Creating the correct DevOps culture: Failure is a part of the success
- 20 August, 2019 06:30
At its core, DevOps is a practice rooted in culture and philosophy. It takes time to develop and master, and for all its benefits, it’s also prone to disaster. So much so that Gartner predicts by 2022, 75 per cent of DevOps initiatives will fail to meet expectations due to issues around organisational learning and change. Larger companies that have been around for some time have arguably the most work to do in overcoming the challenges of modern application development, particularly those with a mixture of legacy on-premise and new cloud applications.
DevOps can be difficult to correctly implement organisation-wide. Here are some common pitfalls of DevOps and how to resolve them—interestingly, the answer invariably lies in three different pillars of team culture.
F5’s State of Applications Services report found DevOps has moved “from a strategic differentiator for a set of early adopters” to becoming a mainstream part of information technology operations. It would not have come to this if it were not for the emphasis on culture that DevOps invariably brings.
It’s key to avoid the typical DevOps “failure” to meet expectations by reversing the very notion of failure itself. Setting up a culture of collaboration in a way where teams are encouraged to fail is helpful rather than the traditional culture of success, which paints failure as a bad outcome. In the best DevOps worlds, failure is simply another iteration to finding the best outcome. It is all about being okay with embracing risk a little bit more and setting up a safe place for people to fail in order to find the right solution.
A core principle of DevOps is embracing continuous integration and testing. Chaos engineering is an example or embracing risk as part of a continuous integration strategy. This chaos thinking is embedded not just in DevOps, but also in organisational success more broadly. Useful for system failures and edge cases, chaos engineering famously came on to the scene in 2011, when Netflix introduced a resiliency tool to assist applications in handling unsystematic instance failures.
Integrating chaos engineering into the DevOps toolchain enhances the objective of continuous testing, which plays a big role in mitigating against DevOps issues, as every instance failure is proactively accounted for, expected and more easily absorbed.
With developers in such short supply—it’s estimated Australia needs 200,000 more technology workers in the next five years—companies need to operationalise the most efficient ways to get the most creativity and expertise out of the developers they do have. Chaos engineering is a mechanism for continuously testing resilience of applications. In order to use it as an approach, the organisation needs to be ready for chaos. Being ready in this context means embracing risk and having a culture of collaboration in place.
Shifting left on security
A common issue developers face often comes from the DNA baked into the DevOps tools they use. Most security practices are concerned with keeping bad actors from getting into the environment and measuring compliance, which can leave gaps from auditing or downstream testing.
DevOps practices do not preclude security but rather embrace it, and should do so from the beginning of the software development life cycle (SDLC). This is what people commonly call ‘shifting left’ and it can represent an enormous cultural shift not just for developers, but also for other major stakeholders in the IT team. For security, it means enabling developers to move to shorter release cycles by making security easily consumable for developer teams. For leadership, it means balancing the disparate priorities of teams for mutually beneficial outcomes of more rapid development and agile working.
From a cultural perspective, it means organisations must make security consumable for developers, which is not always natural. Getting buy-in from developers on security can be tough given the historic tensions between application security teams and developers. However, baking in security further to the left, gradually at first, and with the intention of changing the old practice, will make everyone increasingly adaptable and allow both teams to move at the speed in which suits them.
We frequently hear that DevOps is all about the culture. However, the practicalities of this mantra are often missed. In order for DevOps to work, the three key elements of success include developing the right organisational culture, continuous testing and not leaving security behind. In addition, DevOps and IT leaders must set the example from the top-down. Without the permission and encouragement to fail, work in an agile manner, or think about security in a whole new way, teams won’t ever fully recognise the many benefits a DevOps culture has to offer.
Scott Van Kalken is a system engineer at F5 Networks.