Pitfalls to avoid when adopting DevOps

devops2As DevOps continues to grow in popularity, some organizations still struggle with its successful implementation. Perhaps developers really don’t understand the practice and chafe at being forced to follow its concepts? Maybe the network engineers feel DevOps favors the software team, while automating many of their standard administrative tasks?

Whatever the reasons for its difficulty in adoption, getting things right offers many benefits to software shops of all sizes. DevOps plays a key role in boosting development efficiency to the point it becomes a competitive advantage. So, let’s take a look at a few common pitfalls to avoid when adopting DevOps.

Avoid these Mistakes when adding DevOps at your Software Shop

Rebecca Dodd, from the software development process experts at GitLab, wrote an article for DZone covering these major pitfalls to avoid during a DevOps implementation. She talked with a few people at GitLab responsible for project success with their customer base. They provided interesting food for thought on what issues hamper DevOps adoption.

Focusing Too Much on the Tools

GitLab noted that companies who make too much of an investment on their toolset tend to encounter difficulty when implementing DevOps. GitLab Technical Account Manager, John Woods, commented on the issue. “You think you have it all when you’ve got your issue tracker, version control system, CI/CD service, etc. However, what’s the cost of setting all those up and configuring them to ‘talk’ to each other?” said Woods. 

In essence, the time spent configuring and integrating multiple tools takes up valuable time and resources. GitLab calls this the “DevOps Tax.” Make it a point to ensure you use tools that support your DevOps policies and procedures; not the other way around.

In a similar fashion, some companies simply become too attached to their development tools. This adds difficulty if those tools aren’t really compatible with the unique DevOps methodology. GitLab notes some customers try to wrench decades-old tools into their fledgling modern workflow.

Ultimately, the smartest tack involves finding the right integrated toolset compatible with how software gets written in a DevOps world.

Deployment and Monitoring are as Important as Development and Testing

Another pitfall noted by Dodd involves companies not covering the entire SDLC when adopting DevOps. Instead, the only follow its principles for software development and QA, ignoring it for the deployment and monitoring processes. Ultimately, this isn’t a true DevOps implementation.

In most cases, companies leverage DevOps to achieve continuous integration or continuous delivery. Reaching these goals isn’t possible without a full adoption of the methodology. In short, go hard or go home!

Security needs to be part of the DevOps Equation

We previously talked about the importance of information security as part of any DevOps implementation. This is one of the reasons DevSecOps is a hot buzzword. In these days, cybersecurity needs to be a core concept within any software development practice – DevOps or not.

GitLab notes that companies adopting DevOps who still treat security as an afterthought ultimately struggle with its implementation. Valuable resources end up making security-related fixes at the last minute. Consider a DevSecOps approach.

Ultimately, steer clear of these pitfalls to ensure your DevOps adoption goes great!

Keep coming back to the Betica Blog for additional insights and dispatches from the wide world of software development. Thanks for reading!

A Deep Learning AI Routine learns how to Code

AI

The end of April is nigh, which means another edition of our software development news digest. These intriguing stories hopefully provide a measure of insight to your own application engineering efforts. If interested in checking out last month’s digest, just click on the following link. Thanks for reading!

A Deep Learning AI Routine learns how to Code

AI and machine learning continue to make an impact throughout the technology industry. These innovations are found in everything from data analysis to self-driving automobiles. In a similar matter as with robotics, some professionals wonder if their jobs are going to be taken over by a computer in the next decade.

Recently a team at Rice University developed a deep learning routine actually able to write some code. The good news for current developers is the prime directive for this AI application involves helping software engineers more easily handle interfacing with poorly documented APIs. News about this AI innovation appeared earlier this week at Tech Xplore.

The application – called Bayou – performs a deep analysis of APIs in online source code repositories, like GitHub and others, attempting to learn about the API’s usage idioms. The application is focused on the Java language at this time. Swarat Chaudhuri, associate professor of computer science at Rice and one of the creators of Bayou, commented on the tool’s genesis.

“People have tried for 60 years to build systems that can write code, but the problem is that these methods aren’t that good with ambiguity. You usually need to give a lot of details about what the target program does, and writing down these details can be as much work as just writing the code. Bayou is a considerable improvement. A developer can give Bayou a very small amount of information—just a few keywords or prompts, really—and Bayou will try to read the programmer’s mind and predict the program they want,” said Chaudhuri.

