Shift Left and Shift Right to Truly Extract DevOps’ Might

DZone 's Guide to

Shift Left and Shift Right to Truly Extract DevOps’ Might

This article outlines the processes of shifting left and shifting right, and how they can be major components of a DevOps process.

· DevOps Zone ·
Free Resource

The process of creating good software is more like a game of soccer. While on one hand, you have a team of individuals with different skills and specialties (right/left/center fullbacks, midfielder, defender, goalkeeper)  trying to score the most number of goals; on the other hand, you have another heterogeneous group (Developer, Tester, Security Engineer and Operations) trying to create the most number of user-centric, ultra-responsive applications while ensuring supreme quality.

But while the “beautiful game” has always been a pleasure to watch and follow (more owing to the coordination, communication, understanding displayed by the heterogeneous set by way of deft touches and clever passing game), the game of creating software seldom saw such teamwork before the onset of a philosophy called DevOps.

Currently, DevOps is in its 12th year and as per Gartner, around 70% of the IT organizations are focused on the DevOps discipline but only about 26% of them have adopted it in its true sense.

Renowned software architects and DevOps practitioners Len Bass, Ingo Weber and Liming Zhu describe DevOps as “A set of practices that helps reduce the time between committing a change to a system and committing the change into normal production – all the while ensuring high quality.”

And quite unnervingly, it is this high-quality aspect that most organizations either overlook or simply fail to measure up.

The Hangover from the Waterfall

Not long ago (before the advent of Agile Approach in the early 2000’s), organizations that created software followed a very linear approach, which moved systematically from left to right. The process blindly glided through like water from a fall and there was no looking back on the process until the software got tested by the QA during “pre-release” and a bug got identified at that point. And once identified, the ball got passed on to the developers’ court for rework, rejig and re-rollout which only got vetted by the testers at the very end of the process.

Imagine this as a soccer game where the positions are not able to see each other’s move and at the very end when the ball reaches the forward position in a misplaced manner, there is somebody from the opposition ready to push back the ball into the team’s defense. Imagine how unsynchronic this game would be. How non-fluid, boring and mostly unproductive too !

Waterfall process

But this was possible because there were hardly 1 or 2 releases a year. Times have changed and so has the need to “shift gears”.

Thus, Arrived DevOps

Cometh the 21st century, heralded the internet economy, where agility is the name of the game and multiple releases per month, week and even day has become the mantra of successful companies. Amazon engineers deploy code every 11.7 seconds on an average. Be it Netflix, Target, Walmart, Facebook or Twitter; these organizations have changed the face of the software game by adopting DevOps, by bring Developers and Operations together and bridging the gaps of waterfall by keeping testers and security personnel at every step of the process.

No longer is there a wall separating the players, no longer are their moves unseen, no longer they operate in silos. Character, Collaboration and Community flourish in true colors and as a result, the code that gets deployed and the software that gets generated has customer satisfaction written all over it.    

Welcome to the world of DevOps where the defender can play the role of a forward too and a midfielder can be a darn good defender. This is a team where each knows the other and together, they produce good software.

But as discussed earlier, hardly 26% of the organizations are really being able to reap the ROI from DevOps. What is preventing them from harnessing the DevOps capabilities holistically?

Lack of continuous testing and the relegation of security to the final stage of the software life cycle impedes the majority of organizations to leverage the most of it.

In fact, many organizations find continuous testing and embedded security as an impediment to their “Time to Market” and “Code Deployment Rate” objectives and hence sideline it or bring it only as an afterthought, more like a tick-mark exercise.

Consequently, they do reach the market faster but only with buggy software. Hence, for organizations to truly leverage DevOps, DevTestOps and DevSecOps become increasingly important. Just like passing the ball and assessing the field, while time-consuming, only increase the chance of scoring goals in the game of soccer.

Continuous Testing and Imbued Security

Shift Left and Shift Right to Truly Extract Maximum DevOps RoI

Shifting Left and Shifting Right entails moving testing and security across the length and breadth of the software development life cycle. Keeping testing and security active in every step of the software game is the only way to win the game in the most “cost-optimized manner”.

Shift Left 

This means tester and security engineer is involved right from systems analysis phase and unless they approve the output of a particular phase, things don’t move to the next phase. This process minimizes the probability of future code failure and continuous security (DevSecOps) reduces the vulnerability of the code by introducing security processes and protocols throughout the development cycle.

Following the footsteps of successful unicorns such as Lemonade, Facebook, Netflix etc., many organizations are beginning to adopt “Test Driven Development” (TDD), an inside out approach where the developer writes an automated test case and then writes the necessary code to pass that test.

Likewise, some organizations are also adopting “Behavior Driven Development” (BDD), an outside in approach which combines the general principles of TDD with ideas from domain-driven design to provide software development and operations teams with shared tools and processes to collaborate.

DevTestOps involves a combination of exploratory testing (check systems on the fly), manual testing, and TDD.

Shift Right

In an Agile Delivery ecosystem, it may not be feasible to test everything before releasing code into production. Also, it is equally important to take into consideration real-world users and their application usage experiences to transform them into future test cases or give a feedback to the developer team so that they can incorporate some learning into their next code.

Shift right facilitates testing in a post-production environment by undertaking requirements validation based on real user journeys, deriving performance test scenarios, A/B testing and canary testing to understand customer vibes and crowd testing to better appreciate real-world experiences constitute a part of shift right testing.


Organizations have now realized that DevOps minus continuous testing and embedded security is simply a faster route to produce patchy software. That is why DevTestOps and DevSecOps are the buzz words in the industry today.

As the continuous delivery pipeline becomes hyper-automated, this automation is very capable of introducing vulnerabilities and compromising on code quality in the quest to speed up time to deployment. It is here that the principles of DevSecOps, TDD and BDD along with appropriate post-production testing will stand as effective deterrents and balance out speed with quality for a superior CX, CSAT and true DevOps ROI.

devops 2020, devops adoption, devops approach, devsecops, devtestops

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}