The introduction of DevOps has had a profound effect on developers and the IT industry, completely changing mindsets with concepts like continuous integration and continuous delivery now much more commonplace. Over the last few years, DevOps has matured, becoming more mainstream and widely adopted, and this has led to a gradual evolution of the approach. During this time, DevOps has highlighted the need for organisations to be more agile, encouraging many to do so, and it has demonstrated the potential to revolutionise enterprise IT. There are several reasons for DevOps’ growing popularity, importantly it allows organisations to capture all processes in an auditable and replicable way. In addition to this, it adapts quickly, which makes the cost of change low, allows businesses to add cross-functionality collaborations, which often involves different teams working together, and results in working at a much higher speed. Thanks to a similar evolution within the cloud world, more intelligent tools have started to become available too. This is enabling developers to follow up DevOps processes with more discipline and is increasing efficiency.
The emergence of DevSecOps
Until recently the issue of security was one aspect of DevOps that had been largely overlooked. This is due to there often being an underlying pressure for new solutions to be created and deployed quickly and the inclusion of security during the development stage tends to hinder speed. Consequently, security had commonly been retrofitted after a build – an approach that makes the process more difficult. As developers and organisations have begun to realise that this isn’t the most security-conscious or optimal method, some are starting to integrate security into DevOps from the outset. This evolution has led to the emergence of DevSecOps. This approach allows developers to alleviate any security issues at the time of development, rather than retrospectively. A further benefit of adopting DevSecOps is that it helps to break down siloes within businesses. By adding security into the picture, there will be greater collaboration across teams, ensuring all the relevant expertise is being shared. As DevSecOps begins to be adopted more widely, organisations must consider two key elements in order to make a success of it:
Enterprises must first adopt the right mindset and understand that security is a transformative power in the development of solutions. As part of this, it’s essential to encourage collaboration across the business. Traditionally, developers have been focused solely on aspects such as logic and algorithms, with security factoring only as an afterthought. If they are to adopt a DevSecOps approach, it’s crucial they involve security experts from the very beginning and that the different parties collaborate on the development of solutions. Instrumental to this is embracing a collaborative culture which recognises that input from individuals within the business with different expertise is required for DevSecOps to be effective. By adopting a culture that encourages collaboration, organisations will be able to create secure, stable, resilient solutions which will pay dividends.
Secondly, a vital principle of DevSecOps is to continually review security. This means compliance monitoring for PCI and GDPR, determining what the process is if security senses a threat and deciding how the business will assess if code is susceptible to a particular vulnerability. In order to do this successfully, it’s important for an organisation to establish a review process from the moment it thinks about architecting a new solution. From here, it can move to ongoing monitoring and management of security as the code progresses through every stage, from the developer desk to the building of the solution and the testing of it. It’s also crucial to ensure developers are given security training and are taught to be aware of security throughout the development journey.
What’s next for DevOps?
DevOps is expected to continue to grow in popularity, as demonstrated by IDC’s forecast that the worldwide DevOps software tools market will reach $15 billion in 2023 compared to $5.2 billion in 2018. Alongside this, the advent of DevSecOps signals a continued evolution of DevOps, however, there are two main theories regarding what this could mean in the future:
Firstly, some predict that the future of DevOps lies in NoOps. This is the idea that solutions will feature everything they are required to, such as code standards, security, libraries and legislation protocols, from the outset and everything will be completely automated. Technically, as everything would be automated within the software provisioning pipeline, there would be no need for manual, human-based operations, instead, they will be required to merely monitor and raise questions as they verify the software. As everything would automatically meet a certain standard, this could potentially guarantee a higher level of security and resilience.
The second school of thought is that rather than DevOps disappearing completely, different types of Ops may emerge. For example, Ops could be augmented by machine learning (ML), or MLOps could be developed to form a machine learning-driven operation that would be able to certify the standards that organisations want software to be written with and even flag issues with it. An MLOps approach would allow organisations to create repeatable workflows, in which changes are automatic and streamlined, and it could also have a significant impact on meeting regulatory compliance. This is due to MLOps potentially allowing models to be reproduced in compliance and accordance with original standards. As with DevSecOps, MLOps would require the removal of siloes and greater collaboration across businesses with developers and IT professionals needing to come together with data scientists in order for MLOps to be truly effective.
As shown by the arrival of DevSecOps, DevOps has potential far beyond its current form. In the coming years as organisations become more familiar with it and technology continues to advance at pace, the evolution of DevOps is likely to continue. This will result in DevOps beginning to encompass new technologies, such as ML, and the wide range of processes involved in building a new solution. Eventually, this will bring together all of the requirements of development, increase collaboration within organisations and ensure new solutions meet required standards and security from the outset without delaying deployment.
Luca Ravazzolo, Product Manager, InterSystems