Have you ever felt that your Development teams and IT Operations teams are completely disconnected? Development are focused on product delivery with a view to release as quickly as feasibly possible to enable early feedback. Whereas IT Operations are focused on maintaining a stable secure and reliable platform for the end user. This generates conflicts and inefficiency and is often referred to as the wall of confusion.
DevOps removes this barrier by aligning the Development and IT Operations people, roles, processes, pace and tooling towards a common and shared business objective. This enables your organisation to fully leverage the benefits of Agile software development by allowing for fast and responsive, yet stable operations to be kept in sync with the pace of innovation coming out of the development process.
Many Agile adoptions do not involve the IT Operations teams which inherently impacts the ability to increase the cadence of the end-to-end delivery value stream.
Without the support of IT Operations, the Agile development teams are able to speed the development process but are restricted in their ability to deliver it to production any faster. DevOps extends the Agile values and practices to the IT Operations world, including infrastructure and environment provisioning, security and compliance, configuration, deployment and the monitoring of both the product and the pipeline.
But DevOps is more than just putting Developers and Operations around the table in one team. DevOps can be best represented using the principles of the Three Ways, in which all DevOps behaviours and patterns can be derived (Credit to Gene Kim for this simplistic model!)
1. Understand and increase flow
The first way enables fast flow from left to right, meaning from design through the development process to production support. What this means in practice is leveraging the principles and practices of continuous integration, build, deployment, testing and monitoring to best enable flow through the value stream.
2. Short and contant feedback loops
The second way promotes fast and constant flow of feedback from right to left at all stages of the delivery value stream. Identifying problems and fixing them early in the delivery pipeline is critical, as we well know, defects found in production are 100 x more costly than those found within the Design phase (As described by IBM in the cost of delay for production incidences graph below).
Cost of Delay for Production Incidences (IBM)
3. Continuous learning and experimentation
The third way refers to the Agile philosophy of Empiricism. Creating a culture and approach to experimentation and risk-taking in order to learn from successes and failures. This approach should be disciplined and scientific, fact-based, experience-based and evidenced-based to transform local discoveries into organisational learnings, in a bid to build a relentless improvement culture underpinned with Psychological Safety and Servant Leadership.
So what is DevOps?
It is a way of working which balances an increase in the IT service delivery speed whilst ensuring an increase in quality produced by using a set of practices, mindset shift and tooling to automate and improve the end-to-end delivery lifecycle. DevOps emphasizes people and culture to improve collaboration between development and operations as well as other IT stakeholders such as architecture and information security.
As a consulting firm delivering sustainable change exclusively within the financial services industry, we understand the strongly regulated environment and high security standards to comply with during each steps of the development lifecycle. This is where DevSecOps comes into play! Put simply, DevSecOps is a movement whereby we put security at the forefront of the DevOps movement to deliver secure applications at high velocity with regulatory compliance and within acceptable risk tolerances for the organisation. Instead of inspecting security into our product at the end of the process, security controls are integrated into the daily work of Development and Operations making security everyone’s responsibility. This work will be automated as part of the development lifecycle. This is referred to as shifting left, embedding security practices at each step of the development lifecycle with the objective to drive their implementation earlier within the team.
In our next blog, we will delve into more detail on what it really means to put security first.
At ::projective we have been helping Banks, Financial Institutions and Payment Market Infrastructure in starting their DevSecOps journey and achieving the benefits of DevOps. If you would like to chat about a challenge, raise a question about our article or know more about how we can support than please drop us a line at DevOps@Projectivegroup.com.