OpenText launched the latest version of ValueEdge -- an innovative modular, cloud-based DevOps and value stream management (VSM) platform.
DevOps is not something you are or do, rather it describes what you are and how you do it. Put differently, it is not a verb or a noun; it is an adjective. Think of it like this: you cannot "do healthy" or be "healthy." You can however become healthy by eating better and exercising. The healthier your choices and the more disciplined you are, the healthier you become.
The behaviors, values, and discipline of a team will define its culture. The same is true of a DevOps culture; the health and success of yours will be predicated on the way people organize around the work, the adoption of a shared accountability mindset, and the instrumentation of supporting processes and technology to support it.
With so many organizations building cloud strategies, and most of them already have made some progress in that journey, it is important not to overlook key areas that require attention following a cloud migration, such as the adoption of a healthy DevOps culture through the instrumentation of behaviors and best practices. While there are many drivers to cloud adoption and the moniker has been coined "the journey to the cloud is more important than the arrival," actually preparing and migrating workloads is critical to success.
The cloud allows for more automation of a lot of historically manual tasks, which means that teams can increase the speed of application development, reducing the time to production. However, the tradeoff from cumbersome manual tasks for a speedy automated process does not necessarily equate to increased security or quality. For this, technology teams must carefully analyze and adopt the integration and automation approach for their stack, their core processes, and data storage to ensure the best possible stance post-migration.
Here are a few pro tips that I would suggest to teams looking to balance quality, speed, and security through the adoption of automation in a cloud architecture.
1. Migrate to Match Your Needs
Before you even take your first step on the path to the cloud, it is essential to consider what end goals you have in mind and what operating in the cloud is expected to look like. These goals should be easily measured, documented, and challenged at every step of your journey to ensure you remained focus and aligned with them. Get consensus from stakeholders and adjust for accuracy and alignment.
Misaligned expectations and lack of due diligence upfront are the leading causes of stalled migrations, which costs not only massive amounts of time but also lost revenue that the business could be making with the increased agility of the cloud.
2. Align Your Cloud Architecture and Development Processes with Governance Policies and Vice-Versa
Consider what compliance requirements you must maintain at every step of migration and operations thereafter. How does this impact your automation strategy now that it is in the cloud rather than elsewhere? These aspects must include conversations with your compliance and security teams, to be sure all the "i's" are dotted, and "t's" are crossed.
Gone are the days where you can simply wait for developers to build, pepper in some IAM, and through a moat around it and call it secure. The simple fact is that one line of nefarious code (as unintentional as it may be) can do far more damage than an attacker from the outside. Organizations must adopt a zero-trust posture by shifting security as far left into the engineering process as possible. This means not only looking at the security of the architecture but also the security of the development process itself and integrating Code Coverage and Code Quality into your CI/CD pipeline and toolchain.
This will also cause security teams to think about a holistic, platform-based approach to security to assure all layers of the platform are accounted for: infrastructure, application, data, security, policy, and pipeline.
3. Automate Wherever Possible
Discuss what tasks your engineering teams consider to be the most cumbersome in the development, testing, and delivery/deployment process, then find ways to automate those tasks wherever possible. If done properly, automation will not only save you time, it will also reduce risk and cost. However, if done incorrectly, it will increase the speed at which bad code and security exposures make their way to market.
Do not forget about tip #1 … make sure that your automation and CI/CD pipeline and toolchains are aligned to your governance and compliance standards. This alignment yields reduced technical debt and means less remediation work post-audit.
4. People & Process Come First, Then Technology
The journey to the cloud comes with many benefits. It also comes with many pitfalls and risks if not properly mapped out. The single biggest mistake that I see organizations make is jumping right to technology and architecture without considering the impact to people, the processes they follow, the impact on culture, and the likely detractors/resistors to success. Moving to the cloud takes what was historically a hardware requirement and shifted that to a software problem. Many could see this as a threat to their jobs and livelihood.
■ Why are we embarking on a cloud journey?
■ What is in it for me?
■ How will my job change as a result?
■ How will we measure success?
■ How do we ensure we do not make the same mistakes as others?
Technology leaders must, I repeat, must have these questions answered for their teams prior to embarking on a cloud journey. Not only will this minimize stall and increase risk and cost, this level of transparency also builds trust and creates a better culture and ultimately improves productivity.
Industry News
Oracle announced the availability of Java 20, the latest version of the programming language and development platform.
Rafay Systems introduced Environment Manager, a solution that empowers enterprise platform teams to improve the developer experience by delivering self-service capabilities for provisioning full-stack environments.
To meet the growing demand for Oracle Container Engine for Kubernetes (OKE) with global organizations, Oracle Cloud Infrastructure (OCI) is introducing new capabilities that can boost the reliability and efficiency of large-scale Kubernetes environments while simplifying operations and reducing costs.
Perforce Software joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program and listed its free Enhanced Studio Pack (ESP) in AWS Marketplace.
Aembit, an identity platform that lets DevOps and Security teams discover, manage, enforce, and audit access between federated workloads, announced its official launch alongside $16.6M in seed financing from cybersecurity specialist investors Ballistic Ventures and Ten Eleven Ventures.
Hyland released Alfresco Content Services 7.0 – a cloud-native content services platform, optimized for content model flexibility and performance at scale.
CAST AI has announced the closing of a $20M investment round.
Check Point® Software Technologies introduced Infinity Global Services, an all-encompassing security solution that will empower organizations of all sizes to fortify their systems, from cloud to network to endpoint.
OpsCruise's Kubernetes and Cloud Service observability platform is certified to run on the Red Hat OpenShift Kubernetes platform.
DataOps.live released an update to the DataOps.live platform, delivering productivity for data teams.
CoreStack and Zensar announced a strategic global partnership. CoreStack will provide its AI-powered NextGen cloud governance and FinOps capabilities, complementing Zensar’s composable cloud operations offering.
Delinea introduced the Delinea Platform, a cloud-native foundation for Delinea's PAM solutions that empowers end-to-end visibility, dynamic privilege controls, and adaptive security.
Sysdig announced a new foundation that will serve as the long-term custodian of the Wireshark open source project.
Talend announced the latest update to Talend Data Fabric, its end-to-end platform for data discovery, transformation, governance, and sharing.