The genesis of DevOps comes from the need to break down the silos and get better ownership of the delivered product and better collaboration across teams. It entails two major components of the business space - Development and Operations. Typically, DevOps is the practice of the development and operations teams working together from the start of the software development lifecycle (SDLC) and through deployment and operations. This is done to increase the organization's speed of delivery as well as have better ownership (and corresponding, better quality) of the final product. DevOps enables enterprises to serve their customers in a better manner with continuous delivery and an enhanced quality of deliverables.
To enhance their approaches to cyber and other risks, forward-thinking organizations are embedding security, privacy, policy, and controls into their DevOps culture, processes, and tools. As the DevSecOps trend gains momentum, more companies will likely make threat modeling, risk assessment, and security-task automation foundational components of product development initiatives, from ideation to iteration to launch to operations. DevSecOps fundamentally transforms cyber and risk management from being compliance-based activities--typically undertaken late in the development life cycle--into essential framing mindsets across the product journey. Moreover, DevSecOps codifies policies and best practices into tools and underlying platforms, enabling security to become a shared responsibility of the entire IT organization. DevOps tactics and tools are dramatically changing the way IT organizations innovate. And in the midst of this transformation, IT leaders are finding that longstanding approaches for integrating security into new products are not keeping pace with high-velocity, continuous delivery software development. Indeed, in the DevOps arena, traditional "bolt-on" security techniques and manual controls that are reliant on legacy practices are often perceived as impediments to speed, transparency, and overall security effectiveness. In a growing trend, some companies have begun embedding security culture, practices, and tools into each phase of their DevOps pipelines, an approach known as DevSecOps.
One of the essential goals of DevOps methodology is to establish a more concise approach to software delivery, especially in continuous integration/continuous deployment (CI/CD) environments. As organizations explore this approach, additional elements such as security have been introduced to streamline the cycle. It means developers may have to learn to wear several more hats, especially as some experts look to ways DevOps will continue to mature in 2021. Many organizations have already moved beyond the initial discovery of learning about and implementing DevOps, says Daniel Betts, senior research director with Gartner, and are now looking at how they can scale their success with the methodology across the enterprise. There are also organizations that may have attempted to adopt DevOps, but need to reset and try again, as well as those who have yet to give it a go, he says.
This article is a post in a series on bringing continuous integration and deployment (CI/CD) practices to machine learning. Check back to The New Stack for future installments. With orchestration and monitoring playing such key roles in DevOps, the emerging trend of using artificial intelligence (AI) to support and even automate operations roles by delivering real-time insights about what's happening in your infrastructure seems an obvious fit. DevOps is about improving agility and flexibility; AIOps should be able to help by automating the path from development to production, predicting the effect of deployment on production and automatically responding to changes in how the production environment is performing. That's especially true as trends like microservices, hybrid cloud, edge computing and IoT increase the complexity of app infrastructures -- and the number of logs that you might have to look at to find the root cause of an issue, and the number of people who need to be in a conference call or chat room tracking down what's gone wrong and how to fix it.
If you lead an IT, DevOps, or business operations team, you're probably working on a digital transformation and cloud migration strategy. You're also likely doing it with scarce resources under the strain of shifting market needs and accelerated customer demands. The applications and services that enable these experiences are built on multicloud environments that promise faster innovation and better business outcomes. But these dynamic environments also bring a scale, complexity, and frequency of change that have grown beyond humans' capacity to manage. The common approaches to monitoring these environments to build applications, optimize performance, and run operations are no longer effective.