DevOps Drives Continuous Improvement in Agility, Automation and Security
Three strategies vital to fulfilling digital demand's accelerated growth
February 16, 2021

April Hickel
BMC

Now more than ever, agile application development strategies play a pivotal role in providing the experiences companies need to compete in today's volatile economy. It's been estimated that COVID-19 accelerated e-commerce growth by four to six years — acceleration largely powered by the digital experiences provided by new releases of apps and services. Customers are demanding new and improved business applications at every turn, leaving organizations clamoring to comply.

The advent of smart phones and other mobile devices has always enabled people to stay connected, but COVID-19 has taken this connectivity to the next level. Looking at the financial and payment industry from January to June 2020, investment app activity showed 88 percent growth, payment app sessions increased by nearly 50 percent and banking and payment apps sessions increased 26 percent globally.

In this quest to quickly deliver quality apps and services while providing a superior customer experience, DevOps is proving critical for modern enterprises, giving them the ability to adapt quickly to customer demand and cultural shifts, automate throughout the software delivery lifecycle (SDLC), and heighten security of the data and infrastructure vital to application development.

1. Agility Through Collaboration

This need for continuous improvement crosses platforms, especially as more and more applications require integration of front-end interfaces with mainframe backend services. When looking at application development on the mainframe, 78 percent of respondents to BMC's annual mainframe study stated they would like to update applications built on the platform more frequently.

With this cross-platform collaboration comes the need for transparency. Development teams must be aware of each other's processes, workflows, and, most importantly, progress on shared projects. This transparency is a key component of the DevOps cultural shift — encouraging cross-team collaboration toward a shared goal vs. individual ones.

Before a project begins, teams come together to understand the purpose of the project, clearly define objectives and tasks, and agree upon roles and responsibilities. As the project progresses, there must be continuous feedback loops and communication. Teams working toward a common goal, with knowledge of each others' processes and a clear view of responsibilities and progress, enable organizations to see where improvements can be made, bottlenecks avoided, and services connected to best meet growing (and changing) digital demand.

2. Automate, Automate, Automate!

The central tenets of DevOps — increasing development and deployment speed, quality, consistency, and reliability — are enabled by automation throughout the SDLC. Automation frees developers from manually executing repetitive and time-consuming tasks, giving them more time to concentrate on strategic tasks that deliver value to the business and its customers. Executing these tasks in repeatable, scalable pipelines helps ensure quality and consistency while codifying best practices.

Modern tools enable automation and impact analysis practices throughout the DevOps infinity loop. For example, source code management tools can help development teams analyze, build, and deploy applications by showing how code changes will impact software build and deployment.  They enable parallel development by tracking multiple versions of code, and by integrating into automated CI/CD pipelines to automatically build and deploy.

Likewise, automated testing impacts nearly all aspects of the development team's role. Automated unit testing helps detect quality issues quickly, reducing the time between code creation and bug discovery; developers can revamp code while it is still fresh in their minds and before additional changes have been added. Automated regression testing ensures that existing code continues to work as expected while automated integration of end-to-end testing ensures the entire system continues to work.

Manual building and monitoring of the tools and processes used to automate the SDLC can be a herculean task. Automated workflow orchestration tools play an overarching role, making workflows easier to build, monitor, modify, and helping diagnose DevOps pipelines. These orchestration tools allow automated hand-offs between development and operations teams, which saves significant time. It also provides key transparency, offering an end-to-end view of data and workflows across platforms and teams.

In short, automation propels DevOps practices by empowering developers, simplifying cross-platform development workflows, and helping to increase the velocity, quality, and efficiency of software deployment.

3. Securing your DevOps practices from the start

As recent security breaches have shown, the more sophisticated the architecture, the more hackers will rise to the occasion. Respondents to the Mainframe Survey cited security and compliance as their number one priority, and with good reason. Within the first six months of 2019, more than 3,800 publicly disclosed breaches exposed an incredible 4.1 billion compromised records. And a loosely based security approach as part of your DevOps framework leaves a clear path for malicious hackers to access sensitive test data and systems.

