The top 5 DevOps trends: What being mainstream means to your team
The past year was a landmark in terms of DevOps adoption. According DevOps Research and Assessment (DORA), 2019 saw the pool of “elite” performers in DevOps practices triple.
“For the last year or two, we’ve heard from several industry analysts that DevOps has ‘crossed the chasm,’ and now our data supports that,” said Nicole Forsgren, founder of DORA and head of the Research and Strategy Group for Google Cloud, about the 2019 Accelerate State of DevOps Report.
In short, DevOps has gone mainstream. So what does that mean for the progression of DevOps transformations, programs and practices in 2020?
When we put the 2020 DevOps prediction question in front of industry insiders, their answers tended toward prognostications of blossoming of standardization and governance without giving up the flexibility and speed of DevOps.
At a high level, many of these trends are about squeezing more efficiency out of once-experimental programs, baking in more resilience, making software delivery pipelines safer and more compliant, and putting a finer point on the business gains afforded by DevOps practices.
Here are their DevOps trends to watch in the coming year.
[ Learn the secrets of successful DevOps initiatives in TechBeacon’s guide. Plus: Download the EMA analyst report on Optimizing DevOps Initiatives: The View from Both Sides of the DevOps Divide ]
1. Customer-centric development
Last year’s TechBeacon predictions had pundits predicting a rise in the use of value stream management to better map product strategy and execution against the value that software delivers to the business, and the drumbeat did grow louder for value stream management.
As an extension to that, some experts believe that many organizations will try to remove layers of abstraction between developer-led product teams and the external customer to get design even more lined up with customer demand.
“Customer-centric development” is the next evolutionary step for DevOps. This mode of development will focus on adding better customer-oriented feedback loops from production back into development, said Antony Edwards, COO of Eggplant Software.
The developer role will change as a result.
“They will start trying to plug marketing and end-user experience monitoring (EUEM) tools into the development process.”
However, development teams will passively resist this, and it will lead to a major re-organization of software development and marketing teams, he said. By the end of 2020, some organizations will be asking where to draw the line between the two groups.
Edwards said the combination of customer-centric development, microservices, and automated DevOps pipelines pushes the role of developer further away from a coding focus and more toward product design. This evolution mirrors how CAD tools moved architecture from materials engineering to design.
Jai Schniepp, director of product for secure DevOps platforms at insurer Liberty Mutual, agrees. The maturation of DevOps in 2020 will have teams thinking less in terms of delivering feature requests and more about solving problems for internal and external customers, she says.
“Given the empowerment DevOps teams have to own, run, and manage the end-to-end delivery of an application, engineers will request more control over how problems are solved.”
2. Standardization on Kubernetes
The much anticipated rapid adoption of containers has finally come to fruition, and now it’s time for greater standardization. The fire sale of Docker Enterprise to Mirantis this fall signals a huge sea change for the containerization world—it’s just one of many signs of a Kubernetes-dominated playing field.
2020 will see continued adoption and standardization around the Kubernetes container-orchestration system, said D. Collin Bachi, a DevOps engineer for Stoplight, maker of an API design management platform.
“A Kubernetes configuration bundle contains everything needed to deploy, operate, and scale modern containerized applications. It is highly unlikely that any alternative will emerge to replace it.”
—D. Collin Bachi
Beyond straight market dominance at this point, Bachi says several factors play into the Kubernetes standardization trend. Those include the cloud-agnostic nature of Kubernetes, the template-friendliness of the platform, and the ever-growing ecosystem built up through integrations and partnerships.
[ Get up to speed on quality-driven development with TechBeacon’s new guide. Plus: Download the World Quality Report 2019-20 for lessons from leading organizations. ]
3. A shift from reliability to resilience engineering
Last year the experts drew attention to the growing field of “NewOps” specializations such as cloud operations and site reliability engineering (SRE). That trend will continue, but some believe the “R” in “SRE” will morph from “reliability” to “resilience,” said Charles Betz, principal analyst for Forrester Research.
