DevOps Drives Continuous Improvement in Agility, Automation and Security
Three strategies vital to fulfilling digital demand's accelerated growth
February 16, 2021

April Hickel
BMC

Now more than ever, agile application development strategies play a pivotal role in providing the experiences companies need to compete in today's volatile economy. It's been estimated that COVID-19 accelerated e-commerce growth by four to six years — acceleration largely powered by the digital experiences provided by new releases of apps and services. Customers are demanding new and improved business applications at every turn, leaving organizations clamoring to comply.

The advent of smart phones and other mobile devices has always enabled people to stay connected, but COVID-19 has taken this connectivity to the next level. Looking at the financial and payment industry from January to June 2020, investment app activity showed 88 percent growth, payment app sessions increased by nearly 50 percent and banking and payment apps sessions increased 26 percent globally.

In this quest to quickly deliver quality apps and services while providing a superior customer experience, DevOps is proving critical for modern enterprises, giving them the ability to adapt quickly to customer demand and cultural shifts, automate throughout the software delivery lifecycle (SDLC), and heighten security of the data and infrastructure vital to application development.

1. Agility Through Collaboration

This need for continuous improvement crosses platforms, especially as more and more applications require integration of front-end interfaces with mainframe backend services. When looking at application development on the mainframe, 78 percent of respondents to BMC's annual mainframe study stated they would like to update applications built on the platform more frequently.

With this cross-platform collaboration comes the need for transparency. Development teams must be aware of each other's processes, workflows, and, most importantly, progress on shared projects. This transparency is a key component of the DevOps cultural shift — encouraging cross-team collaboration toward a shared goal vs. individual ones.

Before a project begins, teams come together to understand the purpose of the project, clearly define objectives and tasks, and agree upon roles and responsibilities. As the project progresses, there must be continuous feedback loops and communication. Teams working toward a common goal, with knowledge of each others' processes and a clear view of responsibilities and progress, enable organizations to see where improvements can be made, bottlenecks avoided, and services connected to best meet growing (and changing) digital demand.

2. Automate, Automate, Automate!

The central tenets of DevOps — increasing development and deployment speed, quality, consistency, and reliability — are enabled by automation throughout the SDLC. Automation frees developers from manually executing repetitive and time-consuming tasks, giving them more time to concentrate on strategic tasks that deliver value to the business and its customers. Executing these tasks in repeatable, scalable pipelines helps ensure quality and consistency while codifying best practices.

Modern tools enable automation and impact analysis practices throughout the DevOps infinity loop. For example, source code management tools can help development teams analyze, build, and deploy applications by showing how code changes will impact software build and deployment.  They enable parallel development by tracking multiple versions of code, and by integrating into automated CI/CD pipelines to automatically build and deploy.

Likewise, automated testing impacts nearly all aspects of the development team's role. Automated unit testing helps detect quality issues quickly, reducing the time between code creation and bug discovery; developers can revamp code while it is still fresh in their minds and before additional changes have been added. Automated regression testing ensures that existing code continues to work as expected while automated integration of end-to-end testing ensures the entire system continues to work.

Manual building and monitoring of the tools and processes used to automate the SDLC can be a herculean task. Automated workflow orchestration tools play an overarching role, making workflows easier to build, monitor, modify, and helping diagnose DevOps pipelines. These orchestration tools allow automated hand-offs between development and operations teams, which saves significant time. It also provides key transparency, offering an end-to-end view of data and workflows across platforms and teams.

In short, automation propels DevOps practices by empowering developers, simplifying cross-platform development workflows, and helping to increase the velocity, quality, and efficiency of software deployment.

3. Securing your DevOps practices from the start

As recent security breaches have shown, the more sophisticated the architecture, the more hackers will rise to the occasion. Respondents to the Mainframe Survey cited security and compliance as their number one priority, and with good reason. Within the first six months of 2019, more than 3,800 publicly disclosed breaches exposed an incredible 4.1 billion compromised records. And a loosely based security approach as part of your DevOps framework leaves a clear path for malicious hackers to access sensitive test data and systems.

As new features and products are developed more quickly, and the number of cross-platform integrations increases, system and data security must be monitored and assessed to ensure that organizational standards are met. Organizations need a security approach embedded within their DevOps toolchain from the start vs. bolted on at the end.

Looking at this theory in action, one large US-based financial institution has created a security board of excellence within their cloud-based development organization that conducts a comprehensive security review as part of the user story review process. Once the security representative provides council on the soundness of the development approach, their security assessment is put through a peer review process and subsequent approval. Again, culture plays a big part here — all parties agreeing to this approach, adhering to SLAs, and close cross-collaboration all play key roles in its success.

On the infrastructure side, periodic vulnerability and compliance checks are critical to strengthen the integrity and security of sensitive data. Modern security tools automate detection and response to security threats providing real-time alerts of threats and reports on system security—a proactive approach to preventing breaches. The key is to ensure these security systems do not remain siloed with the systems and platforms they protect. Integration with your organization's security operations center (SOC) is critical to detect and strengthen potential weak spots created by new features and services.

Overall, code and system security must be continuous and comprehensive, detecting new threats and responding to existing ones throughout the design, development, and deployment of software.

An Investment in the Present — and in the Future

In today's rapidly changing digital economy, companies are under intense pressure to provide innovative new features and services as quickly as possible while maintaining the quality and security standards their customers expect. Adoption of DevOps practices, with its enablement of rapid adaptation, broad application of automation, and support of security practices, gives organizations the ability to meet customer needs in this constantly shifting environment. Baking these three strategies into your DevOps toolchain not only maintains your current competitive edge, it also prepares your organization for the challenges and demands of the future.

April Hickel is VP, Intelligent Z Optimization and Transformation, at BMC
Share this

Industry News

September 27, 2022

DevOps Institute will host SKILup Festival in Singapore on November 15, 2022.

September 27, 2022

Delinea announced the latest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams.

September 27, 2022

The Apptainer community announced version 1.1.0 of the popular container system for secure, high-performance computing (HPC). Improvements in the new version provide a smaller attack surface for production deployments while offering features that improve and simplify the user experience.

September 26, 2022

Secure Code Warrior unveiled Coding Labs, a new mechanism that allows developers to more easily move from learning to applying secure coding knowledge, leading to fewer vulnerabilities in code.

September 26, 2022

ActiveState announced the availability of the ActiveState Artifact Repository.

September 26, 2022

Split Software announced the availability of its Feature Data Platform in the Microsoft Azure Marketplace.

September 22, 2022

Katalon announced the launch of the Katalon Platform, a modern and comprehensive software quality management platform that enables teams of any size to easily and efficiently test, launch, and optimize apps, products, and software.

September 22, 2022

StackHawk announced its Deeper API Security Test Coverage release.

September 21, 2022

Platform9 announced the launch of its latest open source project, Arlon.

September 21, 2022

Redpanda Data announced Redpanda Console.

September 21, 2022

mabl announced its availability as a private listing on Google Cloud Marketplace.

September 21, 2022

Zesty announced a $75 million Series B funding round led by B Capital and Series A investor Sapphire Ventures.

September 20, 2022

Opsera, the Continuous Orchestration platform for DevOps, announced a free trial of its no-code Salesforce Release Management platform for fast and secure Salesforce releases.

September 20, 2022

Sysdig announced ToDo and Remediation Guru.

September 20, 2022

AutoRABIT announced CodeScan Shield.