How to make DevOps emerge into Maturity

DevOps remains the rage throughout the technology industry. Companies look to its optimized organizational structure that – when combined with the leveraging of state of the art innovations in automation and virtualization – facilitates the production of software faster than ever before. This includes new application development as well as enhancements and bug fixes.

Still, DevOps is a relatively new movement in IT and, as such, it is still maturing. Let’s take a closer look at what’s hampering its adoption in the tech world, with an eye on whether implementing its concepts makes sense for your organization.

Organizations struggle with Change

Many large organizations attempting to embrace DevOps struggle with the large scope of change, spanning the technical, cultural, and structural. Separate teams that formerly ruled over a singular domain now have to work together as one group. This especially impacts the network administration and software engineering roles.

Technical hurdles involving the use of new automation tools as well as the latest in virtualization technology, like Docker, also need to be overcome. Companies already using these tools are more ready to take on the other changes required in a DevOps implementation. As we’ve noted in the past, already having Agile in place as a software development methodology makes it easier to add DevOps to the equation.

Corporate Culture and Legacy Systems hamper DevOps Adoption

A recent survey reported on in ZDNet revealed corporate culture remains the biggest barrier to DevOps at many organizations. In many cases, this “culture” includes a host of legacy systems still in use, in addition to a company structure defined by those singular domains mentioned earlier. Industry pundit, Shashi Kiran, commented on some of the issues hampering DevOps adoption in the IT world.

“Starting out with a clean slate is always relatively easy. Preserving or integrating legacy in brownfield environments is where it becomes both challenging and interesting. For the next several years that’s where the action is. Enterprises that have invested in technology over the past few decades suddenly find that they can now actually create tremendous legacy inertia to move forward. So, while many have adopted DevOps practices, it has begun in pockets across the organization,” said Kiran.

Fostering a Collaborative Spirit at Technology Companies

Getting past any cultural concerns adversely impacting DevOps implementation requires fostering collaboration and teamwork. Once again, this is one of the reasons DevOps works better at companies already familiar with Agile. Chris Cancialosi, Ph.D., a founder at gothamCulture, feels understanding the right metrics is another essential piece in convincing executives their investment in DevOps will pay dividends.

“First, measuring and understanding your current state baseline is critical. A valid and reliable assessment ensures you are in a position to change, assists in helping leaders understand the potential obstacles that currently exist in the system, and helps organize and prioritize the change activities that must happen in order to embed these new ways of working into the cultural fabric of your company,” said Cancialosi.

In short, once everyone realizes the positive difference DevOps, automation, and virtualization makes on the software delivery process, it becomes easier to make the necessary cultural and structural changes to fully embrace this new way of doing things.

Stay tuned to the Betica Blog for additional insights from the wide world of software development. As always, thanks for reading!

News from the World of Software Development – May 2017

Welcome to this month’s collection of a few interesting software development news stories from the last few weeks. If you want to check out April’s news digest, simply click on the following link. Hopefully, the content within this May digest offers a measure of insight for your software engineering activities. Good luck!

Agile making inroads in Government Software Development

Nearing its second decade of use, Agile is finally seeing wide adoption in software development at government agencies. Doug Robinson, the executive director of the National Association of State Chief Information Officers (NASCIO) in the United States reported that 81 percent of state CIOs plan on increasing the usage of Agile and other iterative development methodologies at their shops. News about this Agile implementation growth appeared this week at CRN.

“We’re seeing a lot of excitement in the CIO world to be able to deliver projects on time and within budget using some type of agile methodology,” said Robinson. As government entities tend to be slow to embrace new technology methodologies, this growth in adoption is another obvious sign of the continued maturity of Agile.

Small Teams write more Secure Code

Teams with a small number of developers produce more secure applications compared to groups with more than 20 employees. That is one of the main conclusions from the recently released 2017 CRASH Report, published by CAST Software. As applications grow in size and complexity, they simply become too difficult to manage.

