Content Copyright © 2023 Bloor. All Rights Reserved.
Also posted on: Bloor blogs
I had an interesting chat with IBM about DevOps and where it is going now. I think we all agreed that DevOps is now accepted “good practice” for building many kinds of software and that it covers software development using an automated continuous delivery pipeline which delivers tested increments of business value at frequent intervals. So, what could go wrong?
Well, for a start people might confuse “working software” with delivery of actual business value from automation. Software delivery is necessary but may not be sufficient. DevOps efficiency and effectiveness matter and need to be recognised by the business and not just by developers.
There is also a temptation to tinker with the process, without bothering too much with the outcomes. “Hey, DevOps was fun and made us lots of money selling new tools. Let’s have SecDevOps now, so and deliver software more often, that is actually secure enough to do business with…”. Now, whoever had the idea that security didn’t matter when developing software? DevOps is, in part, a quality management process and all business requirements matter, even “non-functional” ones like security and performance. If there is a scoping issue around DevOps, I think that it is not primarily around adding more functional areas, it is about including more stakeholders.
There is, I think, a potential technical issue with DevOps, however. The pipeline doesn’t just need to include automated unit tests. Integration testing and user experience testing (to say nothing of security testing and performance testing) also matter. Even with automation, that might be more testing than available resources (including time) can cope with. Which means that risk management is vital – resources must be deployed where they do most good. Which implies that there are available metrics for the value of business outcomes and that the continuous delivery pipeline must first assure those outcomes that most impact the delivery of business value. This is definitely next generation DevOps and probably implies the use of AI to help an organisation to manage its evolving application-based risk – see, for example, some of the work Perfecto is getting involved with.
IBM, points out that it has existing customers (a good situation to be in) and, while it definitely recognises the potential of future DevOps (AI-based analytics are very much IBM’s thing), it does need to bring its existing customers along with it – Mutable is all about evolution, not revolution. So, IBM’s immediate focus is on DevOps efficiency – using limited resources to deliver real, quantifiable, business benefit – and effectiveness – delivering something that all business stakeholders recognise as being useful and important. Plus, providing a better user experience for developers. Efficiency, effectiveness and UX; these, I’m sure, will be of more immediate importance than changing the DevOps terminology to include “Sec”.