Posted on by Weekly DevOpsin
DevOps is a software development approach that brings development and operations staff (IT) together. The approach unites previously siloed organizations that tend to cooperate only when their interests converge, resulting in an inefficient and expensive struggle to release a product. DevOps is exactly what the founders of the Agile Manifesto envisioned: a nimble, streamlined process for developing and deploying software while continuously integrating feedback and new requirements. Since 2011, the number of organizations adopting DevOps has increased by 26 percent. According to recent research, those organizations adopting DevOps ship code 30 times faster. Despite its obvious benefits, I still encounter many organizations that hesitate to embrace DevOps. In this blog post, I am introducing a new series that will offer weekly guidelines and practical advice to organizations seeking to adopt the DevOps approach.
As a federally-funded research and development center (FFRDC), the SEI must maintain high standards of efficiency, security, and functionality. At the SEI, I oversee a software engineering team that works within CERT's Cyber Security Solutions Directorate. My team develops tools and technologies to help federal agencies address cybersecurity risks, manage secure systems, and investigate increasingly complex cyber attacks and crimes. To fulfill these responsibilities, we develop many increasingly complex software applications, and DevOps has become a necessary, defining factor in our software development process.
Our role in helping federal agencies assess cybersecurity risks heavily influences our approach to DevOps, necessitating that we weave security considerations into every facet of our software development lifecycle.
Cybersecurity is often misunderstood or even ignored as new systems are designed and developed, falling out of view to more high profile quality requirements, such as availability or correctness of software systems. Due to CERT's responsibility to our sponsors and the community, security is consistently a first-tier concern, addressed as an early and fundamental requirement for any system developed by our team. This focus has precipitated our research into Secure DevOps, or DevOpsSec, a topic we will revisit often in this blog series.
Origins and Benefits of DevOps
DevOps emerged in 2009 when a group of Belgian developers hosted DevOps Days, which advocated collaboration between developers and operational staff. Since then, organizations have rapidly adopted DevOps. In their 2014 State of DevOps report, Puppet Labs found DevOps adopters to be "deploying code 30 times more frequently with 50 percent fewer failures." In addition, the more than 9,000 people who completed the Puppet Labs survey reported the following:
For more on the origins of DevOps, see my post, An Introduction to DevOps.
Addressing Challenges to DevOps Adoption
Before an organization can consider adopting DevOps, it needs to shift the prevailing mindset and culture and gain a better understanding of how DevOps works. In my experience, some barriers to adoption are technical, and a number are cultural. The practical advice and suggestions that we will publish every Thursday will focus on three core areas of DevOps:
The following are some of the specific challenges that I will address in the subsequent weeks:
While I will use this series will provide weekly guidelines and advice on DevOps adoption, I will continue to publish more in-depth posts that take a deeper dive into issues surrounding DevOps. The next post in this series will explore continuous integration in DevOps.
We welcome your feedback. What issues surrounding DevOps do you want to know more about? What challenges is your organization facing in adoption? Please leave feedback in the comments section below.
To listen to the podcast, DevOps--Transform Development and Operations for Fast, Secure Deployments, featuring Gene Kim and Julia Allen, please visit
To view the August 2011 edition of the Cutter IT Journal, which was dedicated to DevOps, please visit http://www.cutter.com/promotions/itj1108/itj1108.pdf.
Additional resources include the following sites: