The State of DevOps Report
We spoke with Nigel Kersten about the latest State of DevOps Report. Over 2,400 IT professionals in development, info security, and related areas from around the world responded. What were the key findings? What will the year 2021 have in stock for the DevOps movement?
JAXenter: The State of DevOps Report 2020 is out. First of all: How many people participated this year?
Nigel Kersten: This year’s survey included more than 2,400 professionals from around the world who work in IT, development, information security and related areas. We recognise that 2020 has been a challenging year to get work done during the Covid-19 pandemic – let alone taking a survey – so we appreciate those who took the time to contribute.
JAXenter: Can you tell us a bit about the underlying methodology of the report, before we get into the findings?
Nigel Kersten: One of our main concerns was to ensure the report is fair and accurate, showing a true global representation. To achieve this, we sought survey participants from a wide range of geographical regions, industry and company sizes. This included participants from Europe, U.S & Canada, Asia, Australasia, Mexico, Central America & South America, as well as a number of other countries. We were also keen to make sure we had a fair and balanced representation in terms of gender and our participants ranged from C-suite employees through to partners and contractors.
JAXenter: So, finally, what are the key findings of the new report?
Nigel Kersten: DevOps has the potential to offer significantly improved performance, enabling businesses to evolve and release far more advanced software and at a much faster pace. But many organisations struggle to move beyond their middle stage of evolution. What we discovered in this year’s report was two areas of structural change that can lead to excellent results. One of which is a platform approach to software delivery and the second is applying DevOps principles to change management.
We found that platform use is pretty widespread, in fact over half of global organisations (63%) are using at least one self-service internal platform. Interestingly, the data showed that high DevOps evolution correlates strongly with high use of internal platforms. Highly evolved firms are six times more likely to report high use of internal platforms than those at a low level of DevOps evolution. We also found that organisations whose DevOps evolution has reached an advanced level are nearly twice as likely to be highly product-oriented as companies that are in the middle stages. When looking at the barriers to providing an internal platform, the three biggest challenges cited were lack of time, lack of standardisation and lack of technical skills within the team.
When it comes to change management, we looked to see if there was any correlation with successful DevOps practices. To do this, we analysed three different dimensions – implementation success, level of efficiency and performance sentiment. Overall, the research showed that as organisations evolve their DevOps practices, the effectiveness of change management significantly increased. Highly evolved firms are three times as likely to have effective change management in comparison to organisations with low DevOps evolution. Automation also made people feel more confident that their change management was effective and organisations that believed in this were three times more likely to automate testing and deployment. In addition, businesses that gave employees a level of involvement were five times more likely to have highly effective change management. There’s a perception out there that standard enterprise IT processes like change management run counter to DevOps, but as we’ve seen from the report, good DevOps practices are a significant enabler to functional and effective change management.
To continue, it is important to consider security integration and one of the key findings we discovered was that firms with higher levels of security integration are much more likely to be at a high stage of DevOps evolution. By integrating security fully into the software delivery process, companies can quickly remediate critical vulnerabilities – 45% of companies with fully integrated security are able to remediate vulnerabilities within a day, whereas 25% companies with low security integration have the ability to do so. In addition, companies that have fully integrated security are more than twice as likely to offer self-service for security and compliance validation as firms with no security integration.
JAXenter: Which findings did surprise you? What didn’t you expect, when comparing the report to the previous ones?
Nigel Kersten: We expected to see quite different approaches to change management, but we were initially surprised at the large cluster of respondents with both orthodox approval processes (change windows, approval boards, managerial oversight) and adaptive approvals (autonomous teams, high degree of automation). Once we analysed the data more thoroughly, it started to make sense – most of these respondents came from larger companies, in old-line industries, with multiple business units, and often with an externally imposed regulatory burden. Perhaps not surprisingly in light of this clash between slower approval processes and automation, these organisations are the ones where changes get rubber-stamped, and teams bypass change management processes with little to no consequence.
I’d like to say that I was surprised to see that most organisations are still stuck in the middle of their DevOps evolutionary journey, but the reality I see out there in enterprise IT is that working out how to scale DevOps practices beyond a subset of IT teams is still an unsolved problem for most companies. There’s still too much focus on tooling and measurement, and not enough work done on the human side, particularly on team interactions.
JAXenter: DevOps is all about culture not the tools, so much is clear. Which cultural changes are well established in the participants’ companies and organizations? Which ones need a little boost in the coming year?
Nigel Kersten: What we found is that successful platform teams are often the ones that have deployed successful DevOps practices and operate with a product mindset. Change management and culture is key. Firms that give people a say and have high employee involvement in the change processes, are more than five times as likely to have high effective change management.
The businesses that are seeing the most effective changes are the ones that have a high degree of testing and deployment automation, are writing changes in code, are allowing employees more scope to influence the changes and have a high degree of automated risk management. Whereas the businesses that have the heaviest and most manual process and involve employees the least are the ones that need a little boost.
JAXenter: Tools are not the main factor in DevOps, still: Did anything interesting happen regarding the usage of certain DevOps tools?
Nigel Kersten: The interesting finding is how those tools are providing leverage to the wider organisation via the rapidly growing adoption of platforms. Rather than having to educate an entire function on how to use a specific tool, a well-run platform with a product mindset allows experts to maximise the value provided by specific tools by building self-service, API-first products around those tools, but focused on solving specific problems for users.
JAXenter: Please finish the following sentence: “The state of DevOps is…”
Nigel Kersten: The State of DevOps is that too many organisations are still failing to fulfil the potential of a DevOps approach because they’re not doing the hard work on building trust between teams and making it easier for individuals to cross organisational boundaries to get work done.
JAXenter: What will the year 2021 have in stock for the DevOps movement?
Nigel Kersten: We’ve seen a huge investment in automation, cloud and general modernization of technology stacks in 2020. In 2021 we’re going to see many of these initiatives either fail or be severely limited in terms of value due to organisations failing to invest in improving the human interactions and business processes around their tech. The companies that make it easier for people to work across organizational boundaries and do the hard work of optimizing business processes such as compliance and change management will accelerate ahead of the ones that don’t.
JAXenter: And as a last question: How long do you think it will take for DevOps to become the de facto standard of how software production teams are organized?
Nigel Kersten: DevOps is (and has been for a while) the de-facto standard for modern organisations, the problem lies on how well it can scale. We know that success requires equal investment in people, processes and automation. Although businesses have embraced DevOps, many are still struggling to scale their practices across the organisation and get the true value it promises. We know that far too many organizations are stuck in the middle of their DevOps evolutionary journey, with success isolated in little pockets rather than being achieved across the wider business. True DevOps at scale will be achieved once businesses realise the need to prioritise the need to focus on people, their interactions within teams, and the interactions between teams. Combining this people-centric approach with the adoption of agile and lean principles along with an investment in automation and measurement is how we can deliver infrastructure and software faster, more reliably, and in a more secure and sustainable manner.