DevOps is a set of cultural values and organizational practices that improve business outcomes by increasing collaboration and feedback between teams. Of course, there are industry best practices, but a DevOps transformation will look different and yield different results for each organization, depending on its business and strategy. With a lot of options and moving parts to a DevOps transformation, don’t let these myths delay beginning your transformation.
Myth #1: Tools will solve your DevOps problems.
Unfortunately, even the best tools are not going to solve all your DevOps issues. Tools are enablers that assist in removing unnecessary toil, but they can’t magically make things perfect. For instance, implementing an automation tool sounds like a great time and resource saver at first glance. However, the tool can only produce those results if the structure around the tool can accommodate the action. If your team isn’t ready for that speed, you’ll likely just speed to failure.
Don’t put the tools before the structure. Instead, think long-term and comprehensively when constructing your DevOps transformation map. Otherwise, roadblocks will slow down your ability to achieve speed.
Myth #2: You should start with CI/CD.
Typically, people begin their DevOps transformation with continuous integration (CI) and continuous delivery (CD). A CI/CD pipeline enables fast code changes through automated deployment steps that create a more consistent and agile environment. While the results of CI/CD are the goal, starting there doesn’t take into account the support necessary for successful implementation.
Today, the DevOps transformation is being refined to include discussions and planning around the evolvement of production support, application monitoring, and automated dashboards. When you start with CI/CD, you’re focused on development speed, but operations might not be ready to accommodate. In true DevOps fashion, you need to bridge the gap between development and operations first to produce a streamlined feedback loop. Operations must have their tools ready to feed into the CI/CD pipeline to break down barriers early on and avoid stopping points in the future.
Myth #3: DevOps transformation and cloud transformation can’t happen at the same time.
Promises of more speed and lower costs motivate businesses to jump into the cloud quickly, with the expectation that those benefits and return on investment (ROI) are delivered immediately. The issue with this way of thinking is not enough forethought prior to action, with a fracture resulting between departments. Teams need to be trained on new cloud procedures, security must be implemented, legal has to update contracts, and company culture, from the top down, needs to be onboard for adoption.
Fortunately, there’s a lot of overlap between a DevOps transformation and a cloud transformation. In fact, DevOps can be the support you need for a successful cloud transformation without any roadblocks. Instead of waiting on DevOps because you’re not agile yet, start with it at the beginning of your cloud transformation. Utilize DevOps best practices as you migrate to the cloud to help transform how your teams work with a well-constructed plan for company-wide implementation.
Myth #4: The role of security is for vulnerability scanning.
Waiting until you’re finished with development to include security is a DevOps anti-pattern. As an essential part of the business, security can contribute more than just vulnerability scanning before you go live. When you only look to security for the last line screening, you’re inviting a significant bottleneck into your process.
Of course, getting security involved and excited about DevOps can be a struggle because they’re inherently at odds. The goal of DevOps is to increase speed with new tools. The goal of security is to decrease risk, which can slow processes and releases. But when you apply speed and change with new implementations, you are increasing risk. Instead of asking, “How do we get security involved before vulnerability scanning?” consider the benefit of getting development to include security as part of the CI/CD pipeline. Automate steps like vulnerability scanning, secrets detection, license checks, SAST & DAST early in the development cycle so that issues are found and addressed early on. This removes the security roadblock to production.
In addition, cross-training between DevOps and security invites both teams to understand their colleagues’ goals, responsibilities, roles, expectations, risks, and challenges. Give each team real life examples of how the gap creates conflict for each side. Once they have a better understanding of the other side, they’re more likely to consider one another during product planning and development.
One well-known and widely accepted truth to a successful DevOps transformation is the benefit of an expert partner in the process. 2nd Watch offers packaged service offerings to help you get the most out of your DevOps transformation with start to finish essentials that deliver the results you expect. Contact Us to see how you can gain more leverage with less risk.
-Stefana Muller, Sr Product Manager, DevOps & Migration