DevOps and DevSecOps: Agile software development

DevOps and DevSecOps

DevOps and DevSecOps are work methodologies that aim to release better software, faster. They focus on the collaboration between software development and IT operations departments to increase agility in development and deployment processes.

These methodologies are based on the Agile methodology to speed up processes across departments. These new approaches to software development are based on principles such as collaboration, shared-responsibility, automation, feedback and continuous improvement. However, while the Agile methodology only focuses on the collaboration between development and product management departments, DevOps and DevSecOps go beyond and include the operations team to the equation.

There are other methodologies based on the same philosophy, such as DataOps, FinOps and AIOps.

What is DevOps?

DevOps stands for “Development and Operations”. Development (Dev) and operations (Ops) departments have traditionally worked in siloes, making some tasks difficult. On the contrary, under the DevOps methodology, IT operations and software development teams join efforts to make developments and deployments as agile as possible.

The DevOps methodology aims to release better software, faster, using Agile principles and best practices.

The developers writing the code and the operations staff running the software work together, focusing on all the processes within the software development workflow. This methodology raises awareness on how every action affects all teams involved in the release process. So, by increasing collaboration across departments, teams can reduce complexity, increase efficiency and deliver more value to customers.

Main phases of the DevOps cycle

  1. Planning
  2. Building
  3. Continuous integration
  4. Deployment
  5. Operation
  6. Monitoring & continuous feedback
DevOps life cycle

Benefits of using DevOps

DevOps contributes to meeting the demand for frequent, innovative new features and uninterrupted performance and availability. The methodology is in fact the result of the evolution of software development cycles during the past decades: from big releases every several months or years, to small, frequent updates. Therefore, although it cannot be implemented overnight, its numerous advantages are worth the effort.

By working together, development and IT operations teams can:

  • Reduce lead time.
  • Achieve higher-quality and stability.
  • Increase automation and innovation.
  • Speed up the development of new products and versions.
  • Improve incident responses.
  • Improve management.
  • Ensure continuous improvement.

Most popular DevOps frameworks

“Three Ways” and “CALMS” are some of the most common frameworks to adopt the DevOps methodology. These models establish the fundamental principles of DevOps to make its implementation easier.

The Three Ways framework

  1. Systems thinking. Focus on the performance of the entire system.
  2. Amplify feedback loops. Improve communication across teams to ensure continuous iteration and improvement.
  3. Culture of continuous experimentation and learning. Encourage constant experimentation, risk taking and learning from failure.

The CALMS framework

CALMS is an acronym for Culture, Automation, Lean, Measurement and Sharing.

  1. Culture. Shift to the collaboration across development and operations departments.
  2. Automation. Increased speed and quality. 
  3. Lean (principles). Embracing an experimental mindset of continuous improvement and learning from failure. 
  4. Measurement. Processes’ improvement by measuring results. 
  5. Sharing. Best practices adoption and collaborative work across teams.

What do DevOps engineers do?

The role of a DevOps engineer is to coordinate and supervise tasks among teams — software developers, system administrators and IT operations staff. DevOps engineers should have both a wide knowledge of development and operations, and strong interpersonal skills to help build a collaborative environment. These are some of the responsibilities of DevOps engineers:

  • Project management
  • Design and improvement of the IT infrastructure
  • Performance tests
  • Development and update release scheduling
  • Infrastructure provisioning and management
  • System administration
  • Security
  • DevOps advocacy

Interpersonal skills are key for the DevOps advocacy task. The shift to a DevOps culture is complex and can be disruptive for team members. Therefore, management skills are very important in order to motivate teams and lead the cultural change. Besides, DevOps engineers must also be familiar with Agile principles, as they are the base of the DevOps methodology.

What is DevSecOps?

DevSecOps stands for “Development, Security and Operations”. The DevSecOps model integrates the security layer from the beginning within the DevOps methodology. It establishes that both developers and operations staff should care about security from day one. Because, in addition to the benefits of following the DevOps methodology, by considering security at every stage of the development, teams can:

  • Reduce the quantity of revisions and corrections once the application is released.
  • Prevent failures and mistakes.
  • Improve cost-efficiency when facing security issues.
  • Increase customer satisfaction and loyalty.

The DevSecOps methodology, as DevOps, relies significantly on automation. So, all security processes that can be automated, such as security audits, should be so.

DevSecOps life cycle

DevSecOps best practices

  • Improving security and development processes.
  • Teaching best practices to staff; since users are the weakest part of any IT system.
  • Managing and improving access control.
  • Automating repetitive processes.
  • Assessing risks and defining a contingency, DR plan.
  • Using IT security tools.
  • Looking for threats and vulnerabilities proactively.
  • Performing security audits periodically.

The importance of DevSecOps in the cloud

When planning a migration to the cloud, security must be carefully addressed to avoid risks and save time and money. When outsourcing their IT infrastructure, companies are often trusting their most sensitive data to an external provider. Therefore, security should be assessed and addressed at every stage. Cloud services are based on a shared-responsibility model, so both the service provider and the customer are responsible for guaranteeing the best security level possible. 

What is DataOps?

DataOps stands for “Data and Operations”. In a DataOps model, data engineers, scientists and analysts join the “DevOps team”. The goal of DataOps is to speed up the development of applications based on Big Data. This approach guarantees that applications enable a more flexible and efficient use of data, leading to more sales.

What is FinOps?

FinOps stands for “Financial Operations” or “Cloud Financial Operations”. It is a financial operations management methodology that aims to help control cloud costs enabling collaboration among cross-functional teams. It consists mainly of tracking, analyzing and optimizing all costs associated with cloud computing usage.

What is AIOps?

AIOps stands for “Artificial Intelligence for IT Operations”. It consists of applying advanced analytics (Big Data, Machine Learning and Artificial Intelligence) to automate repetitive, tedious IT operations.

To sum up, these methodologies are more than a different approach to development and IT. They aim to boost efficiency, quality and security by encouraging a closer collaboration across IT teams. So, their adoption also involves a cultural change. Moreover, by leveraging Agile principles such as automation, these methodologies lead to faster delivery times, continuous improvement and more innovation.

Share it on Social Media!