9 DevOps and DevSecOps best practices for the hybrid work era
Blog: The Enterprise Project - Enterprise Technology
9 DevOps and DevSecOps best practices for the hybrid work era
September 30, 2021 – 2:00am
DevOps and digital transformation go hand in hand. DevOps culture and methodology prizes speed, experimentation, and collaboration, all happening on cross-functional teams. The processes and tools involved in DevOps can accelerate digital transformation work across the board.
How does that translate to the new reality for many organizations of a hybrid work model, combining remote and office work? In the hybrid era, we’re all more reliant on digital tools and services, so DevOps is generally well suited to this work, some experts say.
For instance, you can more easily hire people around the world when you lose the crutch of having a shared location. “A time difference is even beneficial for certain DevOps functions, such as testing and QA. Remote and hybrid DevOps teams offer unique benefits, including continuous development cycles, better throughput, rapid scale in team structures, and cost savings,” says Helmant Elhance, president, Excellerate.
[ Want a shareable primer on DevSecOps and its benefits? See What is DevSecOps? ]
Consider this advice from IT leaders and DevOps and DevSecOps experts about the challenges they’ve experienced and best practices to keep in mind to improve strategy in our hybrid work world:
1. Make documentation a top priority
In a hybrid workplace, CIOs and DevOps leaders must maintain thorough activity documentation – including project plans, notes, decisions, action items, and meeting minutes – to sustain productivity and keep projects on track. This document acts as a living reference for the entire project duration and, with exact details codified, holds each team member, no matter where they’re working from, accountable for their responsibilities. As long as communication and collaboration are top priorities, DevOps teams can continue normal operations even in the most challenging circumstances.” -Hemant Elhance, president, Excellerate
2. Raise the bar on organizational goals
“The hybrid work environment can become dull and repetitive without the energy of being in a live workplace, working with teammates, meeting new colleagues, and solving unexpected challenges. CIOs should consciously raise the bar and challenge their teams with new organizational goals that inspire and incent collaborative, cross-functional, and creative engagement and output.
“For example, bringing DevOps teams together with their security and application peers to push new DevSecOps initiatives for application security will break down silos and energize teams. For application architecture and development teams, pushing modernization and technical debt initiatives to the forefront will connect these teams to their DevOps peers to leverage new CI/CD pipelines, modern observability patterns, and cloud-native and container migration initiatives.” -Bob Quillin, chief ecosystem officer, vFunction
[ Where is your team’s digital transformation work stalling? Get the eBook: What’s slowing down your Digital Transformation? 8 questions to ask. ]
3. Cultivate informal, free-speaking environments
“Your DevOps team should be the experts in your operational systems, creating the automated platforms for your developers to build with and on, and guiding developers on best practices for operational architecture and excellence. One potential consequence of the hybrid work world is losing the informal in-office or ‘watercooler’ communication between the DevOps and Development teams. This is where project updates, best practices, and emerging problems are often communicated or identified.
“One thing CIOs can do to improve their strategy this year is to deliberately cultivate these informal, free-speaking environments. Whether it’s the scheduling of DevOps and Development teams to be in-office at the same time or carving out consistent outlets for these interactions (e.g., cross-team stand-ups, lunch-and-learns, etc.), these interactions can go a long way.” -Gabe Krambs, vice president of software engineering, Infosec
4. Ensure transparency in all directions
“You need to be aware of the type of ‘hybrid’ you have and how it affects communication. Hybrid can mean so many things and the complexity of all the different aspects means there’s no one simple truth. You might all be working mostly remotely, but getting together on some days for workshops, retrospectives, planning meetings, etc. Or you might be mostly working from different places, even different countries, but there are smaller hubs of people who see each other regularly.
“A common challenge in these situations is that it’s too easy to fall into small silos where not all information is transparent or easily available for everyone. Discussions and decisions might be made in ‘easier’ communication channels; e.g., between the people who meet each other face to face or in private Slack messages. So it’s important to be aware of the complexity and ensure transparency in all directions. Because you can’t do DevOps without transparency.” -Janetta Ekholm, head of ways of working – Agile coach and advisor, Futurice
5. Incorporate tools that allow for real human conversations
“In a hybrid work world, there are a ton of different ways of communicating even though teams are not together in-person. To keep collaboration and ideas flowing in a natural state, leadership needs to be consciously protective of the virtual space where teams create, develop and share ideas. Ideas at their core are thoughts. The best way to articulate and workshop thoughts is through tools that allow for real human conversations.
“To overcome the challenges facing DevOps in a hybrid work world, it is important to foster a culture that encourages everyone to use tools like video conferencing and whiteboards. These tools allow for everyone to understand each other with greater fidelity as opposed to other mediums like email or messaging where the thought and intent can often get lost.” -Robert Rosa, DevOps lead engineer, Media Tradecraft
6. Tie business value to technical delivery
“In this new age of remote work and a distributed workforce, employees are looking for easier ways to connect. Environments are getting more complex – especially at the enterprise level. DevOps teams are working across cloud and on-premise environments, and across multiple cloud applications that serve different business units. This requires new processes and tools to integrate and centrally manage this kind of complexity.
“Begin to measure the value your organization is delivering. Development teams are often seen as a cost center because there are no clear ties to the value of each piece of work they are delivering. Tie business value to technical delivery in the form of features so that you can plan and prioritize work based on concrete value added to the business to prove the ROI of development teams.” -Gloria Ramchandani, senior director of product, Copado
7. Think like an IT advisor
“CIOs need to think less like an IT gatekeeper and more like an IT advisor. In today’s hybrid world it is easier than ever for individual departments to make IT decisions. CIOs and IT managers need to be a resource for other departments and consulted on decisions rather than viewed as potential opposition. Taking this stance not only helps IT leaders build stronger relationships with other departmental leaders but also enables them to gain more insight into the investments made across their organization, allowing them to ensure that they are better positioned to help service and secure those assets.” -Alastair Pooley, CIO, Snow Software
8. Implement automated security testing and reviews
“As a best practice, it’s important for organizations to implement automated security testing and security reviews. After all, DevOps is all about streamlining the testing and review processes in order to have continuous tracking of software development and deployment. These automated processes provide managers with more visibility and control (critical when working remotely) and enable developers, operation, and security teams to automate manual functions in a time when productivity is a challenge and employees’ availability is uncertain. To help speed up the development process while making fewer compromises around security, CIOs should seriously consider implementing automated application security testing tools, which provides managers significantly better visibility, control over security, and faster software development timelines.” –Rhys Arkins, director of product management, WhiteSource
9. Don’t forget the human impact
“When people think about DevOps they often think of the technical processes – TDD, CI, CD, cloud infrastructure, automation. They forget the humans that make up this system and the impact they have on success and outcomes.
“In a hybrid work world where people are working remotely and/or in offices, we need to be extra thoughtful about how we create a generative work culture, connection, and collaboration between people and teams.
“We know from reports like Accelerate State of DevOps 2021 that teams with people who felt included and who belonged on their team were half as likely to experience burnout during the pandemic. We also know organizations with a generative culture have better organizational performance. My advice for any CIO is that in order to improve their DevOps transformation in a hybrid world they must invest in people and culture as much as technology.” -Suzie Prince, head of product for DevOps, Atlassian
[ How can automation free up more staff time for innovation? Get the free eBook: Managing IT with Automation. ]