DevOps Trends 2019: Our Top Five Predictions for the Year

DevOps transformations have made major headway among enterprises in the past few years and will continue to be extensive, and 2019 is predicted to be a crucial time for leaders to plan for and implement it across industries. Among senior executives, there is growing acknowledgement of the fact that the role of DevOps is evolving — from driving marginal efficiency in isolated projects to being a catalyst for innovation and disruption as part of an widespread enterprise trend. New estimates from IDC suggest that the DevOps software market will grow from its 2017 results of $2.9 billion to $6.6 billion in 2022. So, what are the emerging technologies and techniques that will spur this growth? We have pulled together our predictions of the trends that will drive DevOps in 2019. Here are our top picks:

AI-accelerated DevOps will start making inroads

AI is poised to have a big impact on DevOps and transform how teams develop, deliver, deploy, and manage applications. Experts believe AI techniques have the potential to make the DevOps pipeline smarter, with the ability to predict the impact and risk of deployments, spot procedural bottlenecks and identify automation shortcuts. AI-based predictive analytics will allow for easier understanding of where problems arise in continuous integration (CI) or continuous development (CD), and enable better acting on data collected from customers, leading to greater efficiencies in operational capacity planning and better pre-deployment fault prediction. For example, if processed in the right way, application performance metrics can not only identify when a server is down but also help with automated decision-making to enable decisive action. This trend will also accelerate enhanced collaboration between application developers and data scientists for creation of AI-enhanced solutions. According to Gartner, by the year 2022 at least 40% of new development projects will have AI co-developers on their team.

Containerization will not be novel anymore

Growing adoption of DevOps and multi-cloud architecture is going to give rise to greater use of container-related technologies across large enterprises. The application container segment will scale to $2.7 billion by 2020, according to a forecast by 451 Research. An increase in the scale of software development and deployment will also lead to an increase in the size and complexity of container production clusters, and orchestration tools will be in high demand as an effective means to dealing with complexities associated with infrastructure. Kubernetes has already exploded onto the scene as the fastest growing container orchestration technology. As a demonstration of Kubernetes’ dominance, Docker has begun incorporating Kubernetes into its enterprise products, while still investing in its own orchestration tool, Swarm. Around the world, many CIO’s and technologists have already adopted Kubernetes and it will continue to play a big role in making containers mainstream in the coming year.  

Functions-as-a-Service (FaaS) will take off

As more and more technology professionals become comfortable in using containers in the production stage, we can expect a spike in the adoption of FaaS (Functions-as-a-Service) — also referred to as Serverless computing. This will eliminate the need for businesses to pay for the redundant use of servers. Instead of having an application run on a server, you can run it directly from the cloud — allowing you to choose when to use it and pay for it, per task – thereby making it event driven. In other words, you just pay for the compute time you consume — there is no charge when your code is not running! Amazon’s AWS Lambda has already emerged as the biggest and best-known example of serverless computing. The other providers include Google Cloud Functions, Microsoft Azure Functions, IBM etc. A recent survey by the Cloud Foundry Foundation — a nonprofit that oversees an open source platform and is a collaborative project of the Linux Foundation — revealed that 22% are already using serverless technology and nearly 50% are evaluating it. 

DevSecOps will become a priority

Part and parcel with the enterprise scale-up of DevOps is the growing acceptance that security and compliance must be seamlessly integrated into DevOps transformations if they’re to succeed. The way we do computing from cloud to microservices to serverless, has completely shifted the roots of software engineering. The network we knew, no longer exists and the security industry needs to constantly keep up with an evolving attack surface.

In the 2018 DevSecOps Community Survey, approximately 33% of respondents blame application layer vulnerabilities for security breaches. Since the application is the new entry point for attackers, organizations will need to adopt a programmatic approach to application security that starts with injecting security thinking as early as possible into the software development lifecycle — what is commonly referred to as DevSecOps. 2019 will see a widespread adoption of DevSecOps across enterprises, as the acceptance of its core principles reaches a critical mass in the hearts and minds of many in IT. Mainstream DevOps will start treating security as code, and development and security teams will work hand in hand across multiple points in DevOps workflows in a way that is largely transparent, and preserves the teamwork, agility and speed of DevOps and agile environments.

Automation will remain key

There is a growing realization that in order to amplify responsiveness, operational resilience, and faster time-to-market throughout the software delivery lifecycle, you need to synergistically link up development with IT operations through the use of automation. We are hearing more and more users and vendors talk about the need to apply automation across all stages of the DevOps cycle. This will remain the main goal to strive for in 2019 — a necessity irrespective of how far the DevOps transition has progressed. Scaling automation in highly complex ecosystems will be particularly tricky, and organizations will need to conduct a complete audit of development and operations environments to create a base level of situational awareness. From there, they can look into the lifecycle of software delivery — everything from the initial commitment to the auto-build to testing, beta and release – and identify what resources can be provisioned and deployed as code.

