Devops could be the latest and greatest buzzword, but it could also mean big and important changes - for the better- at many organizations in how applications are built and deployed.
The idea of devops is to better streamline the work of developers and operation professionals. This integrated approach, in theory, will allow developers to build applications faster and operators to launch them quicker and with fewer errors. It’s juxtaposed to an idea of a separate development and operations organizations; when these groups act in silos, problems are more likely to arise (developers build an app one way and ops folks need to deploy it another way). “It’s really a philosophy, an approach,” says Andi Mann, VP of products, strategy and marketing at CA Technologies, who is a leading thinker on the devops movement. “The core of devops is about development and operations working together well.”
So how does a devops strategy actually take hold in an organization? Mann has a handful of strategies for those looking to pursue devops:
+MORE AT NETWORK WORLD: Superclass: 14 of the world’s best living programmers +
Get top-line support
It can be tough for an individual developer or operations pro to institute organizational change. So, it’s imperative to get buy-in from the higher ups. There has to be a willingness by someone to implement a change within an organization, and according to research by CA (take that with a grain of salt, since it’s a vendor-sponsored survey), only 13% of IT leaders and managers were undecided or against a devops strategy; the rest were at least open to the idea, or already pursuing it. For developers and operators to both be swayed into making changes, they need to see that this is an initiative supported by the organization as a whole.
But how do IT staff actually get buy-in? “Understand your management’s goals,” Mann says. What are your company’s goals and what are your CIOs goals? Find ways to align your strategy with those. Look for MBO (management by objectives) and KPI (key performance indicators) that your boss looks at and develop a strategy that accomplishes those. Perhaps a goal is cost savings, maybe it is faster development cycles, or maybe it’s developing for mobile.
Don’t go all in
“Don’t try to bite it off all at once,” Mann says. Let’s say you do get the buy-in from higher-ups, great, but that doesn’t mean the work is done. One common way IT projects fail is that they start off too big. Start small, that way your chances of actually getting something done are higher. Identify small areas where developers and operators can work more closely together.
So how do you start down this path? It could be tough - the reason devops can be such a big change is that developers and operators typically work separately. Devops is about bringing them together, but there is a reason there have been silos: These experts are pros in their respective areas. The key to a devops approach, says Perficient IT consultant JP Morgenthal, is to get these two groups focusing on a common goal, such as improving agility. “The trick is not to come in and create a cultural revolution and try to get everyone in the organization to sing Kumbaya,” he says. “It doesn’t work that way across a 2,000 or 3,000 person IT shop.” But, he says groups can rally around a focal point that everyone can contribute to, such as eliminating inefficiency and improving speed. Find specific problems that are preventing the change from happening and fix those. Perhaps devops could be used for new, cutting-edge initiatives within the organization, not as a replacement for the core development efforts. Identify two or three big-picture, overarching goals that everyone can aim for, then there’s a more likely chance to show tangible results. Start small and grow.
+MORE AT NETWORK WORLD: Why ‘123456’ is a great password +
Devops as security’s savior
Change is hard, especially in a large organization. So, understand what your company’s tolerance for change and risk is, and keep that in perspective when developing a strategy, Mann suggests. If security is of utmost concern, then address that head on in the beginning.
Perhaps security could be that focal point for uniting developers and operators too. Some have even argued that devops could be security’s savior. A devops strategy could be a perfect opportunity to ensure that security best practices are implemented at the onset of the application development process.
How is security actually implemented in a devops approach? Colin McNamara, director of cloud practice and chief cloud architect at IT consultancy Nexus, says the traditional application development process involves security teams acting as a glorified quality assurance group, testing the app after it’s been built and before it is deployed in production. He argues that’s too late. Devops installs a process of rapid development, testing, and deployment. Parts of that testing can now include security. “It’s brings QA from the end of the process to the beginning of the process,” McNamara says.
In a more traditional silo-based application development approach, security can be overlooked. If developers don’t write it into the code and operators don’t take account for it when launching the app, security never gets addressed. Devops is a fresh start for application development, and an opportunity to address security concerns from the beginning of the process. And that’s important because if you don’t address the risk and mitigate for it, Mann says “you’re setting yourself up to fail.”