DevSecOps

Overcoming Resistance to DevOps Adoption

Executive Sponsorship Is Vital for Successful DevOps and DevSecOps Adoption
Overcoming Resistance to DevOps Adoption
Cultivating a collaborative DevSecOps culture through automated CI/CD pipelines (Image: Shutterstock)

Traditional approaches to software development no longer suffice in digital environments, where speed and agility are of essence. Integrating DevOps and agile methodologies into IT operations is becoming increasingly important to accelerate development and improve collaboration.

See Also: Managing Infrastructure at Cloud Scale

Cultivating a Collaborative DevOps Mindset

A main challenge in transitioning from traditional software development approaches is establishing a DevOps culture. For years, development teams have worked in siloes, leading to bureaucracy and departmental barriers that hindered agility and collaboration.

These teams are required to learn new tools and processes as part of adopting agile development methodologies, creating a cultural shift and resistance to change. Most practitioners have cited cultural change as a barrier to DevOps adoption.

Soumik Mukherjee, senior manager, platform engineering (global), Ascendion, said he confronted these challenges by starting small with manageable projects, celebrating early wins to build momentum, and fostering open communication and collaboration across teams.

"We invest in upskilling our employees and continuously track progress to identify and address any bottlenecks. By breaking down silos and building a shared understanding, we create a collaborative environment where teams work together efficiently and effectively," Mukherjee said.

Debashis Singh, CIO at Persistent Systems, said "Fostering a DevOps and DevSecOps culture and establishing a clear vision is akin to setting the North Star for everyone in the organization. It's about ensuring alignment, understanding the direction, and recognizing its significance." He said organizations must establish clear metrics and a continuous feedback loop.

Srikumar Ramanathan, chief solutions officer, Mphasis, said embracing DevOps yields significant benefits in terms of speed, quality and customer satisfaction, directly influencing stakeholder returns. To address the various challenges to DevOps adoption, he advised a top-down mindset shift across the organization. "Prioritizing execution over strategic alignment with the business underscores its importance," Ramanathan said.

Using Automation to Drive Efficiency and Innovation

A core DevOps tenet is automating the software development life cycle, or SDLC, pipeline through practices such as continuous integration and continuous deployment, or CI/CD. Organizations can quickly and securely develop higher quality code by automating the CI/CD pipeline throughout development, testing, production and monitoring phases of the SDLC.

"Automation has gained significant traction in recent times, primarily for streamlining processes, enhancing competitiveness, and ultimately improving the bottom line," Singh said. "Automation empowers organizations to adeptly navigate the complexities of modern software development, ensuring robustness, efficiency and continuous innovation."

CI automates merging code into a shared repository and helps the development team to detect issues early and maintain code quality. Automated testing ensures consistent and thorough coverage, enhancing quality assurance measures.

Some of the key practices within a CI/CD pipeline include:

  • Automated Monitoring: provides real-time system performance monitoring and promptly alerts relevant stakeholders to anomalies for swift action;
  • Docker Containerization: automates application packaging into portable containers, simplifying deployment across diverse environments;
  • Kubernetes Orchestration: automates the management of containers, simplifying deployment procedures;
  • Infrastructure as a Code: automates the provisioning and configuration of infrastructure components, promoting consistency and reliability.

CD expedites the process by promptly deploying code changes to production environments, ensuring rapid release cycles.

"DevOps is evolving, expanding its scope beyond CI/CD to encompass the entire IT value stream. Imagine an end-to-end frictionless pipeline that automates everything from integration and testing to monitoring, containerization and orchestration," Ramanathan said.

Adding Security to DevOps

As DevOps practices evolve to create seamless, automated pipelines spanning integration to deployment, organizations are recognizing the need to fully integrate security across this entire process.

DevSecOps takes the core DevOps principle of end-to-end automation a step further by seamlessly integrating security practices and tooling throughout the SDLC. Enterprises are adopting DevSecOps to address the expanding array of threats and increasingly sophisticated attacks targeting multi-cloud environments. Security in the cloud is a shared responsibility, where security teams play a crucial role in protecting against risks; however, accountability extends to all teams involved. As organizations embrace cloud-native applications and strive for faster application delivery through CI/CD, the prevalence of containers and serverless technologies introduces complex security challenges.

Application developers face the challenge of balancing speed and security, with the traditional approach of addressing security post development evolving into a more proactive stance. These challenges can be managed by automating security testing processes, integrating specialized tools for early identification and remediation of vulnerabilities, and continually checking for risks post deployment.

Fabio Fratucello, CTO - international, CrowdStrike, said "The goal is to embed security into the software development workflow, minimizing the need for runtime interventions and fostering a culture of proactive security across all stages of development. This proactive approach ensures a security-conscious culture and enables agile responses to security incidents, safeguarding the integrity of software applications throughout their life cycle."

Mukherjee said collaboration and building a shared understanding of risks and priorities between security and DevOps teams is crucial for identification and integration of security tools into different stages of the SDLC. This, he said, will deliver secure software quickly. "We achieve this by conducting joint training sessions, and establishing clear ownership and accountability of security across the entire development pipeline," he said.

Introducing security into DevOps, however, will increase cognitive load on the developer, who may have little knowledge about secure coding practices.

"This needs to be addressed through upskilling them on security, introducing security through tooling that they are already familiar with for easy and faster adoption," Ramanathan said.

C-suite Driving DevOps and DevSecOps

Executive sponsorship and commitment are vital for a successful DevSecOps adoption, including:

  • Aligning the vision and goals: The C-suite must define and communicate the vision and goals of DevSecOps, and how they align with the business strategy and drive customer value. The C-suite should establish measurable objectives and a mechanism to monitor progress and recognize achievements against those targets.
  • Leading by example: C-level executives must demonstrate their commitment to DevSecOps by embodying the desired mindset and behaviors. This includes embracing change, fostering a culture of experimentation and continuous learning, remaining open to feedback, and actively promoting collaboration across teams.
  • Empowering the teams: The C-suite must empower DevSecOps teams to operate as autonomous, cross-functional units. They must provide the teams with the necessary resources, tools, training, and an environment that cultivates transparency, accountability and trust among team members.
  • Tracking progress and demonstrating value: The C-level executives should regularly measure and communicate the tangible benefits of DevSecOps initiatives to stakeholders, showcasing the increased efficiency, security and value delivered.
  • Publicly endorsing the initiatives: Leaders must champion these cultural shifts, leading by example and actively promoting collaboration and a shared responsibility for success.
  • Integrating security into the process: The leadership must ensure that security is embedded into every stage of the DevSecOps, from planning to production, and that security policies and standards are codified and enforced.

About the Author

Brian Pereira

Brian Pereira

Sr. Director - Editorial, ISMG

Pereira has nearly three decades of journalism experience. He is the former editor of CHIP, InformationWeek and CISO MAG. He has also written for The Times of India and The Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cio.inc, you agree to our use of cookies.