The changes we’re going to see in 2019 will pave the way for making many of these advancements more universally acceptable. And that, to us, is something to get very excited about. There are potentially huge gains to be had, but it is also important to acknowledge that the industry overall hasn’t yet developed enough best practices in some of these areas. There will be much to experiment and learn, as practitioners will be exploring some relatively uncharted territory.

Contact us to find out how Go2Group can help your organization benefit from the potential of DevOps and achieve your 2019 goals.

DevSecOps – How to Be Swift and Secure

While a growing number of organizations continue to implement, expand, and perfect their DevOps game, the focus on speed to market at the expense of security is making them increasingly vulnerable to the risk of cyberthreats and data breaches. The risks of security missteps remain real, immediate, and extremely costly, as demonstrated by the recent HBO hack that led to the leak of two episodes of its widely popular show ‘Game of Thrones’, or the massive security breach at Equifax exposing the sensitive personal information of 143 million Americans. It is becoming clear that a secure DevOps process is critical to the business of software creation and launching.

Now there’s a movement to put security on an equal footing in a triad with the development and operations pieces, enabling teams to not only deliver high-quality products but to deliver more secure products at the velocity that customers demand — what is being referred to as DevSecOps. Gartner has named DevSecOps one of their fastest-growing areas of interest in IT, and predicts that DevSecOps will be embedded into 80 percent of rapid development teams by 2021, up from 15% in 2017.

Let’s delve into some of the reasons why your business should be exploring DevSecOps, the nature of security risks inherent in DevOps processes and best practices for making a shift to a DevSecOps approach.

Why is DevSecOps Important?

IT infrastructure and culture have undergone huge changes in recent years. Traditional security methods, which tend to be more bureaucratic, monolithic and ‘one size fits all’, are no longer adequate to address the security challenges compounded by many aspects of DevOps:

High-velocity IT leaves security teams flat-footed: DevOps outfits push and modify batches of code over extremely short time frames (hours or even days), which may far outpace the speed at which security teams can keep up with code review, vulnerability scanning etc. This can be a major challenge for security and compliance.

DevOps and cloud environments:  The cloud plays a big role in many organizations’ DevOps stories and vice versa. In such dynamic environments that operate at huge scale, even a simple misconfiguration error or security malpractice, such as sharing of secrets (APIs, privileged credentials, SSH keys, etc.) can be amplified, leading to widespread operational dysfunction and countless exploitable security vulnerabilities.

The use of containers: Vulnerabilities, misconfigurations and other weaknesses in containers can spawn new security headaches. A study by ThreatStack reveals that a whopping 94% of respondents indicate that containers pose negative security risks for their organizations.

Privilege exposures: A typical DevOps environment consists of myriad tools, is highly interconnected and rapidly evolving. Privileged account credentials, SSH Keys, APIs tokens, etc., may be tampered with in the absence of adequate security controls. Various orchestration, configuration management, and other DevOps tools may also be granted vast privileges, and result in a hacker or piece of malware gaining full control of the organization’s infrastructure and data.

Past attitudes of delegating security to specialized teams placed at the end of the development cycle can be an obstacle in dealing with modern security challenges. Security needs to be built into the foundations of DevOps, fully integrated into your software development pipeline from the very beginning, so your teams can share feedback continuously and address security issues as they arise, rather than at the end of the lifecycle. The practice of DevSecOps views “security as code,” and is a process by which security is integrated into every aspect of the DevOps lifecycle, starting from inception, design, build and test to release, maintenance, support and beyond. It pulls in the information security team to collaborate along with the application development and IT operations team. With all three teams working together, it’s easier to build security controls into the deployment pipeline, reduce delays and flaws that result when an enterprise treats security as an outside entity, siloed from the development process.

How to go from DevOps to DevSecOps?

Turning DevOps into DevSecOps isn’t as simple as merely adding a security team. It involves incorporating security as part of every team and process. Here are some tips on the key areas to focus on keeping in mind the challenges that come with such a transition:

Get everyone on the same page: DevSecOps is about enabling everyone on the DevOps team — whether on the dev or ops end — to be the best security practitioners they can be. The goal is to make security an essential part of the DevOps culture and enable joint ownership of issues as they arise. Dev and security teams can’t pass the buck when it comes to securing modern infrastructure.