As new features and products are developed more quickly, and the number of cross-platform integrations increases, system and data security must be monitored and assessed to ensure that organizational standards are met. Organizations need a security approach embedded within their DevOps toolchain from the start vs. bolted on at the end.

Looking at this theory in action, one large US-based financial institution has created a security board of excellence within their cloud-based development organization that conducts a comprehensive security review as part of the user story review process. Once the security representative provides council on the soundness of the development approach, their security assessment is put through a peer review process and subsequent approval. Again, culture plays a big part here — all parties agreeing to this approach, adhering to SLAs, and close cross-collaboration all play key roles in its success.

On the infrastructure side, periodic vulnerability and compliance checks are critical to strengthen the integrity and security of sensitive data. Modern security tools automate detection and response to security threats providing real-time alerts of threats and reports on system security—a proactive approach to preventing breaches. The key is to ensure these security systems do not remain siloed with the systems and platforms they protect. Integration with your organization's security operations center (SOC) is critical to detect and strengthen potential weak spots created by new features and services.

Overall, code and system security must be continuous and comprehensive, detecting new threats and responding to existing ones throughout the design, development, and deployment of software.

An Investment in the Present — and in the Future

In today's rapidly changing digital economy, companies are under intense pressure to provide innovative new features and services as quickly as possible while maintaining the quality and security standards their customers expect. Adoption of DevOps practices, with its enablement of rapid adaptation, broad application of automation, and support of security practices, gives organizations the ability to meet customer needs in this constantly shifting environment. Baking these three strategies into your DevOps toolchain not only maintains your current competitive edge, it also prepares your organization for the challenges and demands of the future.

April Hickel is VP, Intelligent Z Optimization and Transformation, at BMC
Share this

Industry News

March 18, 2024

Kubiya.ai announces the launch of its DevOps Digital Agents.

March 18, 2024

Aviatrix® introduced Aviatrix Distributed Cloud Firewall for Kubernetes, a distributed cloud networking and network security solution for containerized enterprise applications and workloads.

March 18, 2024

Stride announces the general availability of Stride Conductor, its new autonomous coding product that transforms the software development landscape.

March 14, 2024

CircleCI unveiled CircleCI releases, which enables developers to automate the release orchestration process directly from the CircleCI UI.

March 13, 2024

Fermyon™ Technologies announces Fermyon Platform for Kubernetes, a WebAssembly platform for Kubernetes.

March 13, 2024

Akuity announced a new offer targeted at Enterprises and businesses where security and compliance are key.

March 13, 2024

New Relic launched new capabilities for New Relic IAST (Interactive Application Security Testing), including proof-of-exploit reporting for application security testing.

March 12, 2024

OutSystems announced AI Agent Builder, a new solution in the OutSystems Developer Cloud platform that makes it easy for IT leaders to incorporate generative AI (GenAI) powered applications into their digital transformation strategy, as well as govern the use of AI to ensure standardization and security.

March 12, 2024

Mirantis announced significant updates to Lens Desktop that makes working with Kubernetes easier by simplifying operations, improving efficiency, and increasing productivity. Lens 2024 Early Access is now available to Lens users.

March 12, 2024

Codezero announced a $3.5 million seed-funding round led by Ballistic Ventures, the venture capital firm dedicated exclusively to funding entrepreneurs and innovations in cybersecurity.

March 11, 2024

Prismatic launched a code-native integration building experience.

March 07, 2024

Check Point® Software Technologies Ltd. announced its Check Point Infinity Platform has been ranked as the #1 Zero Trust Platform in the latest Miercom Zero Trust Platform Assessment.

March 07, 2024

Tricentis announced the launch and availability of SAP Test Automation by Tricentis as an SAP Solution Extension.

March 07, 2024

Netlify announced the general availability of the AI-enabled deploy assist.

March 07, 2024

DataStax announced a new integration with Airbyte that simplifies the process of building production-ready GenAI applications with structured and unstructured data.