DevOps is a very versatile methodology to integrate into the operations. Different teams have a unique approach to deal with it. Thus, DevOps teams are at different stages of maturity, but still, there are some common challenges they face along the way.
Some DevOps teams are at a high level of maturity, but they need significant time and versatility to get to that stage. Maybe they were equipped with the optimal processes and culture in place to start. Unfortunately, maybe they don’t have the tools or resources that pave the way to facilitate more efficient processes.
But certainly, there is no single approach to do DevOps, and it is not simple to quickly and perfectly to do DevOps. It is purely defined by the people building software and how they work together, and unfortunately, there are myriad hurdles to overcome.
Here is a comprehensive list for your reference to get down deeper into the detailed understanding of DevOps hurdles and how to get over them.
Ownership
DevOps team members ought to have a deep understanding of what others are doing so that they can work in collaboration without any lags as a cohesive cross-functional team.
Sometimes, it just doesn’t happen because later stage functions have been solely responsible for identifying flaws in code, which is a different mindset than working as a team to continuously improve the speed at which code is delivered, its quality, and internal processes.
An organization can’t have a successful DevOps unless the whole team embraces responsibility and contributes to the larger goal. Here comes the role of the product owner comes into rescue to instill the responsibility in teams to move forward together and makes each team member feel they have a stake in the overall success of the team.”
Collaboration
The due process of DevOps began with the idea of getting Dev and Ops working closer together, but the process doesn’t end there as evidenced by the emergence of modified terms such as “DevTestOps” and “DevSecOps.” DevOps teams also need to look after other functions such as cybersecurity and governance.
“For DevOps work, you need strong communication and integration between teams so a DevOps team can take ownership of their own governance and risk [without] putting the organization at risk of running into a brick wall from another function in the company,” said James Bores, principal at Bores Security Consultancy.
Presently, DevOps teams also need to concern themselves with data. Brian Platz, co-CEO and co-founder of blockchain-based graph database platform Fluree, said DevOps have the ability to contribute to an enterprise data bottleneck if it lacks the proper data infrastructure.
“DevOps will need to create and likewise demand access to high quality, rich and real-time data, but if data rules and standards aren’t created and enforced as a strategic priority, the acceleration of products and services under DevOps will simultaneously accelerate data silos and leave behind a wasteland of duplicated and partial information,” said Platz. “DevOps decision makers must collaborate with data professionals in their organization to define the key data stakeholders and derived data standards to integrate into their toolset and process.”
Automation
DevOps requires automation to meet its goal of faster value delivery. As DevOps teams move toward CI/CD, more of the pipeline must become automated.
“Automation is a huge part of successful DevOps, but teams need to determine what is beneficial to automate, and where to start,” said Github’s Murrell.
Denis Leclair, VP of engineering at sponsored ad campaign creation and management platform provider Trellis, said in his experience, the two most frequently cited challenges in deploying
DevOps in organizations include the upfront investments needed in tools and analytics to enable the successful automation of workflows across the range of value streams and reskilling the workforce to be effective in the new model. One example is software quality assurance (SQA).
“To reap the benefits of DevOps at the highest level, it has to be recognized as scale, testing and feedback must be automated,” said Leclair. “Developers need to embrace a testing mindset (e.g., TDD). On the other hand, SQA engineers need to become proficient in designing and developing large [and] complex test automation code systems — that is to say, they need to become more skilled as software developers.”
Security
DevOps teams tend to morph into DevSecOps teams because DevOps and a separate security function isn’t working well enough. DevOps teams are always under some pressure to reduce application development and delivery cycles, which often have an impact on product quality including security. Shifting security testing left helps, but it doesn’t produce the desired results on its own as including security expertise on the team so security is top of mind for everyone.
“Developers understand how to write code. What they’re missing is the perspective [of] what attackers do and how they do it,” said Kevin Breen, director of cyber threat research at cyber security skills platform provider Immersive Labs.
Breen advocates security champions who understand software development and cybersecurity because they can explain cybersecurity within the context of the code the developer is building. In addition, teams should have automated application vulnerability scanners that are part of the pipeline, although QA should also be taught how to use some security testing tools so they can run SQL injection tests, for example.
“It’s about empowering developers, QA and operations to use the right tools at the right place and not be afraid to go to the security team,” said Breen.
Roey Eliyahu, CEO and co-founder of Salt Security, said his customers achieve the most success when they prioritize both pre-production and post-production security.
“Despite customers’ best efforts, applications frequently roll out with bugs and vulnerabilities,” said Eliyahu. “Modern mobile and web applications that rely on multiple APIs create a complex web of logic and are especially susceptible to such challenges. With API-based applications, many gaps do not surface until they’re in production.”
Cloud spend
Managing cloud spend isn’t just a DevOps issue, but there are some cost-related surprises that DevOps teams can run into according to Jeff Valentine, CTO at cloud management platform CloudCheckr.
One is relying on AWS Pricing Calculator results and presenting them to the business as-is when the tool can’t factor in what the business is trying to achieve, how the team will run the software or what mistakes the DevOps team may make. Another “gotcha” is failing to consider the cost of bandwidth, which can account for 5% or 10% of a bill. A third pitfall is believing that shutting off an EC2 instance will stop costs from accruing when the EBS volume was never deallocated.
“There are all these weird analogues that were never ‘a thing’ on premise so they didn’t realize they had to ask about it,” said Valentine. “Also, they tend not to take advantage of cost savings plans because they just don’t want to spend the time learning.”
Bottom line
DevOps is a continuous and comprehensive journey. So it requires patience and dedication on everyone’s part. While strong leadership is quintessential to get success in it, and other factors like technology, process, and people elements have to be zeroed in.
DevOps is a mindset and a practice that focuses on continuous improvement on several levels including building and releasing better quality code faster, improving intra and inter-team communication and collaboration, and overcoming other common barriers such as automation and using cloud.