Most notably, it analyzed millions of lines of Java code as part of its self-training process. If you want to try the application for your own purposes, just simply ask Bayou.

Fannie Mae makes Software more Secure with Lean

We’ve previously talked about the Lean methodology. Considered a variant of Agile, Lean actually grew out of the manufacturing world in an attempt to make operational processes more efficient. Now, mortgage lender Fannie Mae is leveraging Lean to make its software development process faster and more secure. News about their efforts appeared this week in CSO.

Since implementing Lean in 2013, Fannie Mae’s development cycle decreased by half. Working more efficiently allowed the software engineering team to subsequently make their applications safer from hackers and other nefarious agents. They also saved hundreds of millions of dollars over that time, according to company VP, Michael Garcia.

Writing safer code from the beginning is a core principle of Lean applied to software engineering. Other Agile techniques, like smaller increments and faster testing, improve overall efficiency. The company explored applying the principles Six Sigma to their development process, but ultimately felt Lean made a better fit.

Lean is definitely an Agile variant worthy of evaluation for larger software development shops. A more efficient process simply brings many advantages, including more secure applications and an increase in business value. Dive into the CSO article for a further exploration of the use of Lean at Fannie Mae.

Stay tuned to the Betica Blog for additional news and insights from the constantly evolving world of software development.

Is DevSecOps making a Difference in Information Security?

devsecops
It seems nary a week passes without a story about a hacking incident making the evening news. Additionally, many CIOs report a skills gap when it comes to employing experienced information security professionals. As such, the demand for these IT pros is now going through the roof – as well are their salaries.

So what about DevSecOps, the cybersecurity focused variant of the DevOps methodology, slash, organizational structure? We’ve talked about it in the past and are wondering if it is truly making a difference in today’s technology world. Let’s take a closer look.

The Current State of DevSecOps in the Industry

Last month, SD Times looked at what inroads DevSecOps is making throughout the software development industry. They asked the same question as us: is it truly making a difference considering the never-ending scourge of cyber attacks and similar forms of nefarious behavior. Considering the difficulties some organizations encounter when implementing DevOps itself, it is simply too new to make much impact?

Derek Weeks, vice president and DevOps advocate at Sonatype, echoes that opinion. “I will say I think we’re early on in the DevSecOps movement of practices that are being implemented. I think with the organizations that have attempted to do it, they are seeing early successes and are happy with that. The vast majority of the market has not gotten their feet wet with DevSecOps practices yet,” said Weeks.

When looking at the recent tech news, however, it becomes time to quote Spock: “Mr. Scott, speed is of the essence.” The core of the issue involves successfully implementing security within a software engineering organization’s current DevOps initiatives. If those practices are still emerging, obviously adding the “Sec” to DevOps becomes more difficult.

A Cultural Change is Essential for a DevSecOps Implementation

A successful DevSecOps implementation requires both a cultural shift within a software development shop as well as buy-in from the executive team. Of course, these same things are necessary for switching to DevOps itself. Obviously, a mature DevOps organization will likely find it easier adding security to an existing framework.

Weeks feels security practices need to be actually embedded in the software development workflow, as opposed to tacked to the process after the fact. Making information security practitioners serve as a gatekeeper instead of collaborator isn’t the best approach. They need empathy for the entire SDLC. 

Training software engineers in the proper application of cybersecurity technology ultimately works better. This serves to foster the kind of teamwork and collaboration that is the hallmark of DevOps itself. It also provides companies the chance to close their information security skills gap in an internal fashion.

John Martinez, vice president of customer solutions at Evident.io, commented on the inroads DevSecOps is making at his firm: “I think the DevOps side of DevSecOps has definitely been much faster to respond and I think we’re starting to see, at least on our side, the cross-pollination on the security side where a lot of the agile practices are starting to fit over on the SecOps side.”

Ultimately, DevSecOps is a still emerging practice. However, the importance of companies successfully implementing it cannot be overstated.

That’s it for this edition of the Betica Blog. Stay tuned for additional insights from the wide world of software development. Thanks for reading!