DevOps Ten Years Later: We Still Have Work to Do
A reflection on some of the ways that DevOps can still be improved upon since it was established ten years ago.
Join the DZone community and get the full member experience.Join For Free
It's been ten years since a group of like-minded IT professionals met in Belgium for the first DevOpsDay. The idea was to get teams who historically didn't interact much to work together — Development and Operations — to improve the quality of software before it went into production.
In the intervening years, DevOps has gained wider — but not universal — acceptance as a means to produce higher quality software at a more rapid pace. But, as we enter the second decade of DevOps, there is still much work to do. Below are a few issues we need to tackle.
More Training is Required
DevOps is predicated on a lot of automation, so team training is needed to master all of the automation tools. Rapid release cycles, though, can be a shock to developers used to old-school development styles (pre-DevOps) that are still the primary approach in many organizations.
Add More Disciplines
The rapid pace of DevOps and agile release cycles often introduce more security bugs than the slower, siloed approaches they replace. Adding application security teams into the DevOps process may increase the learning curves/pains as most developers have little-to-no experience in application security (vulnerabilities, remediations, etc), but the end result will be fewer security issues.
DevOps Isn't a Universal Cure
Any application that is "pre-DevOps" or is a third-party app gains zero benefits from DevOps. In most large enterprises, so-called "brown-field" apps comprise approximately 80% of all apps, which means there's a big burning issue of how to manage pre-DevOps/third-party apps. Runtime-based solutions including RASP bring rapid-update/remediation benefits to these classes of apps in a DevOps-like way.
The compiler-based technology that Waratek has perfected allows patching, adding security rules, and even upgrading out-of-public support Java platforms in minutes, not months (or years). This eliminates the need for source code changes, production downtime, profiling, tuning, and the use of heuristics along with a lot of needless cost and performance issues.
The Future of DevOps
DevOps is clearly here to stay. New and future greenfield development efforts will be based on DevOps. AppSec will push further "left" into DevOps, in addition to embracing smart runtimes in production which can proactively improve apps in prod (whether that is for performance, uptime, or security concerns) with little-to-no developer involvement.
Published at DZone with permission of John Matthew Holt, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.