DevOps Current issues and security related benefits | Skillsoft’s Global Knowledge Skip to main Content
Article

DevOps - Current issues and security related-benefits

Barry Corless
  • Date: September 03, 2018

We take a look at highlights from two recent reports which consider issues around the current adoption of DevOps and how getting it right can enhance your organisation's security posture.

Firstly, and perhaps surprisingly, automation is not as pervasive as you might think. This is one of the key points to emerge from the recent 'State of DevOps: Market Segmentation Report' released by Puppet.

Addressing almost 3,200 technical professionals, the survey found that whilst DevOps has increased significantly in popularity, the majority of respondents still reported high levels of manual work across activities such as configuration management, deployment, testing and change approval processes.

The results also show that when it comes to getting started on the DevOps journey, many choose to start by addressing their most acute pain points. These typically include deployment automation, version control, continuous integration and infrastructure automation.

Amongst the least common starting points were lean practices, such as working in small batches to allow single piece flow, visualisation of key quality and productivity metrics, and setting limits on work in progress.

Do you work in a large company? If so you might be interested to learn that the larger the company size, the higher the proportion of low IT performers! The survey actually found that as the company size grows, the proportion of low IT performers also increases. And this can have a very significant effect, since high performers have 46 times more frequent code deployments, significantly lower change failure rate, and 440 times faster lead time from commit to deploy.

Elsewhere, the report also confirms that Windows continues to dominate the installed OS base, with 100% of the respondents having Windows servers of some kind, whilst Linux was a distant second at 63%. The findings also confirm just how far DevOps has travelled over the past few years. Expectations have certainly risen and what might have been considered a 'great' IT effort just a few years ago is now viewed as pretty average by many.

Taking this point further, it seems that getting departments and teams to work better across an organisation is no longer just a 'nice to have' but is now a given, with DevOps simultaneously raising the bar and expectations of what's possible. Meanwhile the second report, Sonatype's 5th annual DevSecOps Community Survey found that respondents with mature DevOps practices were 338% more likely to integrate automated security than those organisations with no DevOps practice.

The report also highlighted the potential security threats posed by open source software. Over one-third of businesses had suspected or found security breaches in their software products that contain open source components over the past 12 months. It's reassuring, therefore, that 77% of mature DevOps organisations had open source policies in place, with a 76% adherence rate. This compares favourably with the finding that only 58% of respondents without mature DevOps practices had a policy, with a 54% adherence rate.

Other key points to emerge from the report include:

  • 59% of mature DevOps companies are building more security automation into their development process in response to GDPR compliance
  • 63% of respondents with mature DevOps practices say they leverage security products to identify vulnerabilities in containers, as these components become more ubiquitous in modern IT landscapes

One of the more concerning aspects is the revelation that 35% of developers from companies with no DevOps practices had received no training on application security in the past year.

Overall, the findings from both surveys demonstrate that more and more organisations are waking up to the DevOps approach, and getting it right can certainly deliver significant benefits, particularly in comparison to those yet to adopt DevOps.

Train now!
Browse Related Topics:

Barry Corless

Global Product Director for DevOps and IT Service Management

As a Global Product Director for leading IT and business skills training specialist Global Knowledge, Barry Corless is responsible for helping organisations enhance organisational capability through application of best practice frameworks.  His role incorporates the development and delivery of service management, DevOps, programme and project management, enterprise architecture and business analysis learning and development solutions.  An experienced consultant and IT specialist, Barry undertook additional voluntary roles Director of itSMF International from 2017-2019, and Chair of itSMF UK from 2009-2011.  

An industry champion for ITIL, Barry credits its common-sense approach to endemic IT issues as the reason for his long-term track record with this international service management practice.  He has trained and consulted on ITIL in over 20 countries. Barry continues to act as an ITIL examiner and has been part of the author team that inputs into the ever-adapting ITIL guidelines.  

Barry’s attraction to analytical problem solving began early and his first ambition was to be a weather man.  He became an Assistant Scientific Officer for The Meteorological Office after leaving school in Cheshire.  Barry recognises that passion for the topic is a key attribute for success as a trainer, as well as the ability to bring a subject to life.  He thinks open-mindedness is vital.  “Lifelong learning has taught me that we all have to prepare to unlearn what we previously accepted as best practice,” he says. 

Having spent over 20 years training he has seen many changes in an industry that has embraced virtual classroom and digital learning.  He advocates the teaching of project management and service management skills early.  “In an economy that is 80% service based, we should be teaching these key management skills in schools,” he says.   

As Best Practice department head, Barry enjoys the variety that his role brings him, and he continues to work with consultancy and education clients to ‘keep it real’.  Barry’s ability to identify with learners makes him a sought-after trainer and his passion and detailed understanding of ITIL meant that Global Knowledge was able to develop the world’s first bridging course for professionals going from ITIL v3 to ITIL 4.  Global Knowledge remains the world’s leading provider of ITIL certification and exams.  

A popular commentator on ITIL and a frequent blogger, Barry doesn’t like to think of himself as ‘one track minded’.  “ITIL skills are transferable outside the IT hinterland and lesson learned in other environments should be used in optimising technology solutions” he promises.  “ITIL4 is more focussed on people, agility and collaboration.  With the pressure on IT teams to provide a lightning-fast route to market, it’s vital that all stakeholders across an organisation and throughout the supply chain are working well together.”  

Related Articles
30 Aug 2018 Article

Employee training is often the first cost item that is removed when an organization has to reduce costs. Training does not have the highest priority, ...Read More

08 Aug 2018 Article

This glossary of DevOps terms contains definitions to help you uncover knowledge areas in which you excel and where you want to expand.

21 Aug 2018 Article

A major study new has concluded that DevOps and machine learning are the two most important trends in the software industry today.

We Care About Your Privacy

We are using cookies to give you the best experience on our site. Cookies are files stored in your browser and are used by most websites to help personalise your web experience. By continuing to use our website without changing the settings, you are agreeing to our use of cookies.

About your Privacy

We process your data for purposes such as delivering content or advertisements and measuring the delivery of such content or advertisements to extract insights about our website. We may share this information with our partners. Cookies set by Global Knowledge are labelled “first party”; you may exercise your preferences in relation to first party cookies by toggling the switch for each first party cookie category below. The remaining cookies are third party cookies; you may exercise your preferences in relation to each purpose by toggling the relevant switch below or by vendor by clicking “List of IAB Vendors.” These choices will be signaled globally to other websites participating in the Transparency and Consent Framework.
Privacy Statement

Necessary Cookies

These are cookies that are required for the Global Knowledge website to function and cannot be switched off in our systems. They include, for example, cookies that enable you to use a shopping cart or log into the booking area of our website.

Analytics Cookies

Analytics cookies are an optional but important part of our website's functionality. They help us to understand how you interact with our site by collecting and reporting information anonymously. The data collected by analytics cookies is used to improve the website's performance and enhance the user experience. It is important to note that these cookies do not collect any personal information that can be used to identify you.

Preferences Cookies

These are optional and you can turn them off and on. Please only use 2 to 3 lines of text here and if needed link to a page with more cookie info in Intro.

Performance Cookies

These cookies allow us to recognise and count the number of visitors to our website, traffic sources and to see how website visitors move around the website when they are using it. This helps us to improve the way the website works and improve your website experience. All information these cookies collect is aggregated and therefore anonymous.

Cookie Control toggle icon