The 4 Capabilities You Need for Database DevOps Success
September 20, 2018

Matt Hilbert
Redgate Software

The latest Accelerate State of DevOps Report from DORA concludes that successful software delivery unlocks competitive advantages including "increased profitability, productivity, market share, customer satisfaction and the ability to achieve organizational and mission goals." The result of over five years of research with over 30,000 data points, it shows a direct correlation between DevOps and better business performance.

Importantly, it outlines how organizations can achieve those advantages by explaining the key technical practices which are essential to any successful technology transformation. For the first time in its long history, it also focuses on the importance of the database and shows that integrating it into DevOps avoids time-consuming, unprofitable delays that can derail the benefits DevOps otherwise brings.

It highlights four key practices that are essential to successful database DevOps:

1. Database change management

Today's fast-moving organizations are deploying updates to their database much more frequently than ever before. The 2018 State of Database DevOps Survey from Redgate found that over a third (35%) make changes either daily or more than once a week. If not handled as part of the DevOps flow, this can lead to bottlenecks in the process that prevent true DevOps.

Organizations therefore need to integrate database development into the software delivery process in order to drive continuous delivery, and adopt common tools across database and application development. This starts with strong communication and collaboration between development teams and includes changes being handled in the same way with, for example, database migration scripts version controlled like changes to the application.

2. Monitoring and observability

The proactive monitoring of applications and infrastructure is vital to being able to make informed decisions around DevOps. DORA defines monitoring tools as solutions that enable teams to watch and understand the state of their systems, based on gathering predefined sets of metrics. Observability is a newer category of tool that allows teams to actively debug their systems and to look at performance patterns that they've not defined in advance.

The research found that companies with monitoring and observability solutions were 1.3 times more likely to be in the leading group when it came to DevOps performance. Again, it is vital that organizations deploy solutions that provide them with the right metrics and enable them to proactively manage their database performance alongside the rest of their infrastructure. They need to adopt common indicators and link them to business SLAs in order to achieve a comprehensive picture of their entire infrastructure.

3. Continuous testing

Many organizations have adopted automated testing, using fast, reliable suites of automated tests that are primarily created and maintained by developers. Continuous testing goes further than this, bringing together developers and testers to work together, focusing on continually improving testing.

One key stumbling block to adopting continuous testing is around the data used in the process. To ensure that applications function correctly, developers prefer to use copies of production databases in their testing environments, but this leads to justifiable concerns around the privacy of personal data.

Continuous testing therefore needs to include data masking tools that anonymize sensitive information automatically, yet also make that masked data realistic and truly representative of the original in order to retain its referential integrity and distribution characteristics.

4. Shifting left on security

Compliance and security are now high level business issues for every organization. This is being driven by a combination of increased consumer concerns about how their data is collected and used and a greater risk of hacking and security breaches. 87% of those surveyed as part of the DORA report said they were subject to regulations like PCI DSS, HIPAA, or Sarbanes-Oxley, for example. With more legislation like the GDPR and the California Consumer Privacy Act coming into force to ensure the protection of personal data, this trend will only continue.

Clearly, security needs to be part of DevOps because the very nature of DevOps means security reviews which were previously at the end of the development process can no longer exist. Instead, teams need to shift left on security, ensuring that development practices factor in security from the start. This can include running tests to help discover security problems throughout the software development process, making it easy for teams to use pre-approved libraries, packages, and toolchains, and using static code analysis for database code as well as application code.

Summary

DevOps has come a long way since the first DORA report appeared five years ago, with its benefits now recognized across industries and companies of all sizes. At the same time, data has become the lifeblood of agile businesses. By bringing the two together and adopting DevOps for the database as well as the application, database changes will no longer slow teams down or cause problems during deployments.

Matt Hilbert is a Technology Writer at Redgate Software
Share this

Industry News

June 01, 2020

IT Revolution announced a full conference agenda for DevOps Enterprise Summit London, June 23-25, 2020.

June 01, 2020

Caltech CTME announced that Simplilearn, a global provider of digital skills training, will collaborate with CTME (Caltech's Center for Technology and Management Education) to offer a specialized Post Graduate Program in DevOps software engineering.

June 01, 2020

DevOps Institute, a global member-based association for advancing the human elements of DevOps, announced the introduction of its SKILup Playbook Library, a dynamic collective body of knowledge (cBok) that aligns thought leadership from industry experts with a set of dynamic, orchestrated artifacts, research and assets.

May 28, 2020

Docker has extended its strategic collaboration with Microsoft to simplify code to cloud application development for developers and development teams by more closely integrating with Azure Container Instances (ACI).

May 28, 2020

Eggplant announced updates to its Digital Automation Intelligence (DAI) platform.

May 28, 2020

Aptum launched its Managed DevOps Service in partnership with CloudOps, a cloud consulting and professional services company specializing in DevOps.

May 27, 2020

Red Hat announced an expansion of its application services portfolio with the addition of Quarkus as a fully supported framework in Red Hat Runtimes.

May 27, 2020

Couchbase has completed a $105 million all-equity Series G round of fundraising.

May 27, 2020

Aqua Security closed a Series D round of $30M led by Greenspring Associates.

May 26, 2020

GitLab is releasing 13.0 of its DevSecOps platform to enable organizations to efficiently adapt and respond to new and dynamic business challenges.

May 26, 2020

Solo.io announced the availability of the Istio Developer Portal to streamline the developer onboarding process for improved developer experience and increased productivity with added security features.

May 26, 2020

WhiteHat Security will offer free application scanning services to any education institution to support secure online learning.

May 21, 2020

Exadel announced the Grand Prize winner of the “Appery.io COVID-19 Virtual Hackathon.”

May 21, 2020

CloudBees announced significant advances for its Software Delivery Management (SDM) platform – integrations with additional continuous integration and continuous delivery (CI/CD) engines, including Google Cloud Build and Tekton, and extension of the availability of CloudBees’ SDM Preview Program.

May 21, 2020

OutSystems is announcing over 70 development accelerators that ensure web and mobile applications created on the OutSystems low-code development platform can comply with the highest accessibility standards and regulations.