DevOps & DevSecOps
The DevOps pipeline has become a keystone of software development and IT management. It enables rapid delivery to production using agile lean practices, and a focus on managing complexity. DevOps emphasizes collaboration and communication between software developers, IT operations, and the business process stakeholders in the organization.
DevOps combines application development and operations. It allows teams to deliver reliable and useful software faster and with higher quality.
On an effective DevOps deployment pipeline, a developer completes a piece of functionality within 1 to 3 days, and immediately (and automatically) deploys it to a test environment. The incremental improvements are immediately tested and feedback is provided to the developer while the code is still fresh and familiar, rather than days or weeks after completion when the developer has to reboot context and re-familiarize themselves with the code.
Today, cybersecurity assurance must be a part of the DevOps pipeline, and we often use the alternative DevSecOps nomenclature to indicate that.
Simplify, simplify, simplify! (KISS!)
DevOps has become a fashionable and overused marketing moniker that many software vendors use to position their products as indispensable. It is common for a disjoint, fragile collection of tools, acquired and integrated from a variety of vendors, to be selected and deployed "organically".
It is unfortunate, but often a hodge-podge of individually best-of-breed tools results in a least-common-denominator outcome.
Our approach is to manage bloat, cost, and complexity by being aggressively minimalist. We simplify and eliminate tools that can perform similar functions.
It takes a combination of art and science to balance between "not invented here" and "always buy instead of build". This is one area in which our clients benefit from our long experience, deep expertise, and the discipline to focus on the ultimate outcome.
Continuous Delivery with Managed DevOps
The work we do for our clients makes DevSecOps is not an optional "extra", but rather an integral part of the development process, regardless of what other practices are used. There is a right time and place for agile, scrum, kanban, pair programming, continuous improvement, lean, 6σ and even good old waterfall methodologies. It is important to use the process as a tool to manage to the desired outcome, and not let the process become the outcome in lieu of all other outputs.
Stand-Alone DevOps Engagement Process
1. Establish the starting point for the project.
2. Triage wish list against strategic goals and reconcile with budget and timeline. Architect overall solution, taking into consideration client “must-haves”.
3. Audit architecture with internal teams and build implementation timeline. Several iterations are often required. Begin the informal process of retraining and plan details of specific staff training and education.
4. Perform the actual system implementation, including migration of source code repositories, prior bug tracking, and issue management data. Integrate with preserved build, test, and deployment infrastructure and integrate new add-ons and replacements.
5. Formal training is critical to the success of the project, as to a large degree, it is contingent on the buy-in from the client team.
6. Test, test, test, and test again to guarantee a clean and painless switch-over.
7. Final delivery. The moment of truth.
We engineer continuous integration, continuous test, and continuous deployment in every project and back it with GitFlow branch-by-feature source control management.
» We have no specific toolset preference – we care about tools that allow us to express best practices, as a fit to each individual project rather than recommend a one-size-fits-all software or vendor package;
» For internal projects, we generally use Atlassian and Microsoft TFS. We were a very early adopter of JIRA and GIT - we have been Atlassian users and customers since 2003.
Our DevSecOps practice helps our clients to:
» Improve deployment frequency, time to market and shorten the lead time between fixes;
» Improve the quality of new releases, and guarantee fast and consistent ability to roll back a release in the event of failure or deficiency;
» Maximize the predictability, efficiency, security, and maintainability of operational processes;
» Minimize staff turnover risk and ensure continuity of operations;
» Preserve and protect key IP within the organization;
» Make cybersecurity and customer data protection a standard ongoing concern, embedded in and covered by the development process, rather than an afterthought;
» Integrate with incident response and business continuity plans and processes;