Updated: Oct 17, 2019
"Do the difficult things while they are easy and do the great things while they are small. A journey of a thousand miles must begin with a single step."- Lao Tzu
DevSecOps is a journey on which teams try different tools and methodologies and integrate best of breed products to achieve velocity without compromising security. And every journey is unique based on the requirements and nature of the business the teams operate in.
Cloud adoption is a major driver for DevSecOps based migration and modernization and the ecosystem is maturing rapidly to accommodate a growing variety of modern applications. These modern architectures include data workflows, containerized workloads, serverless tooling and other structural capabilities such as secrets management, audit trails, policy management and GitOps based deployments.
While the focus on building applications using Continuous Integration (CI) tools and techniques has helped bring down the time it takes to package and release newer versions of software, Continuous Delivery is still a challenge for most companies and agencies. CI maturity does not address the need to design an end-to-end delivery platform capable of deploying clustered application in a secure manner while providing visibility into the automation.
The Continuous Delivery process involves not just software installation and starting applications. To truly drive innovation at scale, operators need to focus on day two operations prior to the build phase. This requires engaging with the app teams to onboard applications to the cloud infrastructure, partnering with security to have the right tooling in place to left shift automated code and vulnerability scanning. It also requires Cluster Management capabilities as well as integrations with traditional service management to provide visibility. Without traditional ITSM processes, monitoring, configuration and change management capabilities, the enterprise DevSecOps journey is incomplete.
Phase it out
To embrace DevSecOps as a driver for team building and innovation, take an end-to-end view of the capabilities required but pick and drive each one to completion. The templatization and codification of platform deployment capabilities will drive deployment maturity and help build team confidence.
Adopting automation will truly transform the way teams operate and the growing complexity of modern enterprise architectures is a forcing function to build this skill set today. Embrace the journey and achieve greatness. Good luck!