AIOps, DevSecOps, and Beyond: Exploring New Facets of DevOps
One of the essential goals of DevOps methodology is to establish a more concise approach to software delivery, especially in continuous integration/continuous deployment (CI/CD) environments. As organizations explore this approach, additional elements such as security have been introduced to streamline the cycle. It means developers may have to learn to wear several more hats, especially as some experts look to ways DevOps will continue to mature in 2021.
Many organizations have already moved beyond the initial discovery of learning about and implementing DevOps, says Daniel Betts, senior research director with Gartner, and are now looking at how they can scale their success with the methodology across the enterprise. There are also organizations that may have attempted to adopt DevOps, but need to reset and try again, as well as those who have yet to give it a go, he says.
Organizations that are scaling with DevOps are looking at such additional approaches as Platform Ops, Betts says, which includes techniques to help them scale DevOps as a practice across the organization. “Organizations that embrace that DevOps is about enabling the delivery of the business to give customer value in a much more rapid and efficient way,” he says. The collaboration of IT and business working together through DevOps, Betts says, is more successful than organizations that only focus on technology and tools, who tend to struggle.
DevSecOps, the inclusion of security in DevOps, is dominating thought processes for modern software delivery, says Michael Gilfix, IBM’s vice president of cloud integration and chief product officer for Cloud Paks. IT becomes more decentralized, he says, thanks to the cloud, the need to deal with overwhelming IT backlogs, and the importance of software as a mechanism to deliver business value. “That is accelerating the trend towards an integrated approach to software delivery,” Gilfix says.
In prior times, a developer wrote code, worked with siloed teams to validate that code was secure, ensure that it was compliant with the organization’s needs, and then worked with an operations team to stand up the code in an environment and make sure it works in a consistent manner. “All of those things are being compressed into a single delivery pipeline, aided by modern CI/CD tools,” he says.
The overarching driver of that, Gilfix says, is teams already work in a decentralized manner. The integration of such a process can lead to significant gains in delivery velocity, he says. With many organizations looking to build software reliability engineering competency, the more businesses depend on software to run their core operations, the more critical it is that the software just hast to work, Gilfix says.
Pushed by the pandemic, many businesses have no choice but to rely on their digital channels, he says. As organizations focus on building up reliability and put preventive measures in place, the effort becomes data intensive, Gilfix says. “People have to sift through logs that come from applications and network devices. They have to set up monitoring and alert tools,” he says. “They have to leverage all these various forms of data to figure out where the application is working, and they have to have mature abilities to build a development staging pipeline.”
That means testing the applications, simulating real world needs, and moving change management into product, Gilfix says. Finding skilled professionals capable of performing those tasks quickly with large-scale applications is a challenge. This is where AIOps, the application of artificial intelligence to make sense of that data for DevOps, comes into play, he says. “Issues can be resolved quicker,” Gilfix says. “You can pinpoint similar issues in your applications and fix them preventatively. You can leverage AI to ensure, in a decentralized manner, you’re compliant and manage risk.” AI can also be used to avoid errors downstream in the development process. “The earlier in your software development cycle you can push changes, the more cost effective it is and the better velocity you get.” This “Shift Left” philosophy makes AIOps and DevSecOps highly effective together, Gilfix says.
IBM is a big investor in AIOps technology, he says, which has included bringing an AIOps solution to market in early 2020 that allows developers to establish a baseline of normalcy. This has been expanded to cover use cases such as compliance, risk management, and software quality. IBM also partnered with ServiceNow to integrate its AIOps technology with service management and visibility. “We think AIOps is going to revolutionize application delivery,” Gilfix says. “AIOps can solve that back-end problem such that we can fix a part that has been slowing down delivery teams.”
Even more complexity maybe be coming to DevOps as organizations weigh other aspects of software deployment that could be improved. Performance engineering, for example, is surfacing in the development cycle, says Forrester principal analyst Christopher Condo. As monoliths get broken into microservices, a distributed computing problem may also emerge, he says, where data is shared via APIs. “Now the size of APIs, the amount of calls it takes, where those things are going to be hosted — if they’re not accounted for early in the design phase — that can be bad,” Condo says. Engineers need to ask questions about how many times per second an API will be called, he says, and what happens if a service goes down.
Performance is entering DevOps comparable to the way security entered the cycle and will continue to do so in 2021, Condo says, which raises questions about if too much is being added to a development process meant to be streamlined. “It depends on what the risk of not doing that is,” he says. Organizations might need to assess what may happen if a security analysis is not performed upfront on a software component, deferring to wait until the end. “What is the risk of it being delayed or of having a security issue?” Condo asks. “I can see there possibly being a limit to what is included in the development process. But if you were going to ask what comes after DevSecOps, I would say performance.”