If you’ve been looking to foster a DevOps culture at your organisation you’ll be pleased that top level execs are increasingly embracing the phenomena, though you might find they don’t actually understand the reality on the ground.
But if you’re working together with your organisation’s security team, you’ve probably already cracked it, according to Puppet’s latest State of DevOps report this week.
The number of people self-identifying as being involved in DevOps now sits at 29 per cent, compared to 16 per cent in 2014, according to Puppet. These are roughly split between IT (or Ops) and development or engineering. But that doesn’t mean everyone is reaping the supposed benefits of DevOps type practices and tools.
The report kicks off by saying “In a DevOps evolution, there are many paths to success, but even more that lead to failure.”
There might also be some that feel like they’re not leading anywhere at all. While the report adds that there is “no final destination – this is an evolution after all – Alanna Brown, Puppet’s director of product marketing, said she had encountered people who’d been on a “DevOps journey” for 8 or 9 years and still feel like they’re the beginning.
“Technology transformation is hard,” she said, “but it certainly shouldn’t take eight or nine years to adopt these practices. They’re well known at this point.”
Often, she continued, organisations experienced early success, typically at team level, before running into organisation roadblocks, inter-team dysfunction, or other problems, that killed that early momentum.
“It’s rarely technology problems,” she said. “It’s nearly always culture and communication related.”
At the same time, the study identified a disconnect between different tiers in organisations on how they are getting on embracing DevOps, with C-suite and management generally being much more bullish about progress. (Brown said she was “shocked” by the amount of respondents from the C-suite in this year’s report)
For example, regarding the statement, “Teams contribute improvements to tooling provided by other teams” 64 per cent of the C suite agreed, while the figure was 46 per cent for management and 35 per cent for team members. When it came to “incident responses are automated” the split was 57 per cent, 38 per cent and 29 per cent. The gap was slightly less pronounced when it came to agreeing whether organsiations were using Continuous Delivery, at 58 per cent, 48 per cent and 41 per cent respectively.
Alanna said there were a number of reasons for this disconnect, not least that information tends to be filtered upwards, with some bad news filtered out. Presumably, once everyone’s reading from the same dashboard it’s harder to have such divergent opinions.
Not surprisingly, the report lays out a fairly detailed path for reaching DevOps nirvana, from foundational activities working back from production to software delivery, then scaling through the whole organisation.
Which is where security comes in. “Automating security policy configurations is mission-critical to reaching the highest levels of DevOps evolution,” the report declared. “Highly-evolved organizations are 24 times more likely to always automate security policy configurations compared to the least evolved organizations.”
So there you have it. If you’re working with security, you’ve probably successfully transformed your organisation. Just don’t forget to tell the C suite the good news.
If you want to know where you stand, you can check out the report here.