The DevOps Changes You Might Not Have Expected
May 20, 2020

Valerie Silverthorne
GitLab

In all the talk about DevOps tools and technologies, it is easy to forget this methodology is also about fundamental change. And change is afoot.

In May, nearly 3,700 people from 21 countries told GitLab about their DevOps journeys. They shared spectacular successes like continuous deployments and faster release times and equally impressive problems in areas like testing and security.

Respondents shared that their roles are changing dramatically, no matter where they sit in the organization. The lines surrounding the traditional definitions of dev, sec, ops and test have blurred, and as we enter the second half of 2020 (and a completely altered economic landscape) it is perhaps more important than ever for companies to understand how these roles are evolving.

Of course, your mileage may vary — over 70% of respondents came from companies with 1,000employees or fewer, meaning they're likely nimble and not legacy-laden. That said, their experiences represent a targeted look into what the future of DevOps may be, and for that reason, it's worth hearing what they had to say.

The Multi-Faceted Developer

We asked developers to tell us in their own words how things are changing:

"Developers are now deploying at will whereas earlier deployments had to be planned and scheduled outside business hours."

"Automated testing and continuous integration have made our deployments safer and more optimized. Now everyone in the team has the permission to deploy the code."

"A ticket that had to go to 7 departments to [get to] ‘button press' went from 6 weeks to 2 hours."

Devs are certainly more ops-involved than ever before. Fully 35% of developers told us they define and/or create the infrastructure their app runs on. An additional 14% reported actually monitoring and responding to that infrastructure — all roles traditionally held by ops. Over 18% instrument their code for production monitoring, while 12% serve as an escalation point when there are incidents.

Devs are also doing more testing, though they're the first to say there can never be enough testing. And for many, security has shifted left ... in some cases right into their laps. Just over 28% of developers said they feel solely responsible for security. That's a pretty astonishing percentage.

Security Has a Seat at the Table

Almost two-thirds of respondents (65%) said security in their organizations has actually shifted left. One way that's manifested itself is that security pros, long the lone wolves of the SDLC, are beginning to be team players. Almost 28% said they're part of a cross-functional team focused on security, while 27% said they were more "hands on" and involved in day to day development processes. And just over 22% said they were more focused on compliance.

In their words:

"(Security) is becoming less focused into silo positions and more of a Jack of all trades role."

"We don't have separate security, developers and operations; we are DevSecOps (and more)."

Ops Steps Back and Looks Forward

If there's one place where process changes, tech changes and cultural changes seem to collide, it's operations. In fact, over 60% of them told us their roles have changed substantially because of DevOps.

Their observations:

"It's 60% new project work and 40% operations/fire-fighting/developer support."

"We keep the lights on."

"Anything between dev and ops. From planning to deployment but not monitoring and maintaining apps in production."

What do those new responsibilities look like? Today 42% see their role as primarily managing hardware and infrastructure, while 52% say their first priority is managing cloud services. And ops takes security seriously: 21% feel they're solely responsible for it.

Testing as a Team Sport

There's no way around it: testing is a challenge and for the second year in the row gets the largest share of the blame for delayed releases (47% pointed squarely at test).

But this role is evolving too, and it's most decidedly not disappearing, despite the inroads made by test automation. Almost 60% said their teams are the same size they were last year.

And, in a change from the past, 33% of testers said they had closer collaboration with developers than in the past, thanks to DevOps. About 17% said dev and test work as a team to test "as close to real time as possible," and about 9% said they practice test-driven development (TDD). DevOps has helped 16% of testers feel they have a more visible seat at the table and 15% are now able to do more testing that matters rather than repetitive busy work.

Overall 75% of testers say their organizations have shifted test left.

As they shared:

"We have to write less paper and tickets and have faster reaction times."

"We're all the same — dev team is the ops team."

"We're starting to see light at the end of the tunnel."

The Takeaway

We know change is hard, but DevOps is hard too. While it's impossible to say what the future holds, especially now, spending time looking at how your DevOps practice can adjust to changing roles and responsibilities likely won't be a waste of time. We're doing it ourselves right now, with "efficiency" and "agility" projects underway. The voices in our survey were excited and enthusiastic about the changes, so we'd better be prepared for the ride.

Valerie Silverthorne is Senior Content Editor at GitLab
Share this

Industry News

October 22, 2020

Puppet announced Puppet Comply, a new product built to work with Puppet Enterprise aimed at assessing, remediating, and enforcing infrastructure configuration compliance policies at scale across traditional and cloud environments.

October 22, 2020

Harness announced two new modules: Continuous Integration Enterprise and Continuous Features.

October 22, 2020

Render announced automatic preview environments which are essential for rapid and collaborative development of modern applications.

October 21, 2020

Conducto is launching a toolkit for simplifying complex CI/CD and data science pipelines, having raised $3 million in seed funding led by Jump Capital.

October 21, 2020

Snyk Intel vulnerability database will be integrated into IBM Cloud security capabilities to enhance security for enterprise workloads.

October 21, 2020

Accurics announced $20 million across seed and series A financing raised in the past six months, with Intel Capital leading the Series A and ClearSky leading the seed.

October 20, 2020

Splunk announced the Splunk Observability Suite, the most comprehensive and powerful combination of monitoring, investigation, and troubleshooting solutions designed to help organizations become cloud-ready and accelerate their digital transformation.

October 20, 2020

Tricentis announced Vision AI, the core technology that will now power Tosca.

October 20, 2020

MuseDev has extended its code analysis platform to deliver bug reports via Github's code scanning UI.

October 20, 2020

Digital Shadows announced the ability to detect exposed access keys.

October 19, 2020

StackRox and Robin.io announced a new partnership bringing together Robin’s application-focused approach to Kubernetes data management with StackRox’s Kubernetes-native security and compliance capabilities.

October 19, 2020

PubNub announced new Chat UI Kits to streamline chat development.

October 19, 2020

Secure Code Warrior announced support for GitHub’s new code scanning functionality in conjunction with a new collaboration with Snyk.

October 15, 2020

Couchbase announced version 2.8 of Couchbase Lite and Couchbase Sync Gateway for mobile and edge computing applications.

October 15, 2020

Kong unveiled the private beta release of Kong Konnect, a full-stack platform for cloud native applications delivered as a service.