The remote working triggered by COVID-19 is leading to a series of interesting and positive business outcomes. An area where we are witnessing considerable impact is the practice of DevOps or the art of accelerating and improving technology delivery and operations processes. At the heart of DevOps, it is all about culture, people and technologies coming together.[i] The practice seeks to drive collaboration between development and operations teams, bringing them closer right from conceptualization, planning, design, deployment to operations. With COVID-19 imposing remote working, DevOps is witnessing a significant increase in adoption. Cloud has become critical for decentralized DevOps teams, providing a new set of challenges that need to be addressed.
The challenges are significant. For organizations that do not (yet) have a complete cloud-native DevOps program, Freddy Mahhumane, the Head of DevOps for South Africa’s financial services leader, the Absa Group, has some advice: “Don’t just pick AWS or Azure or Google Cloud and migrate. If an organization is in early stage of cloud adoption, come up with a hybrid strategy that keeps some processes running in house and on premises while you learn in the cloud environment.” This gives the required confidence to Development and Operation teams. But that is increasingly turning into a luxury with COVID-19 around. Working remotely in cloud environment has become necessary—and will soon become the default mode.
Fortunately, the DevOps culture talks about working remotely from anywhere, anytime -hardcore practitioners should be able to walk into an Internet café anywhere in the world and work. And now, after a few months of distributed working enforced by the pandemic, DevOps leaders are finding ways to solve the challenges of collaboration, processes management, delivery and more. However, cloud adoption for systems lowers the risk by several magnitudes. It allows them to access the required infrastructure when compared to accessing it over an enterprise VPN or via secure end points that need expensive licenses. This, naturally, raises questions around security.
Part of the answer lies in the practice of DevSecOps that seeks to maintain compliance and security requirements. But the focus of security, as called out by Mahhumane, has traditionally been on hardware and application security. He too feels distributed/remote working requires organizations to also focus on the social aspects of security. For example, an employee working from home social engineering may share data or innovation ideas with friends or family. So, it is very essential to understand the social side of the security as well. There could be many more challenges. DevSecOps was born to secure our systems, processes and the places where we are producing information with enterprise infrastructure. Physical security of data is assured. Now, DevSecOps has to deal with remote and isolated team members in environments that may be difficult to monitor. What is required is DevSecOps with an additional layer of controls.
This, in the long-term, is a welcome trend. It shifts attention to security right to the front of the SDLC and will cause more robust security practices. For banks and financial services this is a healthy development. They need to deliver digital products quickly to stay ahead of competition and drive innovation. Better security practices will ease their anxieties over potential breaches of compliance and regulatory requirements while enabling product development at pace.
Leaders who prioritize security strategy will find that they can drive their large distributed ecosystems of IT vendors to deliver better. To enable this, Mahhumane advises organizations to develop a security team along with strong strategy within the organization to support vendors. The team’s goals would be to help vendors meet organizational goals. He also suggests that DevOps leaders should understand their infrastructure thoroughly. For example, a data center plays the role of hosting, and understanding the processes of a data center can help create better delivery.
Over the last several years, DevOps has shown that it is an evolutionary process, not a big-bang event. However, currently it is being forced to evolve more rapidly than it has done. Processes used for years for versioning, testing, monitoring and securing, must undergo rapid change. DevOps leaders need to question their existing practices so new ones may quickly evolve for an era of remote working.
Freddy Mahhumane, Head of DevOps, ABSA
Ashok MVN, Associate Partner, ITC Infotech
[i] There is no clear, single definition of DevOps. As DevOps depends on company culture, the definitions show subtle differences when articulated by different people.