The DevOps Changes You Might Not Have Expected
May 20, 2020

Valerie Silverthorne
GitLab

In all the talk about DevOps tools and technologies, it is easy to forget this methodology is also about fundamental change. And change is afoot.

In May, nearly 3,700 people from 21 countries told GitLab about their DevOps journeys. They shared spectacular successes like continuous deployments and faster release times and equally impressive problems in areas like testing and security.

Respondents shared that their roles are changing dramatically, no matter where they sit in the organization. The lines surrounding the traditional definitions of dev, sec, ops and test have blurred, and as we enter the second half of 2020 (and a completely altered economic landscape) it is perhaps more important than ever for companies to understand how these roles are evolving.

Of course, your mileage may vary — over 70% of respondents came from companies with 1,000employees or fewer, meaning they're likely nimble and not legacy-laden. That said, their experiences represent a targeted look into what the future of DevOps may be, and for that reason, it's worth hearing what they had to say.

The Multi-Faceted Developer

We asked developers to tell us in their own words how things are changing:

"Developers are now deploying at will whereas earlier deployments had to be planned and scheduled outside business hours."

"Automated testing and continuous integration have made our deployments safer and more optimized. Now everyone in the team has the permission to deploy the code."

"A ticket that had to go to 7 departments to [get to] ‘button press' went from 6 weeks to 2 hours."

Devs are certainly more ops-involved than ever before. Fully 35% of developers told us they define and/or create the infrastructure their app runs on. An additional 14% reported actually monitoring and responding to that infrastructure — all roles traditionally held by ops. Over 18% instrument their code for production monitoring, while 12% serve as an escalation point when there are incidents.

Devs are also doing more testing, though they're the first to say there can never be enough testing. And for many, security has shifted left ... in some cases right into their laps. Just over 28% of developers said they feel solely responsible for security. That's a pretty astonishing percentage.

Security Has a Seat at the Table

Almost two-thirds of respondents (65%) said security in their organizations has actually shifted left. One way that's manifested itself is that security pros, long the lone wolves of the SDLC, are beginning to be team players. Almost 28% said they're part of a cross-functional team focused on security, while 27% said they were more "hands on" and involved in day to day development processes. And just over 22% said they were more focused on compliance.

In their words:

"(Security) is becoming less focused into silo positions and more of a Jack of all trades role."

"We don't have separate security, developers and operations; we are DevSecOps (and more)."

Ops Steps Back and Looks Forward

If there's one place where process changes, tech changes and cultural changes seem to collide, it's operations. In fact, over 60% of them told us their roles have changed substantially because of DevOps.

Their observations:

"It's 60% new project work and 40% operations/fire-fighting/developer support."

"We keep the lights on."

"Anything between dev and ops. From planning to deployment but not monitoring and maintaining apps in production."

What do those new responsibilities look like? Today 42% see their role as primarily managing hardware and infrastructure, while 52% say their first priority is managing cloud services. And ops takes security seriously: 21% feel they're solely responsible for it.

Testing as a Team Sport

There's no way around it: testing is a challenge and for the second year in the row gets the largest share of the blame for delayed releases (47% pointed squarely at test).

But this role is evolving too, and it's most decidedly not disappearing, despite the inroads made by test automation. Almost 60% said their teams are the same size they were last year.

And, in a change from the past, 33% of testers said they had closer collaboration with developers than in the past, thanks to DevOps. About 17% said dev and test work as a team to test "as close to real time as possible," and about 9% said they practice test-driven development (TDD). DevOps has helped 16% of testers feel they have a more visible seat at the table and 15% are now able to do more testing that matters rather than repetitive busy work.

Overall 75% of testers say their organizations have shifted test left.

As they shared:

"We have to write less paper and tickets and have faster reaction times."

"We're all the same — dev team is the ops team."

"We're starting to see light at the end of the tunnel."

The Takeaway

We know change is hard, but DevOps is hard too. While it's impossible to say what the future holds, especially now, spending time looking at how your DevOps practice can adjust to changing roles and responsibilities likely won't be a waste of time. We're doing it ourselves right now, with "efficiency" and "agility" projects underway. The voices in our survey were excited and enthusiastic about the changes, so we'd better be prepared for the ride.

Valerie Silverthorne is Senior Content Editor at GitLab
Share this

Industry News

December 06, 2022

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of Argo, which will join other graduated projects such as Kubernetes, Prometheus, and Envoy.

December 06, 2022

Wib announced API PenTesting-as-a-Service (PTaaS) designed to help organizations proactively cover the latest PCI-DSS 4.0 mandates for testing application security, APIs, and vulnerabilities in Business Logic.

December 05, 2022

Harness announced Harness Cluster Orchestrator to allow customers to optimize their Kubernetes cloud workload costs and realize up to 90% cloud cost savings with Amazon Elastic Compute Cloud (Amazon EC2) Spot instances from Amazon Web Services (AWS).

December 01, 2022

Salesforce introduced a new Automation Everywhere Bundle to accelerate end-to-end workflow orchestration, automate across any system, and embed data and AI-driven workflows anywhere.

December 01, 2022

Weaveworks announced that Flux, the original GitOps project, has graduated in the Cloud Native Computing Foundation (CNCF®).

December 01, 2022

Tigera announced enhancements to its cluster mesh capabilities for managing multi-cluster environments with Calico.

December 01, 2022

CloudBees achieved the Amazon Web Service (AWS) Service Ready Program for Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances.

November 30, 2022

GitLab announced the limited availability of GitLab Dedicated, a new way to use GitLab - as a single-tenant software as a service (SaaS) solution.

November 30, 2022

Red Hat announced an expansion of its open solutions publicly available in AWS Marketplace.

November 30, 2022

Sisense announced the availability of the Sisense CI/CD Git integration module.

November 29, 2022

Codenotary announced TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code.

November 29, 2022

Code Intelligence announced its open-source Command-Line Interface (CLI) tool, CI Fuzz CLI, now allows Java developers to easily incorporate fuzz testing into their existing JUnit setup in order to find functional bugs and security vulnerabilities at scale.

November 29, 2022

Parasoft announced the 2022.2 release of Parasoft C/C++test with support for MISRA C:2012 Amendment 3 and a draft version of MISRA C++ 202x.

November 28, 2022

Kasm Technologies announced the release of Kasm Workspaces v1.12, providing major enhancements to its portfolio of digital workspaces delivering Desktop as a Service (DaaS), Virtualized Desktop Infrastructure (VDI), Remote Browser Isolation (RBI), Open-Source Intelligence Collection (OSINT), Training/Sandboxes, and Containerized Application Streaming (CAS).

November 28, 2022

Cloud4C has achieved Amazon Web Services (AWS) DevOps Competency status.