ShiftLeft released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity.
DEVOPSdigest asked experts across the industry – including analysts, consultants, vendors and even users – what they think is the most important cultural change an organization can make to ensure DevOps success. The result is a broad range of answers that delves deep into what DevOps is really all about. Part 5 provides some final recommendations you may not have considered.
34. COMMON TOOLSET
It is important for the teams to use the same toolset for tracking development and operations tasks as well as for managing their environments so that everyone is looking at the same data at all times These practices can indeed help in breaking the silos between Dev and Ops.
Program Director, Product Management - IBM APM
DevOps processes and tools focus mostly on build-release-test-configure part of the DevOps world. I have learned that transparency of deployed solutions is a key ingredient that ties the operations and development teams together. When both teams are looking at production deployment through the same pane of glass that exposes performance and potential problems, the collaboration between the two worlds is significantly increased.
Co-founder and Head of Product, Plumbr
Embrace automation. As your teams collaborate more around processes they need to become natural "automators" that automate the everyday so the rest of the team can focus on the innovation for tomorrow.
ARA Evangelist, Automic Software
Understanding and accepting the role of automation. While this may seem to be a technical issue, at its core there is always a significant cultural change that comes with automation. Compressing release cycles is made possible by automating repeatable tasks and managing exceptions as opposed to process. It is at the heart of DevOps. But it requires a cultural change that goes beyond the implementation of tools – it forces the collaboration between developers, testers and operations that will break down what are often very siloed organizations. In a way, automation is the change agent to build the culture of cooperation needed to make DevOps a reality.
SVP Delivery, SOASTA
For DevOps to become a reality, developers need to pay close attention to the operational challenges faced in deployment of applications. By embracing methodologies such as software-defined visibility, advanced automation techniques can be employed by developers to not only gain visibility into data-in-motion in their infrastructure but also avoid building IT silos. Nowhere is this more important than in the devsecops world, where security orchestration across multiple stacks can be accomplished by developers using such a paradigm.
VP of Product Management, Gigamon
Ask for metrics. DevOps emphasizes measurement of key performance indicators followed by continuous improvement. Getting the teams to focus on metrics at the beginning is important to enable this process.
37. CENTRALIZED CLOUD STRATEGY
The top culture change to make DevOps a reality is create a centralized cloud strategy for a cloud service platform that turns the CEO's digital transformation vision into reality. All the Digitally charged initiatives are dependent on a solid cloud strategy yet most company's have hybrid cloud services by happenstance. Top performers interviewed for iSpeak Cloud, built a cloud service platform based on the principles of DevOps as the CORE tenant of Digital Transformation. The governance team for the CSP was comprised of leadership across critical roles in the company not just IT to enable impacting budgets and business case before they were decided. Services were categorized to ensure streamlining manual processes such as security reviews, automating change, incident, and first level self healing. The platforms were built on open source with orchestration and integration to current tools for ITSM as a tenant. This approach automated onboarding and reviewing services created from shadow IT processes. It also provided a voice and input from the business to reduce the recurrence of Shadow IT by having input into the solution.
Strategist and Author, iSpeak Cloud
Ensure that security testing is integral to DevOps. Often security testing is run by a separate group for compliance reasons. But, this doesn't mean that it should be performed outside of the DevOps process. In fact, incorporating security and compliance requirements into the DevOps processes can generate a big return in terms of security and compliance outcomes.
Security teams need to adapt and optimize their business processes for DevOps. They need to make it fast and easy for DevOps to develop code and run it safely. Today, most security teams still require DevOps teams to use security controls that are slow and manual. One great example of challenge is the use of encryption: it can take days and multiple security approvals for DevOps to get publicly trusted certificates for their code and services. Automating the process making keys and certificates available through an API service is a fundamental improvement that can make the lives of DevOps teams much better. Automating this slow, manual process will dramatically improve the speed of DevOps teams while, at the same time, improving security and policy compliance. This is DevOpsSec.
VP of Security Strategy and Threat Intelligence, Venafi
39. TRANSFORM THE ORGANIZATION
Culture is germane to the success and ethos of DevOps, however, to paraphrase Frances Hesselbein, you don't change culture, you transform the organization. (Culture follows naturally). Challenge the norms, flatten hierarchy, and aggressively adopt people-centric technologies that drive transformation, and change behavior.
Chief Evangelist, Moogsoft
40. FOCUS ON END USER EXPERIENCE
The most impactful culture change needed to make DevOps a success in any organization is a shift in focus from simply "running infrastructure" and ensuring "uptime," to true application performance and the end user experience. When an IT team is aligned behind these two factors, they naturally collaborate, think about performance metrics differently and find new ways to make things work well. There will also be a sense of urgency that makes it easier to introduce short sprints and other process improvements.
VP, Product Marketing and Strategy, SolarWinds
41. FOCUS ON THE CUSTOMER
DevOps means breaking down silos to improve collaboration, bringing specialists together to create multi-skilled teams, and creating an environment in which it's safe to fail. However, all these changes are really in service of the biggest change needed for DevOps success – aligning everyone to the customers' needs. Ultimately, DevOps means bringing the whole business together in service of delivering value to the customer.
Lucas A. Welch
Director of Communications, Chef