The 4 Capabilities You Need for Database DevOps Success
September 20, 2018

Matt Hilbert
Redgate Software

The latest Accelerate State of DevOps Report from DORA concludes that successful software delivery unlocks competitive advantages including "increased profitability, productivity, market share, customer satisfaction and the ability to achieve organizational and mission goals." The result of over five years of research with over 30,000 data points, it shows a direct correlation between DevOps and better business performance.

Importantly, it outlines how organizations can achieve those advantages by explaining the key technical practices which are essential to any successful technology transformation. For the first time in its long history, it also focuses on the importance of the database and shows that integrating it into DevOps avoids time-consuming, unprofitable delays that can derail the benefits DevOps otherwise brings.

It highlights four key practices that are essential to successful database DevOps:

1. Database change management

Today's fast-moving organizations are deploying updates to their database much more frequently than ever before. The 2018 State of Database DevOps Survey from Redgate found that over a third (35%) make changes either daily or more than once a week. If not handled as part of the DevOps flow, this can lead to bottlenecks in the process that prevent true DevOps.

Organizations therefore need to integrate database development into the software delivery process in order to drive continuous delivery, and adopt common tools across database and application development. This starts with strong communication and collaboration between development teams and includes changes being handled in the same way with, for example, database migration scripts version controlled like changes to the application.

2. Monitoring and observability

The proactive monitoring of applications and infrastructure is vital to being able to make informed decisions around DevOps. DORA defines monitoring tools as solutions that enable teams to watch and understand the state of their systems, based on gathering predefined sets of metrics. Observability is a newer category of tool that allows teams to actively debug their systems and to look at performance patterns that they've not defined in advance.

The research found that companies with monitoring and observability solutions were 1.3 times more likely to be in the leading group when it came to DevOps performance. Again, it is vital that organizations deploy solutions that provide them with the right metrics and enable them to proactively manage their database performance alongside the rest of their infrastructure. They need to adopt common indicators and link them to business SLAs in order to achieve a comprehensive picture of their entire infrastructure.

3. Continuous testing

Many organizations have adopted automated testing, using fast, reliable suites of automated tests that are primarily created and maintained by developers. Continuous testing goes further than this, bringing together developers and testers to work together, focusing on continually improving testing.

One key stumbling block to adopting continuous testing is around the data used in the process. To ensure that applications function correctly, developers prefer to use copies of production databases in their testing environments, but this leads to justifiable concerns around the privacy of personal data.

Continuous testing therefore needs to include data masking tools that anonymize sensitive information automatically, yet also make that masked data realistic and truly representative of the original in order to retain its referential integrity and distribution characteristics.

4. Shifting left on security

Compliance and security are now high level business issues for every organization. This is being driven by a combination of increased consumer concerns about how their data is collected and used and a greater risk of hacking and security breaches. 87% of those surveyed as part of the DORA report said they were subject to regulations like PCI DSS, HIPAA, or Sarbanes-Oxley, for example. With more legislation like the GDPR and the California Consumer Privacy Act coming into force to ensure the protection of personal data, this trend will only continue.

Clearly, security needs to be part of DevOps because the very nature of DevOps means security reviews which were previously at the end of the development process can no longer exist. Instead, teams need to shift left on security, ensuring that development practices factor in security from the start. This can include running tests to help discover security problems throughout the software development process, making it easy for teams to use pre-approved libraries, packages, and toolchains, and using static code analysis for database code as well as application code.

Summary

DevOps has come a long way since the first DORA report appeared five years ago, with its benefits now recognized across industries and companies of all sizes. At the same time, data has become the lifeblood of agile businesses. By bringing the two together and adopting DevOps for the database as well as the application, database changes will no longer slow teams down or cause problems during deployments.

Matt Hilbert is a Technology Writer at Redgate Software
Share this

Industry News

May 21, 2025

Red Hat announced jointly-engineered, integrated and supported images for Red Hat Enterprise Linux across Amazon Web Services (AWS), Google Cloud and Microsoft Azure.

May 21, 2025

Komodor announced the integration of the Komodor platform with Internal Developer Portals (IDPs), starting with built-in support for Backstage and Port.

May 21, 2025

Operant AI announced Woodpecker, an open-source, automated red teaming engine, that will make advanced security testing accessible to organizations of all sizes.

May 21, 2025

As part of Summer '25 Edition, Shopify is rolling out new tools and features designed specifically for developers.

May 21, 2025

Lenses.io announced the release of a suite of AI agents that can radically improve developer productivity.

May 20, 2025

Google unveiled a significant wave of advancements designed to supercharge how developers build and scale AI applications – from early-stage experimentation right through to large-scale deployment.

May 20, 2025

Red Hat announced Red Hat Advanced Developer Suite, a new addition to Red Hat OpenShift, the hybrid cloud application platform powered by Kubernetes, designed to improve developer productivity and application security with enhancements to speed the adoption of Red Hat AI technologies.

May 20, 2025

Perforce Software announced Perforce Intelligence, a blueprint to embed AI across its product lines and connect its AI with platforms and tools across the DevOps lifecycle.

May 20, 2025

CloudBees announced CloudBees Unify, a strategic leap forward in how enterprises manage software delivery at scale, shifting from offering standalone DevOps tools to delivering a comprehensive, modular solution for today’s most complex, hybrid software environments.

May 20, 2025

Azul and JetBrains announced a strategic technical collaboration to enhance the runtime performance and scalability of web and server-side Kotlin applications.

May 19, 2025

Docker, Inc.® announced Docker Hardened Images (DHI), a curated catalog of security-hardened, enterprise-grade container images designed to meet today’s toughest software supply chain challenges.

May 19, 2025

GitHub announced that GitHub Copilot now includes an asynchronous coding agent, embedded directly in GitHub and accessible from VS Code—creating a powerful Agentic DevOps loop across coding environments.

May 19, 2025

Red Hat announced its integration with the newly announced NVIDIA Enterprise AI Factory validated design, helping to power a new wave of agentic AI innovation.

May 19, 2025

JFrog announced the integration of its foundational DevSecOps tools with the NVIDIA Enterprise AI Factory validated design.

May 15, 2025

GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.