DevOps Drives Continuous Improvement in Agility, Automation and Security
Three strategies vital to fulfilling digital demand's accelerated growth
February 16, 2021

April Hickel
BMC

Now more than ever, agile application development strategies play a pivotal role in providing the experiences companies need to compete in today's volatile economy. It's been estimated that COVID-19 accelerated e-commerce growth by four to six years — acceleration largely powered by the digital experiences provided by new releases of apps and services. Customers are demanding new and improved business applications at every turn, leaving organizations clamoring to comply.

The advent of smart phones and other mobile devices has always enabled people to stay connected, but COVID-19 has taken this connectivity to the next level. Looking at the financial and payment industry from January to June 2020, investment app activity showed 88 percent growth, payment app sessions increased by nearly 50 percent and banking and payment apps sessions increased 26 percent globally.

In this quest to quickly deliver quality apps and services while providing a superior customer experience, DevOps is proving critical for modern enterprises, giving them the ability to adapt quickly to customer demand and cultural shifts, automate throughout the software delivery lifecycle (SDLC), and heighten security of the data and infrastructure vital to application development.

1. Agility Through Collaboration

This need for continuous improvement crosses platforms, especially as more and more applications require integration of front-end interfaces with mainframe backend services. When looking at application development on the mainframe, 78 percent of respondents to BMC's annual mainframe study stated they would like to update applications built on the platform more frequently.

With this cross-platform collaboration comes the need for transparency. Development teams must be aware of each other's processes, workflows, and, most importantly, progress on shared projects. This transparency is a key component of the DevOps cultural shift — encouraging cross-team collaboration toward a shared goal vs. individual ones.

Before a project begins, teams come together to understand the purpose of the project, clearly define objectives and tasks, and agree upon roles and responsibilities. As the project progresses, there must be continuous feedback loops and communication. Teams working toward a common goal, with knowledge of each others' processes and a clear view of responsibilities and progress, enable organizations to see where improvements can be made, bottlenecks avoided, and services connected to best meet growing (and changing) digital demand.

2. Automate, Automate, Automate!

The central tenets of DevOps — increasing development and deployment speed, quality, consistency, and reliability — are enabled by automation throughout the SDLC. Automation frees developers from manually executing repetitive and time-consuming tasks, giving them more time to concentrate on strategic tasks that deliver value to the business and its customers. Executing these tasks in repeatable, scalable pipelines helps ensure quality and consistency while codifying best practices.

Modern tools enable automation and impact analysis practices throughout the DevOps infinity loop. For example, source code management tools can help development teams analyze, build, and deploy applications by showing how code changes will impact software build and deployment.  They enable parallel development by tracking multiple versions of code, and by integrating into automated CI/CD pipelines to automatically build and deploy.

Likewise, automated testing impacts nearly all aspects of the development team's role. Automated unit testing helps detect quality issues quickly, reducing the time between code creation and bug discovery; developers can revamp code while it is still fresh in their minds and before additional changes have been added. Automated regression testing ensures that existing code continues to work as expected while automated integration of end-to-end testing ensures the entire system continues to work.

Manual building and monitoring of the tools and processes used to automate the SDLC can be a herculean task. Automated workflow orchestration tools play an overarching role, making workflows easier to build, monitor, modify, and helping diagnose DevOps pipelines. These orchestration tools allow automated hand-offs between development and operations teams, which saves significant time. It also provides key transparency, offering an end-to-end view of data and workflows across platforms and teams.

In short, automation propels DevOps practices by empowering developers, simplifying cross-platform development workflows, and helping to increase the velocity, quality, and efficiency of software deployment.

3. Securing your DevOps practices from the start

As recent security breaches have shown, the more sophisticated the architecture, the more hackers will rise to the occasion. Respondents to the Mainframe Survey cited security and compliance as their number one priority, and with good reason. Within the first six months of 2019, more than 3,800 publicly disclosed breaches exposed an incredible 4.1 billion compromised records. And a loosely based security approach as part of your DevOps framework leaves a clear path for malicious hackers to access sensitive test data and systems.

