Quick Tips for Successfully Leveraging DevOps Culture for Best-In-Class Cloud Architecture
July 21, 2021

Dustin Milberg
InterVision

DevOps is not something you are or do, rather it describes what you are and how you do it. Put differently, it is not a verb or a noun; it is an adjective. Think of it like this: you cannot "do healthy" or be "healthy." You can however become healthy by eating better and exercising. The healthier your choices and the more disciplined you are, the healthier you become.

The behaviors, values, and discipline of a team will define its culture. The same is true of a DevOps culture; the health and success of yours will be predicated on the way people organize around the work, the adoption of a shared accountability mindset, and the instrumentation of supporting processes and technology to support it.

With so many organizations building cloud strategies, and most of them already have made some progress in that journey, it is important not to overlook key areas that require attention following a cloud migration, such as the adoption of a healthy DevOps culture through the instrumentation of behaviors and best practices. While there are many drivers to cloud adoption and the moniker has been coined "the journey to the cloud is more important than the arrival," actually preparing and migrating workloads is critical to success.

The cloud allows for more automation of a lot of historically manual tasks, which means that teams can increase the speed of application development, reducing the time to production. However, the tradeoff from cumbersome manual tasks for a speedy automated process does not necessarily equate to increased security or quality. For this, technology teams must carefully analyze and adopt the integration and automation approach for their stack, their core processes, and data storage to ensure the best possible stance post-migration.

Here are a few pro tips that I would suggest to teams looking to balance quality, speed, and security through the adoption of automation in a cloud architecture.

1. Migrate to Match Your Needs

Before you even take your first step on the path to the cloud, it is essential to consider what end goals you have in mind and what operating in the cloud is expected to look like. These goals should be easily measured, documented, and challenged at every step of your journey to ensure you remained focus and aligned with them. Get consensus from stakeholders and adjust for accuracy and alignment.

Misaligned expectations and lack of due diligence upfront are the leading causes of stalled migrations, which costs not only massive amounts of time but also lost revenue that the business could be making with the increased agility of the cloud.

2. Align Your Cloud Architecture and Development Processes with Governance Policies and Vice-Versa

Consider what compliance requirements you must maintain at every step of migration and operations thereafter. How does this impact your automation strategy now that it is in the cloud rather than elsewhere? These aspects must include conversations with your compliance and security teams, to be sure all the "i's" are dotted, and "t's" are crossed.

Gone are the days where you can simply wait for developers to build, pepper in some IAM, and through a moat around it and call it secure. The simple fact is that one line of nefarious code (as unintentional as it may be) can do far more damage than an attacker from the outside. Organizations must adopt a zero-trust posture by shifting security as far left into the engineering process as possible. This means not only looking at the security of the architecture but also the security of the development process itself and integrating Code Coverage and Code Quality into your CI/CD pipeline and toolchain.

This will also cause security teams to think about a holistic, platform-based approach to security to assure all layers of the platform are accounted for: infrastructure, application, data, security, policy, and pipeline.

3. Automate Wherever Possible

Discuss what tasks your engineering teams consider to be the most cumbersome in the development, testing, and delivery/deployment process, then find ways to automate those tasks wherever possible. If done properly, automation will not only save you time, it will also reduce risk and cost. However, if done incorrectly, it will increase the speed at which bad code and security exposures make their way to market.

Do not forget about tip #1 … make sure that your automation and CI/CD pipeline and toolchains are aligned to your governance and compliance standards. This alignment yields reduced technical debt and means less remediation work post-audit.

4. People & Process Come First, Then Technology

The journey to the cloud comes with many benefits. It also comes with many pitfalls and risks if not properly mapped out. The single biggest mistake that I see organizations make is jumping right to technology and architecture without considering the impact to people, the processes they follow, the impact on culture, and the likely detractors/resistors to success. Moving to the cloud takes what was historically a hardware requirement and shifted that to a software problem. Many could see this as a threat to their jobs and livelihood.

■ Why are we embarking on a cloud journey?

■ What is in it for me?

■ How will my job change as a result?

■ How will we measure success?

■ How do we ensure we do not make the same mistakes as others?

Technology leaders must, I repeat, must have these questions answered for their teams prior to embarking on a cloud journey. Not only will this minimize stall and increase risk and cost, this level of transparency also builds trust and creates a better culture and ultimately improves productivity.

Dustin Milberg is Field CTO Cloud Services at InterVision
Share this

Industry News

March 27, 2024

WaveMaker has updated its platform in response to customer demand for more sophisticated API and code management tools.

March 27, 2024

Vercara announced the launch of UltraAPI™, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance.

March 27, 2024

Legit Security announced the launch of its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline.

March 26, 2024

Progress announced a strategic partnership with Veeam® Software, the #1 leader by market share in Data Protection and Ransomware Recovery, to provide customers with an enterprise-ready cyber defense solution that strengthens the security of their business-critical data.

March 26, 2024

GitGuardian released its Software Composition Analysis (SCA) module.

March 26, 2024

DataStax announced a milestone in its journey to simplify enterprise retrieval-augmented generation (RAG) for developers by integrating with Microsoft Semantic Kernel.

March 25, 2024

Check Point® Software Technologies Ltd. is collaborating with NVIDIA to enhance the security of AI cloud infrastructure. Integrating NVIDIA BlueField DPUs, which feature a broad range of purpose-built, innovative security capabilities, the new Check Point AI Cloud Protect solution will help prevent threats at both the network and host levels.

March 25, 2024

Sentry announced the release of Autofix, an AI-powered feature to debug and fix code in minutes, saving important time and resources.

March 25, 2024

Apiiro announced a product integration and partnership with Secure Code Warrior, the agile developer security training platform, to extend its ASPM technology and processes to the people layer.

March 21, 2024

Progress announced that Progress® Semaphore™, its metadata management and semantic AI platform, was named a Champion in SoftwareReviews’ 2024 Metadata Management Emotional Footprint Awards.

March 21, 2024

The Cloud Native Computing Foundation® (CNCF®) has partnered with Udemy, an online skills marketplace and learning platform.

March 21, 2024

GitLab has acquired Oxeye, the provider of a cloud-native application security and risk management solution.

March 21, 2024

GitHub announced that code scanning autofix, powered by GitHub Copilot and CodeQL, is available in public beta for all GitHub Advanced Security (GHAS) customers.

March 21, 2024

NetApp is collaborating with NVIDIA to advance retrieval-augmented generation (RAG) for generative AI applications.

March 21, 2024

CalypsoAI launched the CalypsoAI Platform, an advanced SaaS-based security and enablement solution for generative AI applications within the enterprise.