The increasing adoption of DevOps is down to several factors, for instance, it allows organisations to capture all processes in an auditable and replicable way. Additionally, it adapts quickly, which makes the cost of change low, allows businesses to add cross-functionality collaborations, which often involves different teams working together, and results in working at a much higher speed. Since its introduction, DevOps has also served to highlight that organisations need to be more agile and has inspired many to do so.
As DevOps has matured and become more mainstream, there has been a gradual evolution of the approach. With a similar evolution taking place in the cloud world, more intelligent tools have started to become available too. Consequently, developers are now able to follow up DevOps processes with more discipline and more efficiently, with the approach showing the potential to revolutionise enterprise.
Among the most significant developments in the evolution of DevOps so far has been the emergence of DevSecOps – the practice of integrating security into development. Historically, the issue of security had been largely overlooked in terms of DevOps due to the inclusion of security during development hindering speed. Instead, security was commonly retrofitted after a build. However, as developers and organisations have begun to realise that this approach not only makes the process more difficult but also isn’t the most security-conscious method, some have started to integrate security into DevOps from the outset. This DevSecOps approach allows developers to alleviate any security issues at the time of development, rather than retrospectively.
Beyond this, DevSecOps is also helping businesses to break down siloes by encouraging greater collaboration across teams to ensure that security experts are involved and knowledge is being shared.
As more organisations adopt a DevSecOps approach, they should adopt the following two initiatives:
Detailed review processes
A vital principle of DevSecOps is to continually review security. This means compliance monitoring for PCI and GDPR, determining what the process is if security senses a threat and deciding how the business will assess if code is susceptible to a certain vulnerability. In order to do this successfully, it’s important for an organisation to establish a review process from the moment it thinks about architecting a new solution. From here, it can move to ongoing monitoring and management of security as the code progresses through every stage, from the developer desk to the building of the solution and the testing of it. It’s also crucial to ensure developers are given training and are taught to be aware of security throughout the development journey.
A culture of collaboration
Enterprises must ensure they have the right mindset and embrace a collaborative culture which recognises that different expertise from across the business is required for DevSecOps to be effective. Traditionally, developers have been focused solely on aspects such as logic and algorithms, with security factoring only as an afterthought. However, by adopting a culture that encourages collaboration at the start of every build, organisations will be able to create secure, stable, resilient solutions which will pay dividends.
The next phase of DevOps
The advent of DevSecOps signals a continued evolution of DevOps, and while there is no guarantee regarding where the approach might go next, there are two main theories regarding its future:
NoOps is the idea that solutions will feature everything they are required to, such as code standards, security, libraries and legislation protocols, from the outset and everything will be completely automated. Technically, as everything would be automated within the software provisioning pipeline, there would be no need for manual, human-based operations, instead, they will be required to merely monitor and raise questions as they verify the software. As everything would automatically meet a certain standard, this could potentially guarantee a higher level of security and resilience.
Rather than DevOps disappearing completely, different types of Ops may emerge. Ops could be augmented by machine learning (ML), or MLOps could be developed to form a machine learning-driven operation that would be able to certify the standards that organisations want software to be written with and even flag issues with it.
The evolution of DevOps is likely to continue as organisations become more familiar with it and technology continues to advance at pace. In time, this will result in DevOps beginning to encompass new technologies, such as ML, and all of the requirements of development being brought together. Ultimately, this will be extremely beneficial, encouraging collaboration across departments and ensuring that new solutions meet required standards and security from the outset.