Over the past year, there has been a change in the way we work. Several companies now favor remote work. In the midst of all these, DevOps teams globally have grown more mature and serious. As a result, a new DevOps maturity model has emerged.
In the fifth annual DevSecOps survey on GitLab, almost 4300 respondents in the DevOps and DevSecOps space reported drastic improvements in automation, release cycles, continuous deployments, and innovative technologies such as artificial intelligence and machine learning.
More organizations are taking full advantage of DevOps by integrating security into the entire DevOps lifecycle of their application. More than 72% of security professionals regard their organization’s security measures as “good” or “strong”, an increase of 13% in 2020
This article highlights some of the key findings from the report and what a new maturity model means for organizations around the world.
Understanding the 2021 DevOps Maturity Model
DevOps maturity defines an organization’s approach to the DevOps process and the necessary steps to achieve certain predefined and envisioned goals. These definite structures and desired results together with a healthy DevOps culture are essential to achieving DevOps maturity.
Several developers now eschew incremental changes in favor of a DevOps approach that’ll lead to better code quality and faster release times. The question now is, why are DevOps teams striving for a new and better DevOps maturity model?
This is briefly summarized by the CTO of GitLab, Eric Johnson. “Teams worldwide worked to streamline development cycles and deliver faster release times than ever before, all while adjusting to remote work and shifting priorities to meet the high demands of last year. We believe we will see improvements in testing as more teams adopt tools to automate the parts of DevSecOps that have continuously caused cycles to slow down”.
As DevOps teams take on more responsibilities, they are putting more attention on security and quality. DevOps continue to mature and evolve with the increasing adoption of remote work and greater demands.
The key to achieving DevOps maturity lies in approaching DevOps adoption as a journey, not a destination. In the DevOps maturity model, the key to success is continuous learning for both teams and organizations. As competencies and skills grow, so does the ability to manage issues of scale and complexity
What makes the new DevOps maturity model different? Let’s find out.
Automation has been the rage over the past year. In 2020, only 8% of operations teams claim to have full automation. In 2021 however, 55% indicated that their software development lifecycle was either automated completely or just mostly automated. This figure stands at 27% for partial automation and 11% for teams just starting. Only 6% admit to not having any automation in place at all.
Interestingly, there is a significant increase in the adoption of modern cutting-edge technologies like AI/ML for code review and automated testing. In the report, 75% report using or intending to use these tools to improve their operations process.
Testing Remains A Challenge
Despite the faster release times, testing remains a challenge for DevOps teams. One major pain point is the concern that security testing happens too late in the development process. Several developers admit to struggling to unpack, track, and fix security vulnerabilities. These are parts of several frustrations that developers increasingly face.
It indicates the need for DevOps teams to integrate security in their development process. If issues are not quickly addressed early during development, it can lead to bottlenecks and delays.
Faster Feature Releases
In the software industry, release speed is crucial to success, and DevSecOps is the way to achieve it. 84% of developers report releasing code faster than ever before. The increase is a result of CI/CD and source code management tools.
With DevOps methodology, 57% of developers admit to shipping codes twice as fast as they did the previous year. It is a big jump from 35% in 2020.
DevSecOps: The Role Of Security In DevOps
Now more than ever, organizations are spending more on security. In addition, developer roles continue to shift 'left' towards traditional operations roles. Developers are increasingly taking up more roles in security-related tasks as more organizations integrate DevSecOps into their development process.
Over 70% of security specialists indicate that tasks related to security are undertaken at an earlier stage in development, an increase of 5% from 2020. Admittedly, there is more focus now on security as part of the DevOps process with several companies recognizing the benefits. This coincides with the report that 72% of security professionals see security in their organization as “good” and “strong”. The “strong” category saw an increase to 33% compared to 19.95% the previous year.
Despite growing interest in DevSecOps, some organizations have difficulty identifying who is responsible for security. The majority of respondents (more than 28%) conclude that everyone shares responsibility, however, almost 31% believe that they are fully responsible. Similar to last year, the response emphasizes the importance of clarity on this subject.
Despite greater progress in implementing DevSecOps, organizations still require improvement in organizing and coordinating the responsibilities of security, development, and operations teams.
Core Components Of The Devops Maturity Model
DevOps maturity models can be broken down into three levels: identifying areas for growth, creating a roadmap to achieve the target and evaluating the current skills in the organization. To achieve this, the DevOps Maturity Model must contain three key components:
- DevOps maturity for application: Measures how easily codes can move from development to production. To achieve this, the deployment pipeline must include automated builds, tests, security scans, code coverage, and monitoring.
- DevOps maturity by data: Measures DevOps maturity by identifying and automating data change automation and assessing functionality through regular data operations.
- DevOps maturity by infrastructure: Measures DevOps maturity by examining automation, streamlining, enabling self-service, and provisioning capabilities, among other capabilities.
Stages of DevOps Maturity
The DevOps Maturity Model consists of five stages. Organizations should reflect upon these factors when assessing their maturity levels:
- Initial: Establish a separate development and operation environment.
- Management: Focus on agility in development and automation in operations, while promoting collaborations for both.
- Defined: Put in place well-defined processes and automation.
- Measured: Improve understanding of processes and automation, and increase emphasis on CI/CD.
- Optimized: Improve collaboration, optimize processes, derive visible results, and recognize efforts of the team in achieving these results
Although these five stages form a complete DevOps maturity model, new insights point to a greater focus on security at every stage of the model. To this end, organizations can check their maturity model at every step, identify focus areas, and ways to evolve in their overall DevOps journey.
Benefits Of DevOps Maturity
The new DevOps maturity model offers a wide range of benefits for organizations:
- Higher level of operational efficiency
- Better security
- Faster development and delivery
- Improved agility and adaptation to change
- Improved scalability
- Better quality
A Glimpse Into Future Of DevOps
There's no doubt that DevOps teams are pushing advancements and ensuring better efficiency across the entire software development life cycle. Organizations are now increasingly focusing on integrating tools to help improve operational efficiency. It is why cloud and AI adoption are on the rise among DevOps teams. We anticipate in the near future we will also see the emerging emphasis on integrating CMS tools and ContentOps into DevOps processes as well, as more and more digital products and digital experiences are backed by content.
It’s important to note that security plays a big role in any development process. It's good to know that organizations now consider DevSecOps in their approach. DevContentOps will be another emerging area, as more software apps are backed by headless CMS repositories and are managed by content teams in collaboration with IT.
Ensure to take advantage of the new DevOps maturity model as an approach to improve all aspects of your software development endeavors, ensuring faster release times, higher security, and better product quality.