The Puppet State of DevOps Report has become a much anticipated event, with many of you asking us over the past few months when the next one will be published. Looking back on the past five years, it’s amazing to see how many organizations have adopted DevOps practices and are getting real results. We hear stories from our customers all the time about how DevOps is transforming not just their business, but also their lives. We’re so grateful to everyone (all 4,600 of you) who shared your experience in this year’s survey. Thanks to you, we have some incredible findings to share, so let’s get to it.
Every year, we look at IT performance to see how high-performing organizations compare to the rest of our sample population. This year, we found that high performers are accelerating away from the pack in terms of throughput. They deploy 200 times more frequently, which means deploying multiple times per day on demand, versus just a few times per year. High performers also have 2,555 times faster lead times, which means they can deploy a change in less than one hour compared to once every few months. We found that the high performers also continue to maintain high levels of stability — they have a three times lower change failure rate and recover from failures 24 times faster.
Throughput and stability matter, because when you’re able to deploy more frequently, you can experiment more and deliver value to customers faster. Instead of having one or two chances per year to get it right, you have multiple opportunities to validate your ideas, gather customer feedback, learn, and improve. By speeding up your delivery, you can increase your rate of learning.
Speed without stability causes other problems, though: Websites and other services break, disappointing customers, suppliers and fellow employees. However, as we’ve shown year after year, moving faster doesn’t have to come at the expense of stability, reliability, security, or quality. In fact, DevOps practices — for example, version control for all production artifacts, deployment automation, and automated testing — actually predict IT performance, which in turn predicts organizational performance.
By segmenting survey responses according to whether respondents' organizations are high, medium or low performers, we've been able to compare these groups across different dimensions to see whether their attitudes, behaviors, and practices are substantially different from each other. For example, we wondered if high performers had higher employee engagement, and learned that yes, they were 2.2 times more likely to recommend their organization to a friend as a great place to work, compared to low performers. Everyone wants to be part of a winning team, and those who do feel their teams are winning tend to be more engaged and loyal. Other studies have shown that employee engagement correlates with better business outcomes, such as higher customer engagement, revenue growth, and stock market performance.
A big focus of this year’s report was looking at the entire product development lifecycle, starting with the initial product or feature idea, and extending all the way to the customer, where that idea can deliver value. We found that when product teams take a lean-manufacturing approach to product design and delivery — decomposing features into small batches, making the flow of work visible throughout the delivery process, and using customer feedback to inform product design — both IT performance and organizational culture improve.
Another key idea that DevOps borrows from the lean movement is “shifting left,” or identifying and fixing defects early on, rather than inspecting quality at the end. By shifting quality to the left, you’re able to detect problems earlier when it’s much cheaper and easier to fix them. This in turn leads to less unplanned work and rework later on. We found that high performers spend 22 percent less time on unplanned work and rework than low performers, and as a result, they’re able to spend 29 percent more of their time on new, value-adding work. That's a great investment of team time.
Quality isn’t the only thing shifting left. DevSecOps, rugged DevOps, or whatever you want to call it, is all about integrating security early and often throughout the software development lifecycle. That means treating security concerns as a design constraint, getting continuous feedback from the security team, and building security requirements into the automated testing suite. We found that high performers spend 50 percent less time remediating security issues than low performers, because they integrate security testing and controls into the daily work of development, QA and operations.
We’d like to thank our partner, DevOps Research and Assessment (DORA), as well as our awesome sponsors: Atlassian, Automic, CA Technologies, Hewlett Packard Enterprise, IT Revolution, Splunk, and ThoughtWorks.
We’re all very excited to finally be able to share the 2016 State of DevOps Report with you. Check out a sneak peak at our 2016 State of DevOps Report infographic below, and click on the image to be taken to the full infographic for more quick stats. Don't miss the the full report, though — it's jam-packed with ideas and inspiration for launching DevOps in your own workplace.
Nigel Kersten is CIO at Puppet. Alanna Brown is a senior product marketing manager at Puppet.