A chief scientist at CAST Software, Bill Curtis, commented on the survey’s findings. “Applications have gotten so big and complex that no single team can understand it all. It might have five or six languages, multiple databases, CRM systems, and you can’t understand all the interactions. That leaves teams making assumptions that in many cases are wrong,” said Curtis.

Shops wanting to write more secure code need to invest in the relevant training for their developers, while giving them the tools for performing both static and dynamic testing. Additionally, involving a third-party team in the final vetting of an application’s security offers a valuable second opinion before the code is deployed to production.

Microsoft switches to Git for Windows Code Source Control

Considering Microsoft’s investment in its own source control systems, it comes as somewhat of a surprise that the tech giant is migrating all the source code for its Windows operating system to the popular open source tool, Git. News about this move appeared this week in Ars Technica.

The reasoning behind this shift lies within Microsoft’s OneCore project which is aimed at simplifying the Windows codebase. Their previous source control solution for Windows, SourceDepot, was straining to handle the massive amount of source code involved, which includes 3.5 million files.

Redmond chose Git because of developer familiarity as well as its open source nature. The basic Git application needed to be updated to seamlessly handle the Windows source code. Microsoft created a fork in the Git code for this purpose and is talking with the other industry giants who use the app – Google and Facebook – about combining their efforts in the future.

Make a visit to the Betica Blog part of your daily routine before firing up your IDE in the morning. As always, thanks for reading!

DevOps helping Teams with IT Security

With the continued growth of mobile technology and Cloud Computing leading more users to embrace eCommerce, there has been a subsequent increase in cases of identity theft, ransomware, and other forms of cybercrime. Nefarious agents – essentially hackers – are finding more targets on a daily basis. This puts the onus on software developers to ensure their web application remain as secure as possible. Enter DevOps.

Application engineering firms are now leveraging the faster development speed provided by DevOps to ensure their software products – and user base – stay protected from cyber criminals. Let’s take a closer look at how this modern methodology helps teams with cybersecurity.

Automating Security in Software Development

One of the most important technical principles within DevOps is the use of automation to make certain aspects of the software engineering process more efficient and subsequently faster. According to a recent article in InfoWorld, automated routines are also helping teams implement cybersecurity throughout the software development life cycle. In the past, adding security routines to a codebase was cumbersome; this is apparently no longer the case.

A 2017 survey on “DevSecOps” by Sonatype noted a change in how developers felt about adding cybersecurity routines to their applications. 84 percent of the respondents now feel coding application security routines is a necessary safety measure, as opposed to something hampering their creativity or delaying the release date of the application. The increased use of automation to build security into software is one of the reasons for this change in attitude.

Wayne Jackson, Sonatype’s CEO noted the advantages of leveraging DevOps for application security. “DevOps is not an excuse to do application security poorly; it is an opportunity to do application security better than ever,” said Jackson. His company’s survey also noted that the organizations who have no issues adding application security tend to be the same ones with a mature implementation of DevOps itself.

Faster Software Development makes it easier to write Safer Code

As the automation ushered in by DevOps has led to a faster software development process, companies are finding it easier to improve their code in other areas, most notably in security. Tyler Shields, vice president of Signal Sciences, highlighted this change.

“Successful application security has been defined as increased automation that doesn’t slow down the development and operations process. Imagine a scenario where developers embrace security rather than find ways to work around it,” said Shields.

Some of these automated security routines include fuzz testing and software penetration testing. Both are an important aspect in truly vetting an application’s barriers against hacking and other cybercrime. Analytical routines used by continuous integration software also check for vulnerable code – both in-house developed as well as within third-party components. 

With hacking and ransomware in the news on seemingly a daily basis, software development companies known for writing secure applications will gain themselves a competitive advantage compared to those shops that still see cybersecurity as a hassle. It is yet another example of what DevOps brings to the table for any application engineering organization. 

Regularly come back to the Betica Blog for additional dispatches from the wide world of software development. As always, thanks for reading!