As DevOps becomes ever more widely respected and adopted, the fundamental concepts driving the approach are rapidly evolving and improving for the better.
The latest DevOps iteration is BizDevSecOps, which aims to introduce a "whole company" approach to deriving business value from IT.
"One of the best aspects of DevOps is really its bringing of Lean and Agile principles together, so it's a continuous improvement process," said Rosalind Radcliffe, an IBM Distinguished Engineer who will lead the session "DevOps Today: What Does It Mean to You," at Interop ITX 2018 on May 2. "Companies that started with Dev and Ops are now expanding [the concept] to the rest of the organization, breaking down the silos and bringing more of the organization into close collaboration," she explained. DevOps is also expanding its overall reach and impact, with auditors now becoming a part of the team from the very beginning, focusing on auditable solutions, Radcliffe added.
Another key evolution, now common within a growing number of DevOps-driven enterprises, is the expansion of DevOps practices to all IT areas. In such organizations, DevOps practices are not only being applied to modern applications and their supporting infrastructure, but to legacy systems and networks, too.
"All aspects are being included," Radcliffe stated.
It's now BizDevSecOps
Radcliffe noted that current and potential DevOps adopters shouldn't be put off by the emerging BizDevSecOps approach. "It is just a more realistic name for 'DevOps,'" she explained.
According to Radcliffe, DevOps has always needed to encompass all business aspects, and with BizDevSecOps that fact is finally being recognized. "For some, it's the obvious evolution of DevOps; for others, it is what it always was intended," Radcliffe observed.
BizDevSecOps ensures that critical business aspects aren't ignored or overlooked. "You can't leave any part out or it will lead to delays and waste," Radcliffe cautioned. BizDevSecOps also acknowledges that security plays a critical role in everything.
"No longer can companies think of security second or later or separate," she said. "Security must be designed in from the beginning."
Getting started in BizDevSecOps in a meaningful way requires careful planning and maintaining an inclusive approach. "Bring the other aspects of the business to the table to participate in the change, bring the security process into the automated pipeline as much as possible," Radcliffe advised. She also suggested that adopters should bring secure coding practices into the design process and invite business representatives onto the team.
Radcliffe observed that some organizations substitute an IT business analyst proxy for true business representation. That's never a good idea, since genuine, accurate business insight can only be provided by a bona fide business leader. "Proxies are not good enough with short turnaround times," Radcliffe warned. "Work to include more actual end users in the feedback cycle."
Organizational realignment and funding model changes are necessary to correctly implement BizDevSecOps, Radcliffe stated. "Companies today continue to fund 'projects', but this drive should move the funding model to programs or continual backlog funding," she said. "I also see many companies moving to more of an insourced development model."
Radcliffe noted that DevOps/BizDevSecOps successes are leading enterprises to take a fresh look at the approach. Instead of viewing IT as a cost center, organizations are beginning see tech operations as the primary business driver. "Companies are seen through their applications and the capabilities provided," Radcliffe explained. "Yes, financial institutions manage money, but their primary business delivery is through IT."
Radcliffe believes that digital transformation and the API economy are leading enterprises down a path that requires them to move to a BizDevSecOps or DevOps model. "The aspects of business drivers are now totally linked to the way they can be provided though technology," she said.
Unless enterprises transform to embrace new DevOps approaches, they will be disrupted by those that do," Radcliffe predicted. "The new unicorns had an advantage in their quick start, but if those large companies with significant IT assets can transform [themselves], they can disrupt those new disruptors and lead into new business markets," she concluded.