Every developer and operations hire should be trained on the basics of secure coding practices and the most common security mistakes at the beginning of their tenure. Similarly, security engineers should have a table with cross-functional DevOps teams from the beginning, even in the planning stages. For instance, if your security engineers can participate when DevOps teams are planning their minimum marketable features (MMFs), they can contribute by building threat models at the feature or service level. The pressure to get projects out on time can lead to risky shortcuts even for organizations that normally take security seriously—and this is when security awareness at this level will yield returns, forcing your team to think through security implications in the midst of rapid commits and releases, or nudging them to halt deployments for penetration testing.

Shift security left: As mentioned earlier, security needs to shift left or start from the early stages of your DevOps processes. Injecting code analysis tools and automated penetrating tests earlier in the development process makes it possible for organizations to capture and eliminate security flaws at every step of the development process and also provides feedback about vulnerabilities as soon as they appear. This up-front security work cuts down the risk of costly and time-consuming mistakes later in the cycle.

Create transparent policies: Enforcing effective policy and governance is critical in creating an alignment between different teams. The collaboration between teams needs to be properly considered when policy is laid out. For instance, is the security element thoroughly discussed when you are treating your infrastructure as code? Organizational policy should also cover various other aspects such as, the acceptable cloud deployment practice/model, the data types that can/cannot migrate to the cloud, compliance requirements etc.

Automate security: You cannot match the speed of security to your DevOps processes without automation. With the use of automated security tools for code analysis, configuration management, patching and vulnerability management, and privileged credential / secrets management, you can mitigate the risk arising from manual errors, and also reduce the associated vulnerabilities.

Bear in mind that zero risk is impossible: It is important to bear in mind that the pursuit of perfection can be detrimental to the speed of DevOps and digital business. There is no such thing as  perfect security. Organizations must therefore focus on adopting a risk-adaptive approach that ensures continuous visibility and assessment of vulnerabilities, so that their security and compliance posture can be continually adapted as required, and the right actions taken at any given point. This is what Gartner refers to as “continuous adaptive risk and trust assessment” or CARTA.

Conclusion

A shift to DevSecOps won’t be quick, easy and organic. It requires a mindset shift to stop looking at security as one-time gating and reimagine it as a continuous security assurance process, which is integrated from the beginning of the development timeline and assessed with each new iteration. There must be organizational commitment all the way to the top to dedicate time and money to develop security awareness at every level, invest in the right security tools, arrange for the appropriate level of staff training and implement as much automation as possible. You can start by fully understanding your current processes and lifecycle. Where are the gaps and  shortcomings in relation to integrating security? Is there a champion in the organization who can understand this? And more importantly, are they empowered to act and help enable change? Once these basics have been addressed, it’s about acting on them. As with anything, the actual implementation will determine how effective the transition is.

If you haven’t already begun the process, the time is now to merge your security goals with DevOps. Contact us and let us help you understand its benefits, challenges, and best practices, and choose the right approach to making security a bigger focus in your organization.

Why Is Kubernetes Ideal for CI/CD and Reinforcing DevOps Goals?

In the current scenario, when companies are struggling with setting up their CI/CD pipelines for cloud-based applications, Kubernetes, a powerful open-source platform for automating the deployment, scaling, and management of application containers across hosts, has reinforced DevOps goals and proven to be the ideal solution to CI/CD. It not only improves traditional DevOps processes, including speed, efficiency, and resiliency, but also solves newer problems that comes with containers and micro services-based application architectures.

In a quick interview at the DevOps World | Jenkins World 2018 event with DevOps.com Managing Editor Charlene O’Hanlon, Mike Maheu, VP – Engineering and Strategy, Go2Group, highlighted the increasing demand and conversations around Kubernetes and containerization, and the requirement of “speedy delivery with precision.” The most common question companies ask today is “how can we configure our applications so that we can do CI/CD with containers?” Mike also points out the challenges many organizations face in adopting DevOps.

Here’s an excerpt of the interview.

Charlene: Tell us a little about Go2Group and its services

Mike: Go2Group has been in business for 13 years. We started out in source control management. We partnered with Atlassian 11 years ago. We basically help medium and small companies to develop software better through best practices and tooling. We strategically partner with companies like CloudBees and others so that we can become experts around tooling. We help companies improve not only with development but also agile — the entire requirements to delivery pipeline. That’s why we are here talking about DevOps.

Charlene: Do you get into the trenches with these companies?

Mike: We do get into the trenches. We do analysis and assessment to see what kind of services they require; a lot of large companies are fragmented with their tooling. So, we come up with a strategy. Agile has been around for a while and a lot of companies are good at it. But the problem today is that they can’t really deliver code quickly. They can iterate and sprint but can’t deliver code as fast as they iterate and sprint. So we are tightly coupling the DevOps aspect — the delivery part of it — with the rest of the software lifecycle.

