It is that time of the year when all good analysts pull out their crystal balls and offer predictions about who will be the winners and losers in 2020. What is funny about this year is that it is 2020 – a number synonymous with perfect vision. These are my top predictions for DevOps in 2020. Let’s see in a year’s time if I had 20/20 vision.
The King is dead, long live the King
DevOps in 2020 is dead, long live DevSecOps in 2020!
DevSecOps is the paradigm of integrating security practices within DevOps, improving the security posture of CI/CD pipelines and operational improvements. Practitioners of DevSecOps create a ‘Security as Code’ culture with ongoing, flexible collaboration between release engineers and security teams. And like the DevOps movement, DevSecOps focuses on creating new solutions for complex software development processes within an agile framework.
DevSecOps is a natural, evolutionary and necessary response to the bottleneck effect of old-guard security professionals and their culture of “no” on the modern continuous delivery pipeline. Its goal is to bridge traditional gaps between IT and security while ensuring fast, safe delivery of code. Increased communication and shared responsibility of security tasks during all phases of the delivery process replace silo thinking.
The bolting of security principles onto both development and operational processes will reduce attack surface, and increase individual responsibility by breaking down the them-versus-us mentality.
The merging of the paradigms of “Speed of Delivery” and “Secure Code” into the CI/CD Pipeline, which has already baked in “build quick, fail fast”, smaller and quicker release cycles and iterative testing together with versioning means environment will be better armed to deal with zero days and other threats and compromises.
Thus those currently in “Security” will better understand the operational needs of the business and those who build and keep the lights on will begin to think with a security first mindset.
Multi-Cloud will reign supreme
As overlay management for example Cloud Health from VMware, or Scalr and cross cloud monitoring tools from vendors such as Thousand Eyes or Uila become more capable, people will start utilizing the best cloud or location for the purpose at hand, rather than shoehorning everything in to a single provider.
Varied motivations will drive multi-cloud adoption, from the prosaic-like preventing vendor lock-in, to a better Return on Investment, or lowering risk by having the separation of three on your data for resilience and recovery purposes.
All Clouds offer at least 99,5% availability as a part of their standard offerings, but distributing your workload and data across multiple vendors you decrease risk of an outage on one vendor damaging your business. Remember 99,5% availability is still a potential for almost two days outage in a year.
For many organizations, multi-cloud is already a reality, whether they know – or not. Sometimes, multi-cloud just happens because shadow IT, self-service and low barriers to start using public cloud.
Infrastructure as Code
With the rise of Multi-Cloud, API’s, the ability to create repeatable infrastructure across disparate clouds will become more and more important. This is where Infrastructure as Code will start to show its true value. Terraform can deploy to many clouds and also to local infrastructure and virtual or private cloud deployments. Skills using Terraform and the like will become more valuable through 2020 as demands for more agile environments grow and the need to move at the speed of need becomes the reality and norm, rather than the preserver of the big four cloud providers and the likes of Facebook, Netflix and Spotify.
On-Premises will Rise Again
With the Release of AWS Outposts, AWS have finally woken up to the idea that not everything will be in their datacenters. This follows Microsoft’s release of Azure Stack into the wild a couple of years ago and confirms VMware’s long-time view that Hybrid cloud is where the money will be for a significant number of years. Enterprises are unwilling to move wholesale to the cloud. Enterprise has a large footprint of what is considered legacy technology that is still providing sterling value to them, for example z-series mainframe computers running batch payment solutions, HPC platforms and data warehouses and data lakes, legacy Unix and RISC systems.
Orchestration gets orchestrated
With the rise of multi-cloud, APIs and automation, we need a conductor to direct the orchestra.
As multi-cloud usage grows the need to quickly deliver solutions that span environments will quickly become a bottleneck and the ability to seamlessly build these out like a conductor leading the orchestra will become a very valuable arrow to have in your quiver.
Use of tools like octopus, Morpheus, and Cloudify will grow in those companies open to OSS software, where as those more comfortable with closed software will start to investigate BMC.
Monitoring and event management
In this brave new multi-cloud world, being reactive to an issue will not cut it. It will be complex, with legacy on-site infrastructure, virtual machines and containers running on various cloud platforms, coupled with serverless functions, 3rd party SaaS services and more. This is a complicated environment to keep on top of. Virtual machines, containers and functions will spin up, execute and die many times per day. Consider having to find the needle in the haystack, when you do not even know what country the haystack is in.
Tools that can monitor the end-to-end process, identify and proactively warn, or better yet proactively fix any issues before they become visible sending out a “I’ve fixed” this message.
This means that programs that can gather or receive information from disparate sources, Sysdig, Splunk, Nagios, vROPs, Syslog aggregators like VMware’s Loginsight manager, or Loggly are going to become more central to enterprise and event management. But more importantly will be those those that can actively check this enormous amount of information for anomalies and potential hot spots will become front and center for DevOps in 2020.
What is Work will change
With DevOps in 2020 becoming more prevalent in the enterprise and further down food chain into smaller organizations, the need for greater agility will cause a change in the structures of teams and roles. Roles such as Technical Business Analyst which have been dying out will evolve to be more fluid position, taking on back the task of gathering business requirements and allowing the Architect to concentrate on the complex task of gluing together disparate cloud technologies and applications. Project managers roles will continue to evolve from traditional PRINCE2 roles to take one more of the roles of a release manager on day zero operations, they will oversee the pipeline.
Silos
Technical silos will start to dissolve as they are not practical in an environment that is rapidly moving at the speed of need. These new team will be dynamically created at need and will consist of those members that are required for the task at hand and by necessity be fluid in their membership outside the core. This newfound fluidity will aid in preventing the dreaded square of delay. For example, waiting for days or weeks for the network team to assign an IP-range; or having to jump through request/approval hoops many times before getting the green light.
With the embedding of security, network and other required decision makers in fluid teams, new infrastructure and the resultant applications will be written with security in mind and assumptions will be challenged quicker. The CI/CD pipeline will identify issues earlier and remediate them before entering production. As a result of shifting security left, reactive work will lessen as environments become more stable.
From re-work to work
All this means that an Operations team’s priorities will move from keeping the lights on to continuous service improvement, proactive testing and QA. Now there will always be a need for reactive work, as it make no sense to fix everything before it occurs due to the law of diminishing returns. But it won’t be the predominant day-to-day focus.
Summary
A lot of what has been mentioned above is already happening is many workplaces across the globe. 2020 will be a year of acceleration for them. A vast number will start their journey in 2020. The 2000’s saw the rise of virtualization as a pervasive technology, 2010 saw the rise of cloud technology, the 2020’s will seal the DevOps revolution. I guess we’ll see in a decade’s time.
