Devopsdays - Austin 2012
jryding 270000Y99R Visits (3412)
In early April, a couple members of the IBM DevOps team went to Austin, Texas to attend the
The Importance of Culture
The adoption of DevOps practices requires looking at two components in delivering software: technology and culture. The technical component addresses the practice of focusing on automating an application's deployment, incorporating version control, and using various tools to gain insight into how software is being built and deployed. The cultural aspect of adopting DevOps requires an organization to look at its processes of delivering software and figuring out how teams can move faster. As Steve alluded to in his last post, one of the challenges of adopting DevOps is that development cultures and operations cultures are different. To grossly oversimplify a complex topic, developers are generally focused on shipping new features quickly and operations is generally focused on system stability, performance, security, and other operational quality characteristics. To embrace DevOps, these two groups need to collaborate on a single goal: delivering on the needs of the business. The separate groups need to learn how to work with one another; they need to trust and respect the domain of expertise each group has. When problems do occur (which is inevitable when changing a complex system), blaming each other won't fix anything. Instead, the teams need to focus on the real issue: the problem itself. John Willis put this best:
"When we go into the war room, the problem is the enemy."
When issues in production do occur, working together as a single team that is solving a problem is the goal and learning how to address and/or prevent the problem in the future should be the outcome. The DevOps community is doing some amazing work around tooling that take advantage of cloud technologies but, much like the Agile movement, using these tools won't instantly save organizations from inefficient processes. Addressing these bottlenecks in application delivery and finding a balance between moving fast while maintaining proper governance is a significant part of getting an organization to adopt DevOps.
Security in DevOps
In the way that DevOps is evolving operations groups, the same is going to happen to security teams that do not collaborate well with development groups. Security teams are a lot like operations groups, both provide a domain of expertise and are required to protect the business from problems. Unfortunately, as James Turnbull of Puppet Labs puts it, security has emerged as the organization that tends to always say "no" due to fear of exposing the business to an external threat. This inevitably creates friction between security and the rest of the business: development thinks that the security group gets them in trouble and the business leaders think they have to move slow before introducing a radical change. These views of the security group needs to change, or else the development and business leaders will figure out a way to circumvent them.
In the world of DevOps, security needs to change the same way operations is changing. Security people need to collaborate closer with development so that both groups understand the needs of one another. No one wants to allow the external threats affect the business, but few people have the knowledge to properly protect themselves. Giving security a seat at the project design table or embedding someone inside the development team will help greatly with breaking down these walls. James Turnbull and Nick Galbreath (Etsy) really hit the nail on the head by acknowledging that instead of security groups looking at themselves as the last gatekeepers to protecting the business, they need to evolve into consultants and knowledge experts that help deliver on the neesd of the business. With this view in place, these groups can help teach the business leaders and development teams what exactly needs to be done to help.
DevOps Days Austin was a great event full of smart people. We learned a lot from our time there. The aspect of changing an organizations culture to accommodate the efficient processes of DevOps is a significant topic. It's going to affect many groups and if the culture of collaborating across teams is not in place, no DevOps tool will help. We will be exploring the topic of culture more in future articles and invite other DevOps community members to provide their input.
If you are interested in attending one of the many Devopsdays events occuring around the world this year, be sure to check out the [DevOps Days webs