DevOps Drives Continuous Improvement in Agility, Automation and Security
Three strategies vital to fulfilling digital demand's accelerated growth
February 16, 2021

April Hickel
BMC

Now more than ever, agile application development strategies play a pivotal role in providing the experiences companies need to compete in today's volatile economy. It's been estimated that COVID-19 accelerated e-commerce growth by four to six years — acceleration largely powered by the digital experiences provided by new releases of apps and services. Customers are demanding new and improved business applications at every turn, leaving organizations clamoring to comply.

The advent of smart phones and other mobile devices has always enabled people to stay connected, but COVID-19 has taken this connectivity to the next level. Looking at the financial and payment industry from January to June 2020, investment app activity showed 88 percent growth, payment app sessions increased by nearly 50 percent and banking and payment apps sessions increased 26 percent globally.

In this quest to quickly deliver quality apps and services while providing a superior customer experience, DevOps is proving critical for modern enterprises, giving them the ability to adapt quickly to customer demand and cultural shifts, automate throughout the software delivery lifecycle (SDLC), and heighten security of the data and infrastructure vital to application development.

1. Agility Through Collaboration

This need for continuous improvement crosses platforms, especially as more and more applications require integration of front-end interfaces with mainframe backend services. When looking at application development on the mainframe, 78 percent of respondents to BMC's annual mainframe study stated they would like to update applications built on the platform more frequently.

With this cross-platform collaboration comes the need for transparency. Development teams must be aware of each other's processes, workflows, and, most importantly, progress on shared projects. This transparency is a key component of the DevOps cultural shift — encouraging cross-team collaboration toward a shared goal vs. individual ones.

Before a project begins, teams come together to understand the purpose of the project, clearly define objectives and tasks, and agree upon roles and responsibilities. As the project progresses, there must be continuous feedback loops and communication. Teams working toward a common goal, with knowledge of each others' processes and a clear view of responsibilities and progress, enable organizations to see where improvements can be made, bottlenecks avoided, and services connected to best meet growing (and changing) digital demand.

2. Automate, Automate, Automate!

The central tenets of DevOps — increasing development and deployment speed, quality, consistency, and reliability — are enabled by automation throughout the SDLC. Automation frees developers from manually executing repetitive and time-consuming tasks, giving them more time to concentrate on strategic tasks that deliver value to the business and its customers. Executing these tasks in repeatable, scalable pipelines helps ensure quality and consistency while codifying best practices.

Modern tools enable automation and impact analysis practices throughout the DevOps infinity loop. For example, source code management tools can help development teams analyze, build, and deploy applications by showing how code changes will impact software build and deployment.  They enable parallel development by tracking multiple versions of code, and by integrating into automated CI/CD pipelines to automatically build and deploy.

Likewise, automated testing impacts nearly all aspects of the development team's role. Automated unit testing helps detect quality issues quickly, reducing the time between code creation and bug discovery; developers can revamp code while it is still fresh in their minds and before additional changes have been added. Automated regression testing ensures that existing code continues to work as expected while automated integration of end-to-end testing ensures the entire system continues to work.

Manual building and monitoring of the tools and processes used to automate the SDLC can be a herculean task. Automated workflow orchestration tools play an overarching role, making workflows easier to build, monitor, modify, and helping diagnose DevOps pipelines. These orchestration tools allow automated hand-offs between development and operations teams, which saves significant time. It also provides key transparency, offering an end-to-end view of data and workflows across platforms and teams.

In short, automation propels DevOps practices by empowering developers, simplifying cross-platform development workflows, and helping to increase the velocity, quality, and efficiency of software deployment.

3. Securing your DevOps practices from the start

As recent security breaches have shown, the more sophisticated the architecture, the more hackers will rise to the occasion. Respondents to the Mainframe Survey cited security and compliance as their number one priority, and with good reason. Within the first six months of 2019, more than 3,800 publicly disclosed breaches exposed an incredible 4.1 billion compromised records. And a loosely based security approach as part of your DevOps framework leaves a clear path for malicious hackers to access sensitive test data and systems.

