How to Start DevOps or DevSecOps in your Organization

0

Is your organization starting to face issues related to delay in moving software changes into production due to build failures, environment-related failures, collaboration related issues between dev, QA, security professionals? Is your organization starting to face stiff competition from startups and other competitors due to delay in moving new features to customers in a faster manner? Is your organization looking to serve the customers in a faster manner with new features and bug fixes? If these are some of your concerns, you may want to start considering the adoption of DevOps or DevSecOps principles in your software development lifecycle.

In this post, you would learn about some of the following topics in relation to getting started with DevOps initiatives in your organization:

  • What is DevOps…DevSecOps?
  • Steps for DevOps implementation
  • Hiring for DevOps

What is DevOps…DevSecOps?

DevOps is NOT a product. DevOps is NOT a technology. DevOps is NOT a team. DevOps is NOT a person.

DevOps or DevSecOps can be defined as a philosophy for software development with the primary goal as reducing mean-time-to-change (MTTC) and mean-time-to-recovery (MTTR) for moving new features or bug fixes into production for incorporating customers’ feedback in the faster manner. As the primary goal is to reduce MTTC and MTTR and enhance the frequency of releases to gather customer feedback in a faster manner, DevOps implementation could be achieved using some of the following:

  • Ad-Hoc Automation-related Implementations: Automation of following phases/milestones of software development lifecycle. All of the below would impact positively on reducing MTTC and MTTR.
    • Build
    • Test (Unit tests, integration tests, security tests)
    • Deployment
    • Environment provisioning
  • Team, Culture & KPIs Alignment: Alignment of teams and related culture to have developers, QA professionals, IT/OPs professionals, and Security professionals form part of the product team. Thus, the agile product teams get transformed to include IT/Ops and Security staff members and inclusion of tasks in sprints for both security and IT/Ops staff members. The primary goal for the whole team from DevOps or DevSecOps perspective is to ensure that software changes and bug fixes should be taken faster to the customer. And, the DevOps or DevSecOps KPIs (Key Performance Indicators) of the product teams can be measured in form of the time taken to deliver software changes and bug fixes in the production. The following diagram represents the alignment aspect:

    Agile Vs DevOps vs DevSecOps

  • Continuous Delivery: Continuous delivery of software using some of the following:
    • Automation: Automation of different phases of SDLC as mentioned in the above point.
    • Application Architecture Alignment: Alignment of application architecture to have a greater number of modular components/services; Microservices styled architecture is one of the popular choices
    • Technologies Alignment: Adoption of technologies which could be used to achieve continuous delivery of software changes across different environments in local premises or in cloud infrastructure.
    • People Alignment: Teams are trained appropriately to adapt to work with each other to achieve common goals related to the reduction of MTTC, MTTR and greater frequency of releases.

Steps for DevOps Implementation

The following diagram represents the Steps for DevOps implementation:

devops or devsecops implementation journey

The following represents some of the steps one could take to get started with DevOps initiative for his/her organization.

  • First & Foremost, DevOps…DevSecOps Goals Setting: Agree and align on enterprise-wide DevOps/DevSecOps goals. Stakeholders across the enterprise must understand and agree on DevOps or DevSecOps goals. They must understand that DevSecOps is a software development philosophy with one of the primary goals as the reduction of mean-time-to-change (MTTC) and mean-time-to-recovery (MTTR) for moving new features or bug fixes into production for incorporating customers’ feedback in the faster manner. This is why we speak about terminologies such as continuous delivery and continuous deployment when we speak of DevOps. Note that MTTC is the time taken to move the product features from idea inception stage to production. MTTR is the time taken to move the production bugs fixes back into the production. DevOps success depends a lot on the realization of this fact and appropriately putting strategies and related plans in place to align the existing software development processes (include Dev + Ops work together) rather than creating a separate team for DevOps. As a matter of fact, DevOps could be achieved with Agile methodologies wherein both developers and Ops staff work together. In that relation, as DONE in the world of Agile is defined as creating a software which could be demonstrated at the end of the sprint, DONE in the world of Agile + DevOps Philosophy could be termed as creating a software which could be demonstrated in the environment resembling production, at the end of the sprint.
    • One another key point to understand is that just putting Dev + Ops may not result in DevOps success. It is also about altering application landscape appropriately such that they could be delivered based on the continuous delivery model. This is where an AS-IS assessment exercise is needed which is discussed in the following section.
  • AS-IS Assessment: Perform AS-IS assessment for some of the following:
    • Development methodologies across different teams
    • Application & technology landscape across different product lines
    • Governance & related processes
    • People expertise
  • Gaps Analysis: Identify the gaps in all of the above fronts which could come in the way of DevOps implementation/rollout
  • DevOps Maturity Model for the Enterprise: Create enterprise DevOps maturity model covering the TO-BE state of enterprise at different levels of DevOps maturity model realization for the organization
  • DevOps Implementation Roadmap: Create a DevOps implementation project roadmap covering some of the following aspects:
    • People
    • Process
    • Governance and
    • Technology
  • DevOps Implementation Plan: Create a DevOps implementation plan across different teams and also enterprise-wide
  • Implement & Govern: Roll out the DevOps with one or two teams, check the progress at regular intervals, align the implementation plan appropriately. Once lessons learned, plan the enterprise-wide rollout and execute as per the plan.

Hiring for DevOps

Many times, it is found that one believes that the way to get started with DevOps is hiring a DevOps expert. To an extent, that is correct. You would surely need a person who understands the nuances of DevOps and would help you achieve the DevOps goals. This person should be hired at the leadership level. However, you do not require to set up an independent DevOps team. All you require is to have a couple of guys in IT/OPs and security team to form part of product teams for DevOps or DevSecOps implementation.

References

Summary

In this post, you learned about different aspects related to kick-starting the DevOps or DevSecOps initiative in one’s organization. It must be understood that DevOps or DevSecOps is not a product, technology, team or people. It is a paradigm shift in the way software is developed and delivered in production. It is all about aligning product teams by including OPs and security staff to achieve the goal of delivering software in faster manners. The success of DevOps or DevSecOps depends upon the readiness of the organization to align people, software development processes, technologies, applications and governance processes. Also, it can’t be done within a few months. For medium-to-large size organization, this is not less than a year-long initiative. Please feel free to share your ideas, thoughts or suggestions and point out any key points that I may have missed. Also, sorry for typos.

Ajitesh Kumar

Ajitesh Kumar

Ajitesh has been recently working in the area of AI and machine learning. Currently, his research area includes Safe & Quality AI. In addition, he is also passionate about various different technologies including programming languages such as Java/JEE, Javascript and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data etc.

He has also authored the book, Building Web Apps with Spring 5 and Angular.
Ajitesh Kumar

Leave A Reply

Time limit is exhausted. Please reload the CAPTCHA.