Since the term DevOps was first coined in 2007 by Len Bass, Ingo Weber, and Liming Zhu—three computer science researchers from the CSIRO and the Software Engineering Institute. it has undergone several “improvements” and potential expansion land grabs, as is expected with an infinity loop continual improvement model.
We have DevOps, NetOps, DevSecOps, SecDevOps, MLOps, and AIOps, in fact there are so many xxOps now it is difficult to understand what is wanted anymore; in fact, I am surprised that nobody has coined DevDev and OpsOps. Joking aside, these are all just variances on the common theme of DevOps and merely semantic marketing terms created to sell products; we know that DevOps is about bringing clarity to the flow of work through the system and optimising it for speed and repeatability. It is about the why not the how.
With that being said, what new tooling, concepts and procedures will arise in 2023?
Gartner predicts that 85% of organisations will be using a cloud computing strategy by 2025; not exactly the least obvious of predictions. What they fail to say is that it is not a complete move to the cloud by 2025, but a strategy of moving to the cloud, or focused utilisation of key assets based on business value, this trend will continue with customers looking to gain value from running resources in the environment most cost-effective to their needs.
The battle between cloud purists with their cloud native doctrine as espoused by the CNCF which focuses on cloud mobility and non-opinionated tooling and platforms to deliver applications and is centered around Containers and Kubernetes, and the rest of the world who believe in the correct tool for the job in hand will continue to run. In an earlier article I questioned the maturity of Kubernetes, and as a result of failing to simplify its deployment and configuration it will may never evolve beyond the pioneer phase of deployment. Kubernetes as a technology is just not friendly to operational environments.
So unlike the vast majority of these prediction articles that appear at the end or start of a year, I will be contentious and argue that much like the often-called-for year of VDI, this will not be the year of Kubernetes.
DevSecOps will actually become a thing, but we all know it is still DevOps
Security in most companies is a bolt on after thought, often caused by a knee jerk reaction to a CVE alert on a zero day vulnerability. Thus, leading to a potential attempt to close the barn door after the horse has bolted. The principle of DevSecOps is to shift the introduction of security practices left. Dyantrace have an excellent article explaining the principles of Shift left verses shift right. Moving security into the development phase of bakes in hardening by design. Lowers the attack vectors much earlier in the deployment stage; thereby protecting the business sooner. Baking in monitoring and coding in alert response and other security practices during the development phase will drive the SRE function in companies. Security teams will start to take a shift left approach to securing applications and infrastructure, working with DevOps teams to secure code at development time, not post deployment
Implementing Security Policies:
A fully defined Security policy and governance is essential for ensuring the consistent management of security risks, by establishing a clear, easy-to-understand set of policies and procedures for cybersecurity functions like access controls, configuration management, code review, vulnerability testing, and firewalling. All personnel will become familiar with these security protocols. Automating many processes will scale and speed up security operations to keep up with the pace of the DevOps process. Configuration management (Ansible, Chef, Puppet etc), code analysis (DataDog, TeamCity etc), vulnerability discovery and fixes (tenable), and privileged access (Hashicorp Vault, Beyondtrust, etc) should all be automated. Without automation, it is difficult to perform comprehensive discovery to identify vulnerabilities and other potential threats. Automation mitigates human error and saves time, allowing developers and security teams to focus their energies on other efforts. I predict a massive move to integrating security into existing DevOps pipelines, leading to Security moving away from being the department seen to be stifling innovation to actually contributing to it.
SRE will start to get some love outside of NetFlix, and the HyperScallers
Last year I wrote a series of articles on SRE and how to introduce the concept and practices into your operations departments to accelerate the paradigm of resilience.
What is SRE, and is it important? – Amazic
SRE Tooling – Part 1 How and what – Amazic
SRE Tools – Part 2 Time to Pilot your Next Steps – Amazic
SRE Tools – Part 3 Reaching for the moon, productionising your pilot. – Amazic
SRE Tools – Part 5, Large or Small: One size does not fit all – Amazic
SRE Tools – Part 6, Chaos, Nirvana and the Simian Army – Amazic
With the democratisation of APM tooling by companies like LogicMonitor, by introducing more cost-effective products and useable to observability tools to the masses; companies, rather than having to rely on difficult opensource products with a very steep learning curve, and use graphical tooling that is easier to learn and implement. I predict that more LME and SME companies will start their SRE journey, by improving the resilience of their environments by introducing APM tooling. And starting to trace out services in full, rather than relying on retrospective logging and events.
Legacy thinking will continue to fall by the wayside as DevOps continues to deliver value to the Company
Some of the common issues with gaining traction for a DevOps methodology in many companies is the perception of change is scary, or a “they are after my job” mentality. As people really begin to see the real value that a properly defined and implemented DevOps strategy brings to an Operations team, in terms of standardisation, repeatability and stability; the adage “build it and they will come” starts to gain traction. The culture of DevOps will become pervasive across the enterprise. Open communications will turn barriers and walls with doors and windows and the push back from Operational teams will diminish, as the pendulum will swing back from a Dev focused paradigm to achieve the balance it was always supposed to have.
Conclusion
DevOps is continuing to gain traction in businesses and enterprises across the world, tooling has matured to a level that the entry point is no longer at the level of climbing the north face of the Eiger. According to Gartner DevOps and other associated xxxOps are rapidly approaching the Plateau of Productivity.
More and more businesses are understanding the benefits of Scalability (whether within or above the scale of human control), resilience (infrastructure being coded to be resilient by design and delivery) and repeatable (code will deliver the same results every deployment). There will be a continuing scope creep with Security being moved left, and GitOps starting to bring the same levels of structural control to pipelines that we see in regular code control. 2023 will be a year of consolidation and ever increasing governance across the DevOps arena. I predict this will be a good year to be in DevOps.
If you have questions related to this topic, feel free to book a meeting with one of our solutions experts, mail to sales@amazic.com.