As new features and products are developed more quickly, and the number of cross-platform integrations increases, system and data security must be monitored and assessed to ensure that organizational standards are met. Organizations need a security approach embedded within their DevOps toolchain from the start vs. bolted on at the end.

Looking at this theory in action, one large US-based financial institution has created a security board of excellence within their cloud-based development organization that conducts a comprehensive security review as part of the user story review process. Once the security representative provides council on the soundness of the development approach, their security assessment is put through a peer review process and subsequent approval. Again, culture plays a big part here — all parties agreeing to this approach, adhering to SLAs, and close cross-collaboration all play key roles in its success.

On the infrastructure side, periodic vulnerability and compliance checks are critical to strengthen the integrity and security of sensitive data. Modern security tools automate detection and response to security threats providing real-time alerts of threats and reports on system security—a proactive approach to preventing breaches. The key is to ensure these security systems do not remain siloed with the systems and platforms they protect. Integration with your organization's security operations center (SOC) is critical to detect and strengthen potential weak spots created by new features and services.

Overall, code and system security must be continuous and comprehensive, detecting new threats and responding to existing ones throughout the design, development, and deployment of software.

An Investment in the Present — and in the Future

In today's rapidly changing digital economy, companies are under intense pressure to provide innovative new features and services as quickly as possible while maintaining the quality and security standards their customers expect. Adoption of DevOps practices, with its enablement of rapid adaptation, broad application of automation, and support of security practices, gives organizations the ability to meet customer needs in this constantly shifting environment. Baking these three strategies into your DevOps toolchain not only maintains your current competitive edge, it also prepares your organization for the challenges and demands of the future.

April Hickel is VP, ZSolutions Strategy, at BMC
Share this

Industry News

July 26, 2021

Parallel Agile announced a new version of CodeBot, a low-code MERN stack application generator.

July 26, 2021

Appian unveiled its new Appian Japan regional office.

July 26, 2021

CloudTruth raised $5.25 million in seed funding led by Glasswing Ventures and Gutbrain Ventures, with additional funding from Stage 1 Ventures and York IE.

July 22, 2021

Postman successfully obtained the System and Organization Controls (SOC) 2 Type 2 and SOC 3 Type 2 reports for the Postman API platform, meeting critical industry standards relative to the Trust Services Criteria for security, availability, and confidentiality.

July 21, 2021

Scrum.org announced its new Professional Agile Leadership – Evidence-Based Management (PAL-EBM) training course.

July 21, 2021

BMC announced several new innovations and integrations within the BMC Automated Mainframe Intelligence (BMC AMI) and BMC Compuware portfolios designed to improve threat detection and response and expand access to mainstream DevOps tools to modernize mainframe applications and increase developer productivity.

July 21, 2021

CognitiveScale announced the release of Cortex Fabric Version 6—a new, low code developer platform for automation, augmentation and transformation of knowledge work and digital experiences.

July 20, 2021

JFrog announced the closing of the previously reported acquisition of product security company Vdoo.

July 20, 2021

Wind River has introduced its latest release of Wind River Studio.

July 20, 2021

Sysdig announced intent to acquire Apolicy.

July 19, 2021

Red Hat announced Red Hat Advanced Cluster Management for Kubernetes 2.3, the latest version of the company’s enterprise-grade Kubernetes management offering.

July 15, 2021

Platform9 announced the launch of Platform9 Managed KubeVirt.

July 15, 2021

ShiftLeft announced general availability of ShiftLeft Educate, a solution that delivers highly-effective security training for developers within the developer workflow.

July 15, 2021

Appfire announced the acquisition of Spartez Software.

July 14, 2021

Contrast Security announced its integration with Secure Code Warrior to deliver security contextual micro-learning modules to enhance developers' skills to easily fix vulnerabilities without the need of a security team.