When it comes to software development, the modern practice of devops – where developers and IT operations combine to deliver software in a more streamlined way – has been sweeping its way through the enterprise, as more and more organizations see the benefits of greater automation and more frequent releases.
Now, with the pandemic highlighting the need for greater digital agility, will devops adoption accelerate even faster?
As the London edition of the Enterprise Devops Summit approaches (in its new virtual format), that was the first question we asked its host and founder, Gene Kim, the former CTO of Tripwire and the author of three popular devops books.
The conversation below has been edited for clarity and brevity.
InfoWorld: How has the pandemic broadly impacted devops?
Gene Kim: There is a meme going around on Twitter right now about which C-level executive has advanced the digital disruption agenda the most? Is it the CEO, CFO, CIO, or COVID-19? COVID-19 is the winner. I think it’s so true.
Digital disruption was on almost every board agenda last year. Now COVID-19 has pushed it ahead three to five years. I think what’s been so interesting is there are so many stories of the heroics that organizations have to do to enable tens of thousands, hundreds of thousands of workers to be able to work from home. That was only possible by essentially breaking all the rules.
That shows IT and business leadership what is possible and what these teams are actually capable of. So often they are shackled and most people would say that everything that was done to enable people to work from home – some who have never worked from home before, like back office finance teams – that was just a small miracle.
InfoWorld: The most recent State of Devops Report showed this huge middle ground of organizations when it comes to devops maturity.
Do you think that the pandemic will push that middle ground into the more mature space, or do you think that it’s difficult to rebuild the way that teams function when everyone’s remote?
Kim: I don’t think that’s going to be an impediment, the fact that it’s remote. We know it’s possible. One of my biggest surprises in my journey was learning that GitHub in the early 2010s, all the infrastructure team, was remote. So there was no two ops engineers in the same city, ever, in the early days.
In five years of doing the State of Devops Report we have found that industry didn’t matter. It didn’t matter whether you’re in healthcare, retail, whatever. The probability of being a high or medium or low performer was basically the same, regardless of industry.
That changed last year, it was retail which was actually more likely to be a high performer. I think that shows that the retailpocalypse, or an existential threat, is pushing the retail industry to adapt devops practices faster. I think the corollary is that COVID-19 is going to push every industry to adopt devops faster, just because of all the business pressures that we just talked about.
InfoWorld: How do you feel about the rise of DevSecOps and other new terminology around devops?
Kim: This is an argument that I had when the Devops Handbook came out in 2016, with my coauthor, John Willis. He had a very visceral reaction that there is only one devops. It’s not that he doesn’t believe in it, but what he convinced me was that, at that point in the industry, we needed one umbrella to put everything in. I love the idea of DevSecOps, or any way to broaden the umbrella and bring other tribes in. I love devops as this way to signal that anything which is not devops, we should associate with the old, bad ways of doing things.
InfoWorld: What about AIops?
Kim: Yeah, AIops, MLops, I love that phrase but I take a narrow view that there’s almost no value stream that can’t be made better by using the data which that value stream generates. Whether that’s marketing for customer purchasing predictions, or failure analysis and prediction for infrastructure.
The problem there is that when you have these $50 million machine learning projects, done by non-software professionals, they’re not using version control or the best techniques we’ve developed over the last 30 years. The whole way of generating training sets and these new production models, the techniques are different than what we as software engineers use.
Microsoft gave a talk about how they’re using MLops to integrate these data scientists into technology value streams. John Deere gave a presentation about how they’re doing it for a bunch of their initiatives.
The problem is that often you have these models which are prototyped in Python or SPSS, which is great, but they’re not production-ready. So something else is needed to make sure that the mission actually gets served. AI creates this whole different problem for creating production services. There’s a real rich field that definitely needs addressing.
InfoWorld: What are the biggest remaining bottlenecks for organizations adopting devops practices? And is there an alternative route?
Kim: I think devops is inexorable, inevitable. I would say the biggest impediment is leadership and business buy in. When I look at the last seven years of the conference, one of the things that really stands out is the people giving the presentations are more senior every year.
This year, we have Patrick Eldridge, the Chief Operating Officer for Nationwide Building Society. We have a bunch of VPs and CTOs, and often they’re presenting with their business counterpart, the person with the profit and loss responsibility for those businesses. I think that shows that devops is not actually a technology problem, it’s a business problem. These are the talks that show to what extent devops is integrated to every aspect of strategy and operations.
Take Nationwide,, when much of the industry is shrinking. I think this just shows what a strong signal that devops not only allows organizations to survive in the marketplace but thrive in an environment where they’re growing while others are shrinking.
InfoWorld: How is the rise of containers impacting devops practices?
Kim: All these technologies – containers probably being the strongest – really forced people to think about immutable infrastructure or infrastructure as code. I don’t know which way the causality goes, either people who think in a devops way, where they’re already thinking about infrastructure as code, probably pick up things like containers much faster, or maybe the value proposition of containers is so high that it sucks people in.
Who could go back to the old way of trying to figure out how to get your laptop environment looking the same as the production environment? So all these things make it so clear that there’s a better way to work. I think it’s very tough to turn back once you’ve done things like continuous integration, like continuous delivery. Once you’ve experienced it, it’s really tough to go back to the old way of doing things.
I think Edgar Schein said “tools are a cultural artefact,” in anthropology and sociology. So tools do change the way you think and change the way you work. So I agree with your assertion that these tools definitely accelerate a devops way of working.
InfoWorld: Why has it been so hard to integrate security into devops up to now?
Kim: If we were having this conversation eight years ago, I think we would be asking ‘why is it difficult to get operations on board?’ Is it because they are afraid of their jobs going away?
Some people talk about NoOps, where we don’t need operations anymore, when I think it’s pretty clear to anyone who has used Kubernetes knows that no developer wants to actually learn Kubernetes, we want infrastructure people to do it for us. I think the same applies for security. What we want is the product teams and development teams to be fully accountable for service availability, operability, and security. We don’t want developers having to become experts at the level of every nook and cranny that security vulnerabilities can hide in.
We really want to leverage the specialist skills of security, either bring them into the teams or leverage platforms they build, so that everything that we write on the platform is fundamentally more secure. I think that day is coming. Like operations, that divide is so high with developers, the natural reaction is ‘over my dead body,’ and I’m sure that could be arranged.
InfoWorld: How has the skillset of a devops engineer evolved?
Kim: One of the most important skills, abilities, traits needed in these pioneering rebellions – using devops to overthrow the ancient powerful order, who are very happy to do things the way they have for 30 to 40 years – is the cross functional skills to be able to reach across the table to their business counterparts and help solve problems. That’s how these teams are growing and hiring when so many other teams are shrinking.
One of the common denominators among the talks I’ve heard so far this year is they’re all hiring. I think devops people have so much going for them, and the more they can find these initiatives, and the business people who need them, the future is very bright.
A friend of mine, Tom Limoncelli, who wrote the book on cloud system administration – he said it for operations but I think it can be applied everywhere – is that we’re in a fork in the road: Down one path our salary gets halved and the only job we can find is at the Genius Bar at the Apple Store. Down the other path, our salary doubles, because we have the hottest skills in the marketplace. I thought that was brilliant.