As new features and products are developed more quickly, and the number of cross-platform integrations increases, system and data security must be monitored and assessed to ensure that organizational standards are met. Organizations need a security approach embedded within their DevOps toolchain from the start vs. bolted on at the end.

Looking at this theory in action, one large US-based financial institution has created a security board of excellence within their cloud-based development organization that conducts a comprehensive security review as part of the user story review process. Once the security representative provides council on the soundness of the development approach, their security assessment is put through a peer review process and subsequent approval. Again, culture plays a big part here — all parties agreeing to this approach, adhering to SLAs, and close cross-collaboration all play key roles in its success.

On the infrastructure side, periodic vulnerability and compliance checks are critical to strengthen the integrity and security of sensitive data. Modern security tools automate detection and response to security threats providing real-time alerts of threats and reports on system security—a proactive approach to preventing breaches. The key is to ensure these security systems do not remain siloed with the systems and platforms they protect. Integration with your organization's security operations center (SOC) is critical to detect and strengthen potential weak spots created by new features and services.

Overall, code and system security must be continuous and comprehensive, detecting new threats and responding to existing ones throughout the design, development, and deployment of software.

An Investment in the Present — and in the Future

In today's rapidly changing digital economy, companies are under intense pressure to provide innovative new features and services as quickly as possible while maintaining the quality and security standards their customers expect. Adoption of DevOps practices, with its enablement of rapid adaptation, broad application of automation, and support of security practices, gives organizations the ability to meet customer needs in this constantly shifting environment. Baking these three strategies into your DevOps toolchain not only maintains your current competitive edge, it also prepares your organization for the challenges and demands of the future.

April Hickel is VP, Intelligent Z Optimization and Transformation, at BMC
Share this

Industry News

May 12, 2022

Red Hat introduced Red Hat Enterprise Linux 9, the Linux operating system designed to drive more consistent innovation across the open hybrid cloud, from bare metal servers to cloud providers and the farthest edge of enterprise networks.

May 12, 2022

Couchbase announced version 7.1 of Couchbase Server.

May 12, 2022

Copado added Copado Robotic Testing to Copado Essentials.

May 11, 2022

Red Hat announced new advancements within its Red Hat Cloud Services portfolio, delivering a fully-managed and streamlined user experience as organizations build, deploy, manage and scale cloud-native applications across hybrid environments.

May 11, 2022

JFrog introduced a new Docker Desktop Extension for JFrog Xray that allows organizations to automatically scan Docker Containers for vulnerabilities and violations early in the development process.

May 11, 2022

Progress announced a series of updates in Progress Telerik and Progress Kendo UI.

May 11, 2022

Vultr announces that Vultr Kubernetes Engine (VKE) is generally available.

May 10, 2022

Docker announced new features and partnerships to increase developer productivity. Specifically, the company announced Docker Extensions which allow developers to discover and add complementary development tools to Docker Desktop.

May 10, 2022

Red Hat announced the general availability of Red Hat Ansible Automation Platform on Microsoft Azure, pairing hybrid cloud automation with the convenience and support of a managed offering.

May 10, 2022

The Fedora Project, a community-driven open source collaboration sponsored by Red Hat, announced the general availability of Fedora Linux 36, the latest version of the fully open source Fedora operating system.

May 10, 2022

Progress announced the release of Progress Chef Cloud Security, extending DevSecOps with compliance support for native cloud assets and enabling end-to-end management of all on premise, cloud and native cloud resources.

This new offering is complemented with new capabilities across the Chef portfolio targeting DevOps success in the most demanding and complex enterprise deployments.

May 10, 2022

Platform9 announced new platform capabilities in Platform9 5.5 that make it easier for cloud-native development and operations teams to build, scale, and operate apps and Kubernetes clusters in the cloud, on-premises, and at the edge.

May 09, 2022

Red Hat and Accenture have expanded their nearly 12 year strategic partnership to further power open hybrid cloud innovation for enterprises worldwide.

May 09, 2022

Opsera has partnered with Mindtree.

May 09, 2022

Mendix announced that Mendix Workflow for process automation is now generally available.