Last week, I introduced the DevOps model for software development and discussed the advantages this type of approach has over more traditional methods. Its benefits, which include collaboration between operations and development teams as well as a better overall project creation for customers, explain why so many organizations are transitioning to DevOps. But they don't illuminate how enterprises are making that move. Hence the purpose of this piece. Before firms leap towards change, they must strategize how to implement the transition and then measure the success of the conversion once it's complete. Towards that end, here are five vital steps organizations should follow to plan out their successful transition to a DevOps model.
1. Figure out a starting point.
First things first, organizations need to come up with a starting point of where they are currently. An integral part of this step involves looking for groups that already collaborate well together and understating which groups are already experiencing process management issues. From that understanding, enterprises can leverage the already working relationships in an effort to derive further benefit for the business.
2. Create a roadmap.
Companies should not try to transition to DevOps all at once. In fact, it might actually be more advantageous to find a small team receptive to new ways of doing things and move them over to DevOps before transitioning a whole department. Organizations can work with the stakeholders and other productive members of the small group to gather input and rework the transition plan accordingly. From there, companies can tackle one of the hardest parts of the process: convincing those who might not be enthusiastic about change to get on-board. As the transition continues to widen in scale, teams should also remember to conduct group and individual follow-up training as a way of helping staff learn how they function within the new model's processes.
3. Emphasize security.
Traditional models of software development yield limited communication and collaboration between teams against a backdrop of pressing deadlines. It's therefore not surprising that organizations don't have the time or resources to adequately emphasize security with their developers and operations personnel. Sometimes, they don't even have people well-versed in security on-staff. The situation is different with DevOps. According to DigiCert's 2017 Inviting Security into DevOps Survey, 98 percent of organizations are integrating security teams into their DevOps procedures. DigiCert Chief Security Officer Jason Sabin feels this meeting between security and DevOps makes sense, especially given the latter's aim of streamlining software development. As quoted in a press release:
Agility and security are not mutually exclusive, and integration requires a combination of technology improvements, and a cultural shift in how technical staff is aligned. The DevOps methodology is not just a method for increasing speed, but about improving efficiency, quality control and predictability in development outcomes. The right integration of security staff and technology, including digital certificates, can improve organizational metrics, avoid costly delays and improve the end-user experience.
Enterprises should follow other organizations' lead by incorporating security teams into their DevOps systems. They should also invest in security technologies, including tools which are capable of monitoring for file integrity and predefined security configurations.
4. Budget time accordingly.
Changing the way software development is done at an organization doesn't happen overnight. With that said, enterprises need to budget plenty of time to make sure they can complete the transition and integration properly. Most transitions take between one and two years, so companies should keep this timeframe in mind when contemplating their own transition.
5. Measure progress.
At each step of the way, organizations need to use metrics to track their progress towards finishing the transition and streamlining the operability of work processes. Towards that end, enterprises should create a workback schedule for reference purposes. This resource should serve as a general plan only. In fact, teams should be prepared to adapt and reshape it as they go along and begin to accommodate new aspects they didn't consider originally. For more information about how organizations can plan a successful transition to a DevOps model, please download Tripwire's eBook Driving DevOps Security: Scalable Cybersecurity Best Practices for Scalable Teams.
Tripwire Enterprise: Security Configuration Management (SCM) Software
Enhance your organization's cybersecurity with Tripwire Enterprise! Explore our advanced security and compliance management solution now to protect your valuable assets and data.