“Beyond site reliability engineering and chaos engineering lies resilience engineering. Resilience engineering combines academic disciplines from industrial engineering to human factors to cognitive psychology and beyond, but it’s no ivory tower.”
At the heart of resilience is the acknowledgment that failure is a reality in tech operations and that the focus shouldn’t be on preventing failure but on shortening the recovery window.
The industry at large is still focused on ensuring that technology won’t fail, but resilience engineering will break onto the scene in a major way in 2020, Betz said. He predicts that the shift from reliability to resilience will help operators cut time sunk into unplanned work by as much as 20%.
4. Continuous governance and compliance
Forrester’s Betz says a big change is building in the coming year with respect to governance. We’re about to see the plan/build/run operating model and its built-in stage gates go the way of the dodo. In their place will be the more agile principles of continuous governance.
More companies will use self-correcting dynamic controls, he said. Automated platforms will “subsume much governance”—these will include templated patterns and environments provided to the delivery team, automatically managed for drift from policy compliance.
Many in the security and compliance world agree that policy as code is the direction that enterprise DevOps organizations are taking in order to keep moving at agile speeds, all the while keeping up with the demands of the legions of auditors they must contend with, said Tim Hinrichs, CTO and co-founder of Styra, which sells a tool that provides governance for Kubernetes platforms.
“The whole microservices world is about delivering apps faster, but right now the growing gap between DevOps’ new ‘everything-as-code’ approach and security/compliance teams causes significant delays when moving into production.”
This is particularly the case when audit time rolls around, he said. Auditors often have to be manually walked through security practices in containerized environments.
Compliance as code is becoming a thing
This is where compliance as code steps in. More organizations are adding security and compliance checks into their playbooks, scripts, and overall activities, said Dave Klein, senior director of architecture and engineering at security platform vendor Guardicore.
“Having become the masters of automation, autoscaling, and provisioning,” developers have begun to do more, including additional kernel, distribution, or application update and patching checks, Klein said.
As much as organizations use a configuration management database (CMDB) for overall asset tracking, developers are beginning to use more ID labels and tags for additional application tracking capabilities.
5. Security champion programs form bedrock of DevSecOps
One of the most popular DevOps predictions is that there’s a growing need for organizations to shift security left in the development lifecycle by making that part of a comprehensive DevSecOps strategy. At a practical level, one of the most prevalent tactics people will use to execute on DevSecOps in large organizzations will be in creating more security champion programs.
Many DevSecOps leaders are implementing security champion programs through a mix of formalized training, gamified skills progressions and levels, hackathons, and paired coding exercises with security experts.
“The most novel thing I’ve observed this year at a large national insurance company, both profound and simple, was a series of training sessions where application developers and security professionals were paired up to better understand each others’ roles.”
In these sessions, the developers conducted a series of coding exercises during which security pros could watch and comment on their security hygiene. It was a two-way learning affair, Klein said.
The result was that the security experts learned just as much about coding as the developers did about better security practices, said Klein, who said he believes this kind of training will lead to true DevSecOps adoption.
Many organizations, from Comcast to Target, are using these techniques to underpin their comprehensive security champion programs, which are reaping huge benefits for DevSecOps teams. For example, Australian telecom company Telstra has achieved a 20% to 30% improvement in secure coding skills among its developers, said Suzanne Dyke, senior DevOps security specialist for Telstra, in a recent session at the AllDayDevOps online conference.
“When I’ve spoken to developers, they’ve told me that, before the program, they didn’t really think about security while they were delivering software, but now they do.”
Dyke said that even more important is that these programs are bridging the cultural gap between devs and security pros. She calls that the program’s biggest win.
Learn from the experts
The abiding lesson from expert predictions regarding DevOps in 2020 is to expect more change as increasingly more organizations progress in their DevOps journeys over the next year.
Whether organizations are just starting out or are well underway, the technologies will continue to shift rapidly, and all related processes will need to improve continuously as well.