Installing and configuring a fully integrated multi-software tool DevSecOps environment can be a long, tenuous burden for many organizations, often taking months from start to finish. Consider, instead, standardizing on a single application delivery platform — a set of integrated development, security, and operations tools — to increase productivity and accelerate installation and configuration of development and operations environments.
Why focus on standardization? We have begun seeing a dramatic increase in the following types of questions from our customers, and assumed other organizations were facing similar challenges:
- How can my team build great software products and deliver value as quickly as possible to end users?
- How can my team remove manual steps in my software delivery process?
- How can my team remove friction in setting up environments, tooling, infrastructure, architecture, and deployments?
- How can my team reduce reliance on COTS products and licenses?
- How can my team improve velocity, quality, and security of my software delivery?
- How can my team safely deploy to production multiple times per day?
The answer to these questions is a move toward standardization and containers — the latter being particularly important in the equation.
The value is in the normalization of technologies and projects across the environment to ensure greater consistency and ease of scaling. Other advantages? Consider security; imagine trying to secure 100 different houses rather than 100 versions of the same house. Also consider how much easier it will be to modernize from a position of standardization rather than modernizing from a highly heterogeneous environment. And consider training; if systems are standardized, training—and associated training costs—is minimized.
First steps toward standardization
When approaching the concept of standardization, the first step is to assess current processes. Start by asking: How many different methods are currently being used to build, test, and deploy software? What are the most effective of those methods? What type of automation techniques are in use? And, just as important, what types of skill sets exist within the organization?
Once you’ve done that baseline assessment, there is one more question: are you already using containers? If not, that’s the place to start. In fact, strongly consider a Platform-as-a-Service (PaaS) solution in conjunction with a solid cloud partner that provides an intelligent, self-healing, automated infrastructure. The ultimate goal is to employ infrastructure as code so everything is scalable, everything is portable, and everything is far easier to secure.
Here’s a sample of a fully integrated multi-software tool delivery DevSecOps environment: You start with a Kubernetes container platform (Openshift, Rancher Kubernetes Engine – RKE Government, vanilla Kubernetes or any managed service offering from AWS/Azure/GCP), Jenkins CI/CD pipelines, Sonarqube for static code analysis, Splunk for ingestion of all logs and operational dashboards, Jaeger distributed tracing, Sysdig Falco for run time container scanning, and Machine Learning models that improve developer productivity, quality, and security. Yes, that’s a lot to integrate and get working; but with infrastructure as code, deployment time should be minimal.
The benefits of standing up this type of delivery environment are:
- Standardization: As we’ve discussed, standardization ensures each team builds applications one way, and uses the same architecture and design patterns. A single way to build, test, and deploy applications at scale helps reduce costs for security, labor, and results in improved quality.
- Speed. A solid PaaS should be quick to set up. If the platform is already built, configured, and readily deployable through code, you can save weeks on setup.
- Intelligence. Kubernetes is a container management platform that is always scanning for container health. Failed containers are restarted or replaced when they don’t meet predefined health-checks. Machine Learning models can assess developer productivity, increase quality, and scan for anomalous activity.
- Security. A good PaaS built on a hardened infrastructure and deployed on a secure cloud architecture will be game-changing. In fact, once all the requisite security controls are built-in, the PaaS becomes the software factory/DevSecOps platform for accelerated software development delivery.
- Cost containment. With a good PaaS, everything works out of the box, which can save a vast amount of time and money.
As environments grow larger and more complex — and speed and scalability become higher priorities — most organizations will have no choice but to move to a more standardized approach and a greater focus on infrastructure as code. Why not get ahead of the game and start moving in that direction today? It will save time, save money, and make development and deployment worlds easier.