Sachin Kapale

Sachin Kapale

1 comment on DevSecOps : Cultural change & agility beyond development team

DevSecOps : Cultural change & agility beyond development team

Recently you would have heard DevSecOps words is thrown around a lot. Before we arrive to this term let us step back & try to understand history.  We have seen that there are significant changes to software development life cycle over a period of time & similar changes happened in the area of release cycles also.  There was a time, when releases were done quarterly, half yearly & yearly. From recent architectural, process & infrastructure types of changes, it is possible to have delivery within weekly, monthly & even sometimes daily.  When you are running a SaaS model , you definitely need to have quicker deliveries also. Arriving to such a quicker delivery was possible through certain technology as well as process changes & some of them requires cultural changes at the organization level.

Let us start with changes at technology level in terms of regular build process. It started with Continuous Integration (CI) & Continuous Delivery & Deployment(CD).

What is Continuous Integration ?

Continuous integration is a practice where application developers keep integrating code as and when a logical unit of work is complete by pushing their code in repository. This could be several times of the day or once in a day.  This is infinite process where developers keep checking in code which will trigger integrated build as and when application code is pushed. This process repeats multiple times in a day. The code needs to be integrated with your unit tests & every time a build is complete you should have unit test suite run against new code with results.

Benefits of CI

  • Faster feedback on developers individual code for any integration failures with existing code. They get notified as soon as build fails or integration issues detected.
  • Lesser defects gets shipped as this phase is equipped with automation tests.
  • QA team can concentrate on increasing quality check in other areas,since most of the code is already tested by automation.

 

What is Continuous Delivery?

It is a extension to Continuous Integration and an approach in which team make sure that every change is releasable and on click/push of a button this can be released in a production environment.

Benefits of Continuous Delivery

  • Faster feedback from customer on releases.
  • Complexity of release management goes away.

 

What is Continuous Deployment?

It is one step further to Continuous Delivery where application deployment happens in production environment as soon as it passes all the gate review. There is no manual intervention in this process. This process needs regress build of static code analysis & some of the gated review need to be done before code gets deployed in production. As there is no manual intervention in between lower environment promotion to higher environment all the check points need to be automated to the fullest level.

Benefits of Continuous Deployment

  • Faster feedback from customer on releases & less risky as it is done in smaller releases.
CICD Infinity
CI/CD

What is Pipeline ?

As you can see from earlier discussion each step is followed one after another from Continuous Integration till Continuous Deployment. There has to be a sequence of events which needs to be executed. Pipeline gives you a way to manage Continuous delivery.  It also lets you control & define your own release model.  You can define steps needs to be followed during build process,deployment, promotion of code, test case execution & if needed manual approval for promotion in higher environment.

A typical Jenkins Pipeline looks like below

 

Jenkins
Jenkins Pipeline(Image Source: Jenkins)

Benefits of Pipeline

  • You can control & manage Continuous delivery & steps involved in it.

What is DevOps ?

Yes, these are literally two words connected with each other Development & Operations. In most of the organization & in waterfall development methodology development team & operation team works in silos. Appadmins group is mostly a shared group within the organization for multiple projects that’s where your agility gets lost & there was strong voice from development community about bottleneck in agile methodology as it needs to be extended beyond development team & that’s where DevOps model gave birth.As shown in below figure

DevOps
DevOps Model

 

Benefits of DevOps

  • Since you have early integration of QA team, so you will receive faster feedback on your code.
  • Operations are no longer a Siloed team in the organization they do understand the sprint cycles & CI/CD pipelines.

To make this model work it needs a lot of mind set change & it also need organizational level changes to make it successful.

What is DevSecOps ?

You could have noticed that one piece is missing in above picture is Security, which comes last in the pipeline or right before the product deployment in production. In current world security became a primary focus & it need not be responsibility of one & only one siloed group in the organization. It needs to taken care from early phases of development cycle & responsibility needs to be shared across the teams, so typical DevSecOps looks like below where security is involved across all the phases.

DevSecOps
DevSecOps Security covering all the phases

Benefits of DevSecOps:-

Security is no longer one person or team responsibility & it is spread across multiple phases & lot of things are taken care as a part of development lifecycle.

 

As you have seen across multiple evolution steps in the world of application delivery & deployment to gain the agility.  New tools and technology is already available from long time but is it sufficient to get to the end goal, answer is ‘No’ , in order to have successful DevSecOps model do demand a mindset change & cultural change across the organization has to happen. No matter what DevSecOps is the initial step towards agile development. I am saying DevSecOps is initial step because there is more to it for that stay tuned for next article.

 

 

 

 

 

 

Posted by:

Sachin Kapale

Senior technology leader offering 20 years of experience concentrating on Business Transformation, including the past five years on architecting, and migrating applications for AWS Global Cloud Infrastructure. Performed cloud infrastructure optimization to reduce costs by 15%. Demonstrated ability to lead the architectural design of small or large enterprise multi-platform environments in both on-premises data centers and the Cloud. Experience in leveraging cost-effective, cutting-edge solutions. Savvy strategist who positions teams and roadmaps to successfully execute initiatives, anticipating and translating business needs into robust solutions and tools and driving adoption. Known for building a culture of commitment, accountability, and shared success across teams of up to 400 geographically dispersed members. He has certifications in TOGAF,AWS,Azure, Oracle,JAVA,Websphere, UDB, HP area. He currently plays multiple roles in Architectural space. He works with senior management to establish strategic plans and objectives, document technical strategies to facilitate operational business needs , Assess systems requirements and design against best practices, technology advances, industry standards, and business needs. Provides direction on implementing feasible, cost-effective solutions to the overall system architecture and design to meet these needs Also Sachin works closely with Health Services Operations management and staff, Operations Systems’ technical engineers, and process engineers to provide guidance and ensure adequate design for meeting Health Services’ business objectives and strategy & Serve as the key technical point of contact in developing the technical solutions in response to Request for Proposals, Change Requests, and business needs. Sachin also review federal, state, and company policies to determine applicability to systems functionality, design, and operation.He also develop strategies to fulfill requirements and assess effectiveness of implementation. He also collaborate and coordinate with appropriate internal and external groups to ensure the confidentiality and security of all corporate information His expertise is in designing micro services based architecture on cloud based as well as containerized environments. Working as success serving as key point of contact for design of complex information technology solutions. He has technical papers presentations on Web 2.0. He can perform comfortably in a fast-paced, deadline oriented environment Perform quantitative and qualitative analyses of existing business processes based on in-depth industry knowledge of organizational and client objectives His current passion is Cloud based architecture, Artificial Intelligence ,machine learning in healthcare call center business and in back office area.

One response to “DevSecOps : Cultural change & agility beyond development team”

  1. Nrusingha Prasad Mishra Avatar
    Nrusingha Prasad Mishra

    Nicely explained in simple terms.

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Website Powered by WordPress.com.

%d bloggers like this: