Application Security Testing: An Integral Part of DevOps
By Karthiga Sadasivan
Over the past few years, so much has been written about DevOps that any new content on the subject is greeted with a certain amount of skepticism. Also, with the IT industry's extreme proclivity for catchy terms and acronyms, this skepticism within and outside the industry is quite understandable.
So what new perspective am I looking to provide?
Firstly, the intent is to dispel the notion that DevOps is a software development methodology or a combination of tools and applications. It is, in fact, not a concept related to inanimate software; it's a human behavioral trait that establishes the primacy of people over processes and processes over tools. Adoption of DevOps does not entail transformation of processes; it is a transformation of the organizational culture. It mandates the dissolution of silos in the organizational structure, so that each functional group is accountable for every stage of the software delivery.
What is the best way to optimally utilize DevOps?
DevOps as a Practice, not an Experiment
Just like the adoption of agile development methodology, organizations have to embrace DevOps as a strategy, not as a fancy approach aimed to promote a forward-thinking approach. DevOps is no longer an innovative approach; most organizations have already adopted it and the ones that are leveraging its principles to innovate and extend its capabilities are the ones deriving optimum benefit from it.
The 7Cs—A step Ahead of Agile Delivery Models
Deadlines are becoming exceedingly stringent, and adoption of the agile methodology no longer can be restricted to the development stage; it has to span the entire software delivery lifecycle. DevOps, or a collaboration of Development and Operations, is intended to ensure just that—agile delivery by embracing the 7Cs of DevOps:
- Continuous Planning
- Continuous Development
- Continuous Integration
- Continuous Deployments
- Continuous Testing
- Continuous Monitoring
- Continuous Feedback
Figure 1: The 7Cs Approach to Continuous Delivery
Free and Seamless Information Sharing
In terms of cultural attributes, for an organization to effectively adopt DevOps and gain optimum value from it, the functional groups should break open individual silos and cross-functional seamless information sharing should be encouraged. Over and above information, each functional group also should share accountability for all stages of software delivery.
Utilization of Disruptive Technologies
Innovations in technology, such as cloud-based services, can have a significant impact on implementation of the DevOps methodology. In the past, organizations had to predict server space needed and invest on dedicated servers that could often lie unutilized. Now, continuous deployment enabled by DevOps allows developers to deploy code on servers as and when needed, made possible by the availability of cloud-based, pay-per-use servers.
Learning from Experience
Though the concept of DevOps has been floating around for quite a few years now, it is only recently that organizations have started optimally leveraging its benefits. One of the most successful proponents of DevOps has been Netflix, an organization whose business relies entirely on quality and consistency of service and DevOps delivers just that—consistent and efficient delivery of quality service leveraging process automation. Netflix engineers have taken automation to a new level by automating failure, using a script called 'Chaos Monkey' that randomly shuts down server instances, allows developers to experience outages first-hand and incentivizes them to build fault-tolerant systems. Now, Netflix developers identify and resolve vulnerabilities before they can impact customers, even while deploying code thousands of times per day.
Building an Organizational Culture for DevOps to Succeed
We've already established that DevOps is more of a people-oriented cultural transformation than a mere change in processes. If the leadership retains the belief that DevOps is something only the developers and coders need to think about, an organization-wide change is impossible. DevOps relies on breaking down cross-functional organizational silos. To do that, the senior leadership's role is extremely critical.
Interestingly, DevOps is a concept that encourages proactive communication across an organization. At the same time, convincing rigid organizations to adopt a model like DevOps requires a structure that allows seamless communication across functional groups and hierarchies. This makes it doubly difficult to implement, because it necessitates a holistic cultural transformation, even before it can be put into practice. However, as numerous success stories have depicted, the initial few steps face the most formidable roadblocks. Once the framework is in place, the impact will be tangible enough for the entire organization to conform to it.
Adopting DevOps During Good Times, and not as a Crisis Management Tool
One cardinal error that many organizations tend to commit is to adopt a transformational approach when the organization is in the midst of a crisis. It needs to be understood that DevOps is not a panacea, nor is it a fire-fighting tool. It is, instead, an approach aimed at improving software delivery efficiency through better collaboration and an ability to view the larger picture and envisioning long-term benefits. Consequently, the best time to adopt an approach like DevOps is when the organization is in equilibrium. At such a juncture, there will be less cynicism and reasonable expectations, and nobody will expect an overnight turnaround.
In conclusion, a favorable work culture and clear understanding of technology and its impact are the two key drivers governing the success of DevOps in any organization. And the possibilities, as shown by the Amazons and Netflixes of the world, are endless. The time is now for Development and Operations to come together and work in tandem to ensure high quality software releases that are primed to meet business needs.
About the Author
Karthiga Sadasivan leads the DevOps Practice at Happiest Minds Technologies. She has 16 years of global IT industry experience with expertise in Engineering Services, DevOps, Agile Engineering, and Continuous Delivery. Karthiga has a keen interest in strategic planning and execution, building a sustainable DevOps culture, setting up new capabilities, and driving business growth. She holds a Master's degree in Business Administration with a Bachelor's degree in Electronics & Communication Engineering.
*** This article was contributed to Codeguru. All Rights Reserved ***