DevOps Drives Continuous Improvement in Agility, Automation and Security
Three strategies vital to fulfilling digital demand's accelerated growth
February 16, 2021

April Hickel
BMC

Now more than ever, agile application development strategies play a pivotal role in providing the experiences companies need to compete in today's volatile economy. It's been estimated that COVID-19 accelerated e-commerce growth by four to six years — acceleration largely powered by the digital experiences provided by new releases of apps and services. Customers are demanding new and improved business applications at every turn, leaving organizations clamoring to comply.

The advent of smart phones and other mobile devices has always enabled people to stay connected, but COVID-19 has taken this connectivity to the next level. Looking at the financial and payment industry from January to June 2020, investment app activity showed 88 percent growth, payment app sessions increased by nearly 50 percent and banking and payment apps sessions increased 26 percent globally.

In this quest to quickly deliver quality apps and services while providing a superior customer experience, DevOps is proving critical for modern enterprises, giving them the ability to adapt quickly to customer demand and cultural shifts, automate throughout the software delivery lifecycle (SDLC), and heighten security of the data and infrastructure vital to application development.

1. Agility Through Collaboration

This need for continuous improvement crosses platforms, especially as more and more applications require integration of front-end interfaces with mainframe backend services. When looking at application development on the mainframe, 78 percent of respondents to BMC's annual mainframe study stated they would like to update applications built on the platform more frequently.

With this cross-platform collaboration comes the need for transparency. Development teams must be aware of each other's processes, workflows, and, most importantly, progress on shared projects. This transparency is a key component of the DevOps cultural shift — encouraging cross-team collaboration toward a shared goal vs. individual ones.

Before a project begins, teams come together to understand the purpose of the project, clearly define objectives and tasks, and agree upon roles and responsibilities. As the project progresses, there must be continuous feedback loops and communication. Teams working toward a common goal, with knowledge of each others' processes and a clear view of responsibilities and progress, enable organizations to see where improvements can be made, bottlenecks avoided, and services connected to best meet growing (and changing) digital demand.

2. Automate, Automate, Automate!

The central tenets of DevOps — increasing development and deployment speed, quality, consistency, and reliability — are enabled by automation throughout the SDLC. Automation frees developers from manually executing repetitive and time-consuming tasks, giving them more time to concentrate on strategic tasks that deliver value to the business and its customers. Executing these tasks in repeatable, scalable pipelines helps ensure quality and consistency while codifying best practices.

Modern tools enable automation and impact analysis practices throughout the DevOps infinity loop. For example, source code management tools can help development teams analyze, build, and deploy applications by showing how code changes will impact software build and deployment.  They enable parallel development by tracking multiple versions of code, and by integrating into automated CI/CD pipelines to automatically build and deploy.

Likewise, automated testing impacts nearly all aspects of the development team's role. Automated unit testing helps detect quality issues quickly, reducing the time between code creation and bug discovery; developers can revamp code while it is still fresh in their minds and before additional changes have been added. Automated regression testing ensures that existing code continues to work as expected while automated integration of end-to-end testing ensures the entire system continues to work.

Manual building and monitoring of the tools and processes used to automate the SDLC can be a herculean task. Automated workflow orchestration tools play an overarching role, making workflows easier to build, monitor, modify, and helping diagnose DevOps pipelines. These orchestration tools allow automated hand-offs between development and operations teams, which saves significant time. It also provides key transparency, offering an end-to-end view of data and workflows across platforms and teams.

In short, automation propels DevOps practices by empowering developers, simplifying cross-platform development workflows, and helping to increase the velocity, quality, and efficiency of software deployment.

3. Securing your DevOps practices from the start

As recent security breaches have shown, the more sophisticated the architecture, the more hackers will rise to the occasion. Respondents to the Mainframe Survey cited security and compliance as their number one priority, and with good reason. Within the first six months of 2019, more than 3,800 publicly disclosed breaches exposed an incredible 4.1 billion compromised records. And a loosely based security approach as part of your DevOps framework leaves a clear path for malicious hackers to access sensitive test data and systems.

As new features and products are developed more quickly, and the number of cross-platform integrations increases, system and data security must be monitored and assessed to ensure that organizational standards are met. Organizations need a security approach embedded within their DevOps toolchain from the start vs. bolted on at the end.

Looking at this theory in action, one large US-based financial institution has created a security board of excellence within their cloud-based development organization that conducts a comprehensive security review as part of the user story review process. Once the security representative provides council on the soundness of the development approach, their security assessment is put through a peer review process and subsequent approval. Again, culture plays a big part here — all parties agreeing to this approach, adhering to SLAs, and close cross-collaboration all play key roles in its success.

On the infrastructure side, periodic vulnerability and compliance checks are critical to strengthen the integrity and security of sensitive data. Modern security tools automate detection and response to security threats providing real-time alerts of threats and reports on system security—a proactive approach to preventing breaches. The key is to ensure these security systems do not remain siloed with the systems and platforms they protect. Integration with your organization's security operations center (SOC) is critical to detect and strengthen potential weak spots created by new features and services.

Overall, code and system security must be continuous and comprehensive, detecting new threats and responding to existing ones throughout the design, development, and deployment of software.

An Investment in the Present — and in the Future

In today's rapidly changing digital economy, companies are under intense pressure to provide innovative new features and services as quickly as possible while maintaining the quality and security standards their customers expect. Adoption of DevOps practices, with its enablement of rapid adaptation, broad application of automation, and support of security practices, gives organizations the ability to meet customer needs in this constantly shifting environment. Baking these three strategies into your DevOps toolchain not only maintains your current competitive edge, it also prepares your organization for the challenges and demands of the future.

April Hickel is VP, Intelligent Z Optimization and Transformation, at BMC
Share this

Industry News

February 02, 2023

Red Hat announced a multi-stage alliance to offer customers a greater choice of operating systems to run on Oracle Cloud Infrastructure (OCI).

February 02, 2023

Snow Software announced a new global partner program designed to enable partners to support customers as they face complex market challenges around managing cost and mitigating risk, while delivering value more efficiently and effectively with Snow.

February 02, 2023

Contrast Security announced the launch of its new partner program, the Security Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.

February 01, 2023

Red Hat introduced new security and compliance capabilities for the Red Hat OpenShift enterprise Kubernetes platform.

February 01, 2023

Jetpack.io formally launched with Devbox Cloud, a managed service offering for Devbox.

February 01, 2023

Jellyfish launched Life Cycle Explorer, a new solution that identifies bottlenecks in the life cycle of engineering work to help teams adapt workflow processes and more effectively deliver value to customers.

January 31, 2023

Ably announced the Ably Terraform provider.

January 31, 2023

Checkmarx announced the immediate availability of Supply Chain Threat Intelligence, which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

January 31, 2023

Qualys announced its new GovCloud platform along with the achievement of FedRAMP Ready status at the High impact level, from the Federal Risk and Authorization Management Program (FedRAMP).

January 30, 2023

F5 announced the general availability of F5 NGINXaaS for Azure, an integrated solution co-developed by F5 and Microsoft that empowers enterprises to deliver secure, high-performance applications in the cloud.

January 30, 2023

Tenable announced Tenable Ventures, a corporate investment program.

January 26, 2023

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.

January 26, 2023

Mirantis, freeing developers to create their most valuable code, today announced that it has acquired the Santa Clara, California-based Shipa to add automated application discovery, operations, security, and observability to the Lens Kubernetes Platform.

January 25, 2023

SmartBear has integrated the powerful contract testing capabilities of PactFlow with SwaggerHub.

January 25, 2023

Venafi introduced TLS Protect for Kubernetes.