Check Point® Software Technologies Ltd. has been recognized as a leader in The Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.
Simulated annealing is an algorithmic model based on enabling (e.g. geometric) artefacts to expand, then slowly bringing them back together as though they had been heated and cooled. I first learned of this technique when I was programming CAD systems for silicon chip design: I was working with a super-clever chap called Tim, who had written the compaction code I had been asked to document (cf my Twitter handle "Translating for geeks since 1987…").
Vis-a-vis both, I have had the good fortune to speak to a number of super-clever people over the past few weeks, and I have found my mind drawn back to notions of simulated annealing. In the spirit of the latter, I shall try to give space to a few of the things I have learned, and see what form they settle into as they cool.
To kick off, the main prompt for this blog was a conversation with Jayne Groll, CEO of the DevOps Institute, an organization founded on the idea of looking at the people issues around DevOps. Part of the discussion focused on the idea of competencies, aka how teams small and large can build out platforms of experience and expertise. The dialog wend its way through the pluses and minuses of maturity models, of centers of excellence vs project offices, of standardization vs flexibility.
Linking people to competencies, I was particularly drawn by how the DevOps Institute had been crowdsourcing said definition via the very people it was founded to support (clever, huh), an initiative overseen by Helen Beal. I note that one participant is Polystream's Cheryl Razzell, to whom I spoke late last year about the efforts and initiatives taking place there. I'm not just name-dropping here but making the point that it's all about people. To me, this goes right back to roots of how DevOps came about — folks wanting to improve how stuff is done.
A second conversation was with Jfrog's Avigail Ofer and (ex-Shippable co-Founder) Manisha Sahasrabudhe about CI/CD product roadmaps and all that. Inevitably, the discussion turned to phrases like "where the market is going" before landing on the very real question: how is all this clever tooling going to work?
I had, and have, no agenda on any of this, other than the fact that I've been covering such things for quite a while now, and find myself asking the same questions that I have been asking for ten years or more.
You can get the punchline — we started discussing the people using technology, the developers and security professionals and operations staff and managers and engineering leads and SREs and everyone else. The conversation became less about marketing, and more about enablement, and indeed, growing, building and assisting the competencies necessary for DevOps to scale.
There's more. A few weeks ago, I was genuinely lucky to participate in a panel of experts organized by CloudBees, all of whom were spending time tussling with the same challenges, either directly, or through consulting with their clients. I'm reminded of a point Forrester's Chris Condo made about Value Stream Management (VSM, an outcome-focused visibility/governance layer above DevOps): I paraphrase, but Chris was explaining that now we had the theory and the tools for VSM mapped out, he was turning his attention to making sure it delivered on its promise.
Everywhere I look, it seems, the focus is shifting. DevOps is great in principle, and functions very well on a small scale, and on a larger scale if you are very good at it. While past focus has been on just doing it, the questions, and answers, are moving to addressing the latter, i.e. delivering DevOps at scale, as a norm rather than as an exception. We see this in tooling such as VSM (which is seeing success, but for some, it is becoming yet another thing to manage), and we see it in a move away from simpler metrics such as DORA, and towards more competency-based considerations.
There's a lot going on, across architecture, process and need, and in good simulated annealing fashion, it is worth considering it all in the round. As things cool, I think we can expect to see:
■ increasing standardization of pipeline steps and segments, potentially with a common definition language such that they can be moved between tools
■ better integration of non-core activities (such as security and testing) into the pipeline — a policy-based "be-left" approach rather than force-fitting "shift-left" ideas
■ management visibility onto needs and business outcomes delivered in a way that enables, rather than slowing progress
■ a move away from speed-is-king attitudes and monolithic methodology approaches, towards standardized platforms with embedded guardrails
All in all, the stage we are at reminds me of the early days of ITIL, in which a bunch of people got together and mapped out how things could work much, much better than in the past, and shared their findings. It's worth remembering that the initial ITIL guides did not talk about technical solutions but focused on competencies: it's only later that CMDBs and other clever tech kicked in.
ITIL's issue, if it had one, was that, with all its associated tools and frameworks, it became too complex and distant from those original themes: it became part of the very problem it set out to solve (complexity will always kill innovation, if given the chance).
Through the efforts of people across the board, DevOps is on the brink of a similar breakthrough, so, how can organizations get themselves ready for a future, (at least initially) less chaotic version of DevOps?
While centers of excellence may be a bit of a stretch (though the name has a ring to it), companies and public bodies can start to think in terms of centers of competence, documenting what they are currently good at and where they can improve based on a common baseline (the DevOps institute's work on this is a good place to start).
At the same time, it is worth considering that (as we found with ITIL) complexity was never, and never should be the goal for DevOps. Tech is complex enough without adding to the burden through fragmented, inefficient pipelines, siloed teams and practices, pockets of configuration management, reinvention and fire-fighting. We should all be looking at what we do and asking, how can I make this simpler, for myself, for my team and for others?
And as long as we can answer this question, we will be heading in the right direction.