The 4 Capabilities You Need for Database DevOps Success
September 20, 2018

Matt Hilbert
Redgate Software

The latest Accelerate State of DevOps Report from DORA concludes that successful software delivery unlocks competitive advantages including "increased profitability, productivity, market share, customer satisfaction and the ability to achieve organizational and mission goals." The result of over five years of research with over 30,000 data points, it shows a direct correlation between DevOps and better business performance.

Importantly, it outlines how organizations can achieve those advantages by explaining the key technical practices which are essential to any successful technology transformation. For the first time in its long history, it also focuses on the importance of the database and shows that integrating it into DevOps avoids time-consuming, unprofitable delays that can derail the benefits DevOps otherwise brings.

It highlights four key practices that are essential to successful database DevOps:

1. Database change management

Today's fast-moving organizations are deploying updates to their database much more frequently than ever before. The 2018 State of Database DevOps Survey from Redgate found that over a third (35%) make changes either daily or more than once a week. If not handled as part of the DevOps flow, this can lead to bottlenecks in the process that prevent true DevOps.

Organizations therefore need to integrate database development into the software delivery process in order to drive continuous delivery, and adopt common tools across database and application development. This starts with strong communication and collaboration between development teams and includes changes being handled in the same way with, for example, database migration scripts version controlled like changes to the application.

2. Monitoring and observability

The proactive monitoring of applications and infrastructure is vital to being able to make informed decisions around DevOps. DORA defines monitoring tools as solutions that enable teams to watch and understand the state of their systems, based on gathering predefined sets of metrics. Observability is a newer category of tool that allows teams to actively debug their systems and to look at performance patterns that they've not defined in advance.

The research found that companies with monitoring and observability solutions were 1.3 times more likely to be in the leading group when it came to DevOps performance. Again, it is vital that organizations deploy solutions that provide them with the right metrics and enable them to proactively manage their database performance alongside the rest of their infrastructure. They need to adopt common indicators and link them to business SLAs in order to achieve a comprehensive picture of their entire infrastructure.

3. Continuous testing

Many organizations have adopted automated testing, using fast, reliable suites of automated tests that are primarily created and maintained by developers. Continuous testing goes further than this, bringing together developers and testers to work together, focusing on continually improving testing.

One key stumbling block to adopting continuous testing is around the data used in the process. To ensure that applications function correctly, developers prefer to use copies of production databases in their testing environments, but this leads to justifiable concerns around the privacy of personal data.

Continuous testing therefore needs to include data masking tools that anonymize sensitive information automatically, yet also make that masked data realistic and truly representative of the original in order to retain its referential integrity and distribution characteristics.

4. Shifting left on security

Compliance and security are now high level business issues for every organization. This is being driven by a combination of increased consumer concerns about how their data is collected and used and a greater risk of hacking and security breaches. 87% of those surveyed as part of the DORA report said they were subject to regulations like PCI DSS, HIPAA, or Sarbanes-Oxley, for example. With more legislation like the GDPR and the California Consumer Privacy Act coming into force to ensure the protection of personal data, this trend will only continue.

Clearly, security needs to be part of DevOps because the very nature of DevOps means security reviews which were previously at the end of the development process can no longer exist. Instead, teams need to shift left on security, ensuring that development practices factor in security from the start. This can include running tests to help discover security problems throughout the software development process, making it easy for teams to use pre-approved libraries, packages, and toolchains, and using static code analysis for database code as well as application code.

Summary

DevOps has come a long way since the first DORA report appeared five years ago, with its benefits now recognized across industries and companies of all sizes. At the same time, data has become the lifeblood of agile businesses. By bringing the two together and adopting DevOps for the database as well as the application, database changes will no longer slow teams down or cause problems during deployments.

Matt Hilbert is a Technology Writer at Redgate Software
Share this

Industry News

October 21, 2020

Conducto is launching a toolkit for simplifying complex CI/CD and data science pipelines, having raised $3 million in seed funding led by Jump Capital.

October 21, 2020

Snyk Intel vulnerability database will be integrated into IBM Cloud security capabilities to enhance security for enterprise workloads.

October 21, 2020

Accurics announced $20 million across seed and series A financing raised in the past six months, with Intel Capital leading the Series A and ClearSky leading the seed.

October 20, 2020

Splunk announced the Splunk Observability Suite, the most comprehensive and powerful combination of monitoring, investigation, and troubleshooting solutions designed to help organizations become cloud-ready and accelerate their digital transformation.

October 20, 2020

Tricentis announced Vision AI, the core technology that will now power Tosca.

October 20, 2020

MuseDev has extended its code analysis platform to deliver bug reports via Github's code scanning UI.

October 20, 2020

Digital Shadows announced the ability to detect exposed access keys.

October 19, 2020

StackRox and Robin.io announced a new partnership bringing together Robin’s application-focused approach to Kubernetes data management with StackRox’s Kubernetes-native security and compliance capabilities.

October 19, 2020

PubNub announced new Chat UI Kits to streamline chat development.

October 19, 2020

Secure Code Warrior announced support for GitHub’s new code scanning functionality in conjunction with a new collaboration with Snyk.

October 15, 2020

Couchbase announced version 2.8 of Couchbase Lite and Couchbase Sync Gateway for mobile and edge computing applications.

October 15, 2020

Kong unveiled the private beta release of Kong Konnect, a full-stack platform for cloud native applications delivered as a service.

October 15, 2020

Sonatype unveiled the Advanced Development Pack.

October 14, 2020

JFrog announced the general availability of a free subscription of its universal, hybrid and multi-cloud DevOps Platform, including industry-leading DevSecOps capabilities offered at no cost.

October 14, 2020

ServiceNow  announced four new external DevOps integrations with Continuous Improvement/Continues Delivery (CI/CD) toolsets.