Posted 1/21/2016 8:02:16 AM by STUART PARKERSON, Publisher Emeritus
We recently visited with Michael Madden, CA Technologies General Manager - DevOps, to tap into his expertise and insight into how companies can realize the full potential of adopting a DevOps Mentality.
ADM: What is the difference between DevOpsSec, Secure DevOps and Rugged DevOps?
Madden: There are many definitions around each of these movements, but fundamentally they’re pretty similar. Essentially they involve ensuring that security practices are established early in the software pipeline to increase cybersecurity, but without compromising DevOps speed and agility goals. One of the major benefits of DevOps is that input is gained earlier, with feedback loops established to increase quality – so it makes perfect sense to involve security.
Of course many would argue that the speed goals of DevOps conflict with a safety-first posture of security, but I believe these goals are in complete alignment. By including information security professionals and expertise within product teams rather than late in the development cycle, DevOps provides an opportunity to better align security with business goals. Also, and through regular exposure to security practices, it becomes an established element of everyday development and testing; it’s baked in.
With DevOps gaining momentum, it’s great to see that security becoming part of the dialog through the contributions of these movements. For example, an entire track at the 2015 US RSA conference was dedicated to DevSecOps and I expect to see more valuable discussion on using DevOps to harden security.
ADM: What are the benefits to adopting DevOps across an organization?
Madden: Basically, I believe the benefits of adopting DevOps across an organization nets down to three things – increased market agility, improved quality, and more effective talent. By breaking down silos between people, functions and knowledge, software products can be created far more fluidly, deployment rates accelerated, and quality improved – for the organization as a whole this means both faster time-to-market and value.
Also, I would stress that speed and quality benefits are not mutually exclusive – this became even more apparent to me when I read a new global study – Assembling the DevOps Jigsaw. This report illustrated that advanced DevOps adopters when compared to non-adopters were 3.4 times more likely to have seen progress on market share, and were twice as likely to have seen a positive impact on revenue. They were also 2 times plus more likely to have seen improvements in customer acquisition and retention - key indicators of quality!
I also believe an important, but often understated benefit of DevOps, is how it helps shifts the business culture from command-and-control to being more generative. By removing process and technology constraints that discourage experimentation, fostering a blameless culture and by sharing risks, companies can build a highly productive workforce – one that directly impacts business performance
ADM: What elements are essential for DevOps success?
Madden: A successful DevOps program requires three interwoven elements. First up is a well-defined strategy and set of objectives, which reflect business priorities and desired outcomes. It’s essential therefore that business stakeholders are included in DevOps programs right from the outset. It’s also important to involve and educate them on key principles.
Secondly, it’s essential to build a highly skilled and collaborative IT team. Training may be needed on new automation techniques and cross-functional skills, with processes established to support more seamless workflow, collaboration and information feedback. Also, never underestimate the difficulty in solving ingrained cultural issues, like an “it’s not broken, so why fix it” mindset and departmental turf wars.
Finally, there are the technology enablers, controls and measures. Despite the fact that both development and operations have implemented more modern technologies and methods – such as agile, containerization and microservice style architectures, there is still work to be done automating the entire software pipeline, choosing the right set of suppliers and services, and as I’ve said increasing resilience by using DevOps itself to bake security and compliance into an ever evolving software-driven business fabric.
ADM: What does adoption of DevOps look like across organizations?
Madden: DevOps adoption will be different for many organizations. Of course, the engineering-driven businesses like Amazon, Netflix and Etsy are led by top IT people who instinctively understand and apply DevOps principles; it’s second nature to them. In other organizations where IT has been traditionally viewed as a cost center or where the appetite for risk is lower, gaining acceptance and funding will be more difficult.
This is especially true for any business regardless of industry, who’ve yet to acknowledge the mission-criticality of digital speed and flexibility, or where the major benefits are well beyond current capabilities and maturity. This probably explains why many organizations have adopted a ‘bottoms up’ IT approach to implementation. This is all fine, but without effective business stakeholder engagement, priorities can easily become misaligned and existing rigidity quickly derail all the collaborative DevOps goodness.
But regardless of business, faster deployments, increased efficiency and a move towards experimentation can completely transform any organization. This has even been acknowledged in the public sector where speed, flexibility and innovation are often seen to lag business. Here for example, some governments have introduced new departments, like the Digital Transformation Office in Australia, to help drive initiatives across government agencies. They’ve become the DevOps, agile and lean guiderails if you like; helping identify where citizen-centric improvements are needed and assisting with system redesign.
ADM: How can companies start the process of moving to a more mature DevOps mentality?
Madden: The worst way to start the process is by setting up a dedicated DevOps team. Companies who go down this path, and I’ve see it a number of times, risk introducing yet another technology outlier. In my opinion, the first place to start with DevOps is to take a business-led approach; creating a vision that transcends well beyond technology stewardship. This might sound like motherhood and apple-pie, but it really comes down to one simple thing – getting everyone to “fall in love” with the same business problems.
The next thing to address are the limitations of your current organizational structure. For some years now, mature companies have understood the association between organizational models and applications and have structured themselves around the business outcomes – not by discrete technology function. This for example, involves building smaller, cross-functional agile teams who’re afforded the autonomy to work on smaller change tolerant components, but are guided by program level objectives.
Lean thinking is another way to increase maturity. This involves visualizing the flow of value to your customers and identifying every element of waste across the software pipeline. Waste is anything that reduces the value of services in the eyes of the customer, so should be systematically eliminated. This can involve everything from preventing software defects by removing constraints during development and testing, reducing wait times by fully automating releases, or re-architecting any existing bottleneck processes.
ADM: Have we fully realized the potential of DevOps?
Madden: I honestly think we’ve only just started to scratch the surface. Over the next few years I believe that DevOps will become part of every organization – it’s that critical. I also believe that in order to realize its full potential, it’ll become the catalyst for change across the entire organization; bridging functions well beyond development and operations.
As I’ve mentioned, this will include security and risk management, but it’ll also shape other organizational practices too. For example, DevOps could help transform the HR function into one that uses DevOps feedback to continually enrich the talent pool, or the finance function by building fluid funding models and expense allocation methods to increase agility and extract more value from software innovations.
ADM: How can adopting DevOps assist companies undergoing a digital transformation?
Madden: When I’m talking to customers, it’s apparent to me that companies looking to adopt DevOps are usually looking for much more than just better collaboration across development and operations teams. Of course, IT might start here and realize some immediate speed and quality benefits, but any business usually has a broader digital transformation agenda in play – like customer-centricity, disrupting markets and competition with new business models – this is why DevOps as a catalyst for shortening time-to-market and time-to-value becomes so important
It’s important therefore to align DevOps initiatives with the transformation agenda. That way you move beyond driving short-term tactical IT improvements to fully aligning behind, optimizing and even steering the digital business strategy. This alignment is also important because it better positions the business to leverage DevOps more broadly across the entire organization.
Read More http://www.ca.com/us/lpg/devops-portfolio-b.aspx?i...