progress in their DevOps evolution. The 2018 State of DevOps Report maps organizations along an evolutionary scale based on how frequently they are using key practices. Organizations that are employing all the practices with a high frequency are highly evolved, or High. Those organizations employing few practices with low frequency are Low, and those doing some practices sometimes are Medium.

Among some of the key findings:

In a DevOps evolution, there are many paths to success, but even more that lead to failure — Every organization is different and for most, the DevOps journey isn’t linear. There are many starts and stops along the way, which can kill early momentum and lead to cynicism. Without a prescriptive path forward, organizations are struggling to scale their DevOps success beyond isolated teams.

On the DevOps evolutionary scale, 80 percent of respondent organizations are Medium. Almost 11 percent are Low and just under 10 percent are High. Though DevOps practices have become mainstream, it’s much harder to make the leap from Medium to High than it is from Low to Medium. Thus, organizations can gain a serious competitive advantage if they concentrate on further evolving their DevOps practices.

Executives have a rosier view of their DevOps progress than the teams they manage — For nearly every practice, C-suite respondents were more likely to report that DevOps practices were in frequent use. For example, 64 percent of C-suite respondents believe that security teams are involved in technology design and deployment versus 39 percent at the team level.

Additionally, 54 percent of C-suite respondents believe their organization automates security policy configurations versus 38 percent at the team level.

Highly-evolved organizations are 24 times more likely to always automate security policy configurations

Automating security policy configurations is a critical practice at the highest levels of DevOps evolution — Highly-evolved organizations are 24 times more likely to always automate security policy configurations compared to the least evolved organizations. This finding underscores how as organizations evolve, security policy becomes a part of operations, not just an afterthought when an audit looms. In other words, teams are automating security policy configurations initially for their own benefit, and as their understanding evolves, this automation evolves to work for the benefit of the entire organization.

"While DevOps practices have become far more well known across our industry, organizations continue to struggle to scale pockets of DevOps success more broadly across multiple teams and departments,” said Nigel Kersten, VP of Ecosystem Engineering at Puppet. "This year's report explores the foundational practices that need to be in place in order to scale DevOps success, and proves that success can only scale when teams are enabled to work across functional boundaries."

“This year’s report findings validate that foundational practices have a profound impact on an organization’s overall DevOps evolutionary journey and are key to scaling successes no matter how mature the DevOps transformation is within the organization,” said Andi Mann, Chief Technology Advocate, Splunk.

About the Report: Puppet has surveyed more than 30,000 technical professionals. This year’s survey garnered responses from more than 3,000 global technology professionals from organizations of all sizes and within multiple industries. It was written by Puppet and Splunk.

Share this

Industry News

February 07, 2023

SonarSource launched SonarQube 9.9 Long-Term Support (LTS).

February 07, 2023

Appdome announced its new Dev2Cyber Agility product initiative and partnership program.

February 07, 2023

Progress announced the completion of the acquisition of MarkLogic.

February 06, 2023

Red Hat announced the availability of Red Hat Ansible Automation Platform on Google Cloud, providing a common and flexible IT automation solution that extends from the cloud, to the datacenter and out to the edge without additional complexity or required skills.

February 06, 2023

Cequence Security has enhanced the testing capabilities within its Unified API Protection Platform with the availability of API Security Testing.

February 06, 2023

Netlify has acquired Gatsby Inc.

February 02, 2023

Red Hat announced a multi-stage alliance to offer customers a greater choice of operating systems to run on Oracle Cloud Infrastructure (OCI).

February 02, 2023

Snow Software announced a new global partner program designed to enable partners to support customers as they face complex market challenges around managing cost and mitigating risk, while delivering value more efficiently and effectively with Snow.

February 02, 2023

Contrast Security announced the launch of its new partner program, the Security Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.

February 01, 2023

Red Hat introduced new security and compliance capabilities for the Red Hat OpenShift enterprise Kubernetes platform.

February 01, 2023

Jetpack.io formally launched with Devbox Cloud, a managed service offering for Devbox.

February 01, 2023

Jellyfish launched Life Cycle Explorer, a new solution that identifies bottlenecks in the life cycle of engineering work to help teams adapt workflow processes and more effectively deliver value to customers.

January 31, 2023

Ably announced the Ably Terraform provider.

January 31, 2023

Checkmarx announced the immediate availability of Supply Chain Threat Intelligence, which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

January 31, 2023

Qualys announced its new GovCloud platform along with the achievement of FedRAMP Ready status at the High impact level, from the Federal Risk and Authorization Management Program (FedRAMP).