Crashtest Security Blog

What is DevOps? (The non-technical FAQ)

Apr 24, 2020 2:11:20 PM / by Jan Wiederrecht

This FAQ will answer your most burning questions about DevOps.

What is DevOps?

DevOps is an IT mindset that encourages communication, collaboration, integration, and automation among software developers and IT operations with the overall goal to enhance the speed and quality of delivering software.

DevOps teams concentrate on standardizing development environments and automating delivery processes to enhance delivery predictability, efficiency, security, and maintainability. The DevOps ideals provide developers more control of the assembly environment and a stronger understanding of the assembly infrastructure. DevOps encourages empowering teams with the autonomy to create, validate, deliver, and support their own applications.

What are the benefits of DevOps?

DevOps improves the collaboration between all stakeholders from planning through delivery and automation of the delivery process with the following benefits:

  • Improve deployment frequency
  • Achieve faster time to deploy
  • Lower failure rate of releases
  • Shorten time interval between discovery of a bug and the deployment of the fix
  • Improve time to recovery

DevOps is achieved through tools, processes, and automation. However, even more important is the change in organizational culture. DevOps requires strong teams, communication, and transparency between departments. Everyone needs to be involved throughout the software creation process and, therefore, everyone gains a stake of ownership in the ultimate product.

How does DevOps work?

DevOps brings a holistic approach to the whole software delivery system. The common stages of DevOps are collaboration, automation, continuous integration, continuous delivery, continuous testing, continuous monitoring, and rapid remediation.

DevOps leverages cross-functional teams. These teams are comprised of developers, designers, operations, testers, and support professionals. Before acting on a software project, the team plans the software delivery from design to deployment.

  • A cross-functional team plans the software project with all stages.
  • The design team provides the planning.
  • The developers team develops new code on a daily basis.
  • The code is automatically tested. After successful testing, the code is deployed for a little group of users (staging environment).
  • If the code is stable, it's deployed for remaining users. If bugs are found, they're quickly rectified.

Most of the steps during this process are done automatically.

DevOps Cycle

What is agile Development?

Agile software development refers to a method of software development methodologies based on iterative development, where requirements and solutions evolve through collaboration between self-organizing and cross-functional groups. Agile methods or Agile processes usually promise a disciplined project management process that encourages frequent review and adaptation, a leadership philosophy that encourages cooperation and accountability, a group of engineering best practices meant to permit for fast delivery of high-quality software, and a business approach that aligns development with client wants and company goals. Agile development refers to any development method that is aligned with the ideas of the Agile declaration. 

Is DevOps used for Agile methodology only?

DevOps is an extension of Agile methodologies. You'll be able to adopt DevOps without practicing Agile methodologies. DevOps addresses more topics than only your software development lifecycle (SDLC). The implementation of DevOps without Agile methodologies will be harder. Agile certainly compliments DevOps with its iterative processes over other SDLC's (i.e. the Waterfall model). You'll be able to still achieve success without following Agile methods, but software development projects typically realize more successes with Agile practices.

In which industries are you able to find DevOps practices?

DevOps has disrupted practically every industry that depends on software delivery. Think about the different application delivery endpoints, including diverse devices, web, and mobile services. All of them can be developed using a DevOps approach. 

What are the problems for development teams when implementing DevOps?

Development teams adopting DevOps must overcome challenges mainly because of their existing business environments. Often, organizational silos exist, which are a significant impediment to the success of DevOps. The largest problem lies in prioritizing the importance of the products, projects, and applications. The monitoring and deployment tasks have to be performed at multiple ends. 

Another big issue is the rework that needs to be done on existing applications. Often, companies use a gradual approach to transition existing (or legacy) applications to the DevOps approach. For the most important applications, teams can quite quickly implement DevOps, as there are a lot of resources available to implement the new processes. Some applications might never be transitioned to DevOps. Their value might be lower than the cost to transition to DevOps. In the end, DevOps streamlines automation processes to attain business agility. This helps in delivering a product with total commitment and achieving better quality standards.

How does DevOps increase system security in an organization?

Here are 5 examples how DevOps increases system security in any organization:

  • DevOps maximizes communications and thereby the team's visibility into the software lifecycle. This allows the team to spot security flaws and errors before the code is released into production.
  • DevOps maximizes task automation in development which drives consistency and predictability. This leads to fewer human errors than in a manual process, which otherwise could impede security.
  • DevOps enables faster development and software delivery, which suggests faster debugging and fixing of security bugs.
  • DevOps enables utilization of standardized tools and frameworks. This helps to quickly adopt any tool that's safer and more reliable for each step in the software lifecycle processes. This also helps to not be locked into outdated and non-secure tools and frameworks. 
  • DevOps favors agile development with microservices and containers, which help in isolating and securing applications from external attacks and human errors (in most cases). Since these technologies break applications down in smaller components, it becomes more challenging to compromise the whole workflow or application just in case of security attacks or errors.

What is DevSecOps?

DevOps brings together Development and operations. DevSecOps adds Security teams to the cross-functional teams. It aims to bring operations and development together, ensuring security during all the stages of the event process.

The practice tries to automate the core security tasks. These security controls and processes can then be incorporated early within the DevOps workflow instead of attaching it at the end.

DevSecOps brings automation to security tasks from the very beginning of the application delivery cycle. Therefore, it reduces the possibilities of misadministration and mistakes, which can result in downtime or attacks. Automation also reduces manual configuration of security consoles.

Below is a picture of the different measures of DevSecOps:

devsecops

What is CI/CD?

CI/CD stands for Continuous Integration / Continuous Deployment. In DevOps, it is often used as a synonym for the tools that automate the software development lifecycle. The definition for continuous integration and continuous deployment can be found below. 

What is Continuous Integration?

Continuous Integration (CI) is the process of automating the build and testing of code when a team member commits changes to version control. CI encourages developers to share their code and unit tests by merging their changes into a shared version control repository after every small task completion. Committing code triggers an automatic build system to grab the newest code from the shared repository and to create, test, and validate the complete master branch (also referred to as the trunk or main). 

CI emerged as a best practice because software developers often work in isolation, so they have to integrate their changes with the remainder of the team’s code base. Waiting days or weeks to integrate code creates many merge conflicts, hard to find bugs, diverging code strategies, and duplicated efforts. CI enables the team’s code to be merged continuously to a shared version control branch to avoid these problems.

What are microservices?

Microservice design, or just microservices, is a distinctive methodology of developing software in small packages. These packages contain single-function modules with well-defined interfaces and operations. The trend is growing in recent years as enterprises seek to become more agile and move towards DevOps and continuous testing.

What are containers?

Containers create an abstraction layer between the IT infrastructure and the software. This enables developers to describe the software environment independent from the infrastructure actually used. This abstraction makes it very easy to move software between different environments.

Topics: DevSecOps, DevOps, Continuous Delivery, continuous Security

Jan Wiederrecht

Written by Jan Wiederrecht

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics