Quick Tips for Successfully Leveraging DevOps Culture for Best-In-Class Cloud Architecture
July 21, 2021

Dustin Milberg
InterVision

DevOps is not something you are or do, rather it describes what you are and how you do it. Put differently, it is not a verb or a noun; it is an adjective. Think of it like this: you cannot "do healthy" or be "healthy." You can however become healthy by eating better and exercising. The healthier your choices and the more disciplined you are, the healthier you become.

The behaviors, values, and discipline of a team will define its culture. The same is true of a DevOps culture; the health and success of yours will be predicated on the way people organize around the work, the adoption of a shared accountability mindset, and the instrumentation of supporting processes and technology to support it.

With so many organizations building cloud strategies, and most of them already have made some progress in that journey, it is important not to overlook key areas that require attention following a cloud migration, such as the adoption of a healthy DevOps culture through the instrumentation of behaviors and best practices. While there are many drivers to cloud adoption and the moniker has been coined "the journey to the cloud is more important than the arrival," actually preparing and migrating workloads is critical to success.

The cloud allows for more automation of a lot of historically manual tasks, which means that teams can increase the speed of application development, reducing the time to production. However, the tradeoff from cumbersome manual tasks for a speedy automated process does not necessarily equate to increased security or quality. For this, technology teams must carefully analyze and adopt the integration and automation approach for their stack, their core processes, and data storage to ensure the best possible stance post-migration.

Here are a few pro tips that I would suggest to teams looking to balance quality, speed, and security through the adoption of automation in a cloud architecture.

1. Migrate to Match Your Needs

Before you even take your first step on the path to the cloud, it is essential to consider what end goals you have in mind and what operating in the cloud is expected to look like. These goals should be easily measured, documented, and challenged at every step of your journey to ensure you remained focus and aligned with them. Get consensus from stakeholders and adjust for accuracy and alignment.

Misaligned expectations and lack of due diligence upfront are the leading causes of stalled migrations, which costs not only massive amounts of time but also lost revenue that the business could be making with the increased agility of the cloud.

2. Align Your Cloud Architecture and Development Processes with Governance Policies and Vice-Versa

Consider what compliance requirements you must maintain at every step of migration and operations thereafter. How does this impact your automation strategy now that it is in the cloud rather than elsewhere? These aspects must include conversations with your compliance and security teams, to be sure all the "i's" are dotted, and "t's" are crossed.

Gone are the days where you can simply wait for developers to build, pepper in some IAM, and through a moat around it and call it secure. The simple fact is that one line of nefarious code (as unintentional as it may be) can do far more damage than an attacker from the outside. Organizations must adopt a zero-trust posture by shifting security as far left into the engineering process as possible. This means not only looking at the security of the architecture but also the security of the development process itself and integrating Code Coverage and Code Quality into your CI/CD pipeline and toolchain.

This will also cause security teams to think about a holistic, platform-based approach to security to assure all layers of the platform are accounted for: infrastructure, application, data, security, policy, and pipeline.

3. Automate Wherever Possible

Discuss what tasks your engineering teams consider to be the most cumbersome in the development, testing, and delivery/deployment process, then find ways to automate those tasks wherever possible. If done properly, automation will not only save you time, it will also reduce risk and cost. However, if done incorrectly, it will increase the speed at which bad code and security exposures make their way to market.

Do not forget about tip #1 … make sure that your automation and CI/CD pipeline and toolchains are aligned to your governance and compliance standards. This alignment yields reduced technical debt and means less remediation work post-audit.

4. People & Process Come First, Then Technology

The journey to the cloud comes with many benefits. It also comes with many pitfalls and risks if not properly mapped out. The single biggest mistake that I see organizations make is jumping right to technology and architecture without considering the impact to people, the processes they follow, the impact on culture, and the likely detractors/resistors to success. Moving to the cloud takes what was historically a hardware requirement and shifted that to a software problem. Many could see this as a threat to their jobs and livelihood.

■ Why are we embarking on a cloud journey?

■ What is in it for me?

■ How will my job change as a result?

■ How will we measure success?

■ How do we ensure we do not make the same mistakes as others?

Technology leaders must, I repeat, must have these questions answered for their teams prior to embarking on a cloud journey. Not only will this minimize stall and increase risk and cost, this level of transparency also builds trust and creates a better culture and ultimately improves productivity.

Dustin Milberg is Field CTO Cloud Services at InterVision
Share this

Industry News

January 13, 2022

Infragistics announced the release of Infragistics Ultimate 21.2.

January 13, 2022

Jitterbit acquired PrimeApps, a Turkey-based innovator in low-code application development.

January 13, 2022

Mirantis announced the release of Mirantis Secure Registry (MSR) 3.0, which supports usage across any Kubernetes distribution.

January 12, 2022

DevOps Institute announced its lineup for 2022 events and webinars and plans for two new DevOps certifications.

January 12, 2022

Oxeye unveiled an open-source initiative with the introduction of Ox4Shell.

January 12, 2022

Quali Torque platform is now available to Microsoft Azure users on the Azure Marketplace.

January 11, 2022

CircleCI announced a free tier for CI/CD.

January 11, 2022

GlobalLogic, a Hitachi Group Company, announced availability of OpeNgine version 2.1.

January 11, 2022

The Application Security Division of NTT introduced the next phase of The WhiteHat Vantage Platform, Vantage Prevent, a patented solution that enables enterprises to conduct dynamic application security testing (DAST) at each phase of the development cycle and prevent exploitable vulnerabilities from reaching production.

January 10, 2022

BrowserStack announced the acquisition of Nightwatch.js, the open-source test automation framework.

January 06, 2022

BMC announced new capabilities and integrations across its BMC AMI (Automated Mainframe Intelligence) and BMC Compuware portfolios.

January 06, 2022

ShiftLeft announced that its Intelligent-SCA product added scanning and attackability analysis for JavaScript (JS) and the TypeScript (TS) language to the ShiftLeft CORE platform.

January 06, 2022

Progress announced the latest release of Progress Fiddler Everywhere, its popular web debugging proxy tool.

January 05, 2022

Solo.io announced a new open-source project, BumbleBee, that simplifies the developer experience for building, packaging, and distributing eBPF tools.

January 05, 2022

Forty8Fifty Labs and Old Street Solutions announced that they are partnering in the development and delivery of solutions that simplify the collaboration and use of Atlassian Jira and Confluence.