The most common question companies ask today is “how can we configure our applications so that we can do CI/CD with containers?”

— Mike Maheu, VP – Engineering and Strategy, Go2Group

Charlene: What are the biggest impediments for companies in moving code quickly?

Mike: It goes top down. A lot of times there is not a lot of buy-in from the corporate perspective. A lot of the tools come from the bottom and end up with fragmentation. So, there should be a process that couples the actual tooling and what they (companies) are trying to do. Larger companies have multiple software, products, and a lot of different teams. The higher level wants to see across the landscape and they want to make sure that they are able to deliver the changes to their applications. The voices are raised up to the top. And they are struggling with delivering software — when we look at the old school ways of “here’s our application, please deploy in the same environment (sic).” These days I am talking a lot about newer technologies like containerization with Docker, Kubernetes, Jenkins Core, and tying things to the cloud. A lot of companies are also wanting to move their on-premise tooling to cloud tooling.

Charlene: Are a majority of these applications and development work being moved to the cloud or are they between cloud and on-premises?

Mike: Not long ago, larger companies — government and financial — were scared of the cloud. The first step was when some of them got onto Git for their source control management and Atlassian has Bitbucket (sic). People started hosting their code outside their fortress. The first thing that large companies agree to put on their cloud are their Dev tools. Its low risk – the best bet to get speed of delivery when we talk about containerization and the power of the cloud to deliver at scale. It’s a powerful thing!

Watch the full interview

https://www.go2group.com/resources/videos/

For more information, write to us at marcom@go2group.com

DevOps: The Key to Speed up Your Digital Transformation

Digital transformation has triggered companies to relook at existing business models and their approach to operationalize day-to-day processes. Nowhere is this more evident than software development. To meet the demands of advanced innovation and quicker delivery of new applications and services, IT teams are transitioning to DevOps models that close the gap between development and operations.

And DevOps is making bold strides. According to a survey by a reputed market research company, 50% of organizations said they were already leveraging DevOps to support their digital business transformation.

Read more

Five Pitfalls to Avoid When Adopting DevOps

Is DevOps implementation easy? The likes of Netflix and Facebook have shown continuous improvement reiterating the technical and business benefits of DevOps — shorter development cycles, increased deployment frequency, and faster time to market. On the other hand, a high percentage of enterprises are still figuring it out — oscillating between short and quick successes and failing to make the big jump to mainstream.

Read more

How to Avoid Tool Chaos to Succeed in DevOps

As enterprises continue to add more tools to handle specialized portions of software delivery, an alignment has begun to place more emphasis on data than tools. This alignment realizes the value of data — not just processes or applications. The result: a real need to leverage insights into the practices and better optimize them. Multiple technologies, processes, applications, and systems need to be updated and maintained on a regular basis to keep this fragile ecosystem functioning properly.

Read more

10 Nifty DevOps Tools in 2018

Let’s face it — no single tool can offer all the capabilities to get you through your DevOps approach. You need to find the right mix of tools, strategies, and teams to suit their workflows and approaches. With 2018 projecting a movement for DevOps into mainstream implementation, this becomes even more relevant.

Read more

DevOps Goes Mainstream: Top Trends for 2018

DevOps gets a jumpstart in 2018 with predictions of an early mainstream adoption and implementation. Analysts, IT leaders, and DevOps experts declared 2017 as ‘the year of DevOps’ and have predicted some major trends for DevOps in 2018. After digging deep and picking the brains of a few DevOps experts, we believe that DevOps will slowly enter the turf of mainstream adoption but it comes with barriers that may continue to exist through 2020. We can only be prepared for what’s coming!

Read more

Five Tips to Kick Some Butt in Your DevOps Journey

“The key to following the continuous delivery path is to continually question your own assumptions about what’s possible.” — Jeff Sussna

The benefits of DevOps are clear — high-performance, faster deployment, and quicker response to crisis. Businesses today are either getting started with DevOps or have it in pockets but find it difficult to scale up to an enterprise-wide implementation. Read more

16 DevOps and IT Ops Events in 2018 You Just Can’t Miss

DevOps matters now more than ever! As the interest in DevOps and IT Ops continues on the upswing, businesses are finding ways to automate, streamline, and accelerate software development and delivery processes. Building software products and offering services that satisfy customer needs requires constant interaction with industry leaders who have exhibited high performance.

We made it easy for you and comprised a list of 16 interesting events and conferences in 2018, so you can plan ahead and create a convenient and value-packed schedule for your business.

Read more