As DevOps becomes increasingly respected and adopted, the rudimentary concepts propelling the approach are swiftly evolving and developing for the better. The latest iteration of DevOps is BizDevSecOps, which aims to implement a “whole company” approach to deriving business value from IT.
Making way for change
“One of the best aspects of DevOps is really its bringing of Lean and Agile principles together, so it’s a continuous improvement process,” said Rosalind Radcliffe, an IBM Distinguished Engineer leading the session “DevOps Today: What Does It Mean to You,” at Interop ITX 2018.
“Companies that started with Dev and Ops are now expanding [the concept] to the rest of the organization, breaking down the silos and bringing more of the organization into close collaboration,” she explained. DevOps is also expanding its general reach and impact, now with auditors being part of the team from the very beginning, keeping focus on auditable solutions, Radcliffe added.
Another key development, which is now common within a growing number of DevOps-driven enterprises, is the expansion of DevOps practices to all areas of IT. In these organisations, DevOps practices are not only being applied to modern applications and their supporting infrastructure, but also to legacy systems and networks. According to Radcliffe “All aspects are being included.”
It’s now BizDevSecOps
Radcliffe made a note that current and potential DevOps adopters should not be hesitant by the emerging BizDevSecOps approach. “It is just a more realistic name for ‘DevOps,'” she explained. She also said that DevOps has always needed to incorporate all aspects of business, something which is finally being recognised with BizDevSecOps. “For some, it’s the obvious evolution of DevOps; for others, it is what it always was intended,” Radcliffe observed.
BizDevSecOps ensures that no critical aspects of business will ever be ignored or overlooked. “You can’t leave any part out or it will lead to delays and waste,” Radcliffe warned. BizDevSecOps is also aware of how security plays critical role in everything “No longer can companies think of security second or later or separate,” she said. “Security must be designed in from the beginning.”
Getting srarted in BizDevSecOps in a way that is meaningful involves attentive planning and maintaining an approach that is inclusive. “Bring the other aspects of the business to the table to participate in the change, bring the security process into the automated pipeline as much as possible,” Radcliffe advised. She also suggested that adopters implement secure coding practices into the design process and invite business representatives to the team.
Radcliffe noted that some organisations substituted an IT business analyst proxy for true business representation. This is never seen as a good idea as genuine, accurate business insight can only be provided by an authentic business leader. “Proxies are not good enough with short turnaround times,” Radcliffe warned. “Work to include more actual end users in the feedback cycle.”
Organisational realignment and funding model changes are necessary to correctly implement BizDevSecOps, Radcliffe stated “Companies today continue to fund ‘projects’, but this drive should move the funding model to programs or continual backlog funding,” she said. “I also see many companies moving to more of an insourced development model.”
She also made not that DevOps/BizDevSecOps successes are encouraging enterprises to take a look at the approach with fresh eyes. As opposed to looking at IT as though it were a cost centre, organisations are starting to see tech operations as a primary driver for business. “Companies are seen through their applications and the capabilities provided,” Radcliffe explained. “Yes, financial institutions manage money, but their primary business delivery is through IT.”
Outlook for the future
Radcliffe believes that digital transformation and IPA economy are leading enterprise down a path where they need to move to a BizDevSecOps or DevOps model. “The aspects of business drivers are now totally linked to the way they can be provided though technology,” she said.
“Unless enterprises transform to embrace new DevOps approaches, they will be disrupted by those that do,” Radcliffe predicted. “The new unicorns had an advantage in their quick start, but if those large companies with significant IT assets can transform [themselves], they can disrupt those new disruptors and lead into new business markets.”
To get the best tech operations for your business, you can find a network of companies at all Whitehall Media events. Get in touch today for more information.