"Developers and DevOps professionals continue to be in the hot seat as their organizations or their customers demand that convenient and user-friendly solutions be created and deployed at an even faster rate," said Al Gillen, group VP of software development and open source at IDC.
"We see the industry on the edge of gaining some fascinating new tools that will help accelerate both development and deployment in the years to come, reducing at least some of the pressure to generate more applications more quickly."
Al Gillen
The 2021 Global DevOps report by Dynatrace revealed that organizations are under more pressure than ever to drive faster innovation and deliver new digital experiences to their customers, partners, and employees.
The report observed that organizations have already made great progress driving DevOps across their applications but need to scale these efforts further to deliver new products and services with maximum speed, quality, and reliability.
The state of DevOps in Asia in 2022
Soumen Joarder, an associate principal consultant with Synopsys, posited that the DevOps practice in Asia is still in its early stages. He added that the Covid situation has forced industries to rapidly move to the cloud and that has helped the DevOps practice adoption at a rapid pace.
He observed that in different regions in Asia like Singapore, China, India and the Middle East, the maturity and adoption rate are much higher because of industries based out on these regions and the talent pool.
“The retail, IT & telecom and banking, financial services and insurance (BSFI) sectors have much higher maturity in terms of adoption and implementation in comparison with manufacturing, government and other sectors,” he continued.
Cloudbloom CEO and founder, Raghav Kamran, is more optimistic when he opined that the DevOps landscape in Asia is at the mid-point of maturity. “Some organizations that were early movers have achieved significant maturity,” he added.
He stressed, however, that most continue to grapple with the organizational and behavioural shifts required to address the continuous development, staging, automation, and testing needs in a DevOps environment.
He posited that many DevOps engineers and teams have successfully managed the scale and complexity of their solutions by streamlining development operations.
“Having made significant progress in DevOps-led digital transformation, I believe the digital-first innovators in the Asia Pacific region need to focus on service reliability to address the needs of their connected, demanding B2B and B2C customers. Reliability is critical as they build their end-to-end DevOps culture.”
Raghav Kamran
What ails DevOps teams in Asia
Let’s be truthful here: the software that powers front-, middle- and back-office operations have some form of vulnerability – most of it unintentional, perhaps because developers are under pressure to rush things or perhaps ‘just because’.
While efforts have been spent to inculcate security into the software development process, there remains a divide between development teams and security teams because these tend to operate in silos.
Efforts to embed security-by-design behaviour in the development process through DevSecOps are, at best, a work in progress.
Asked why DevOps teams struggle to incorporate security into the development cycle, Joarder attributes this to three reasons:
“A lack of knowledge in the developer community regarding security best practices, processes, and security tools; a lack of implementation knowledge like integration with different security tools, creation of automated processes and break build logics, and a lack of clear understating of DevSecOps goals as most of the times the project managers or developer put more focus on automation.”
Soumen Joarder
Kamran offers a different set of reasons: an inherent security skill gap, long development cycles, and tight delivery deadlines.
“Consider that 80% of breaches in Asia happened because of a lack of security skills and expertise in the region. Moreover, security is often considered to be the last step in the development lifecycle whereas it should be integrated from the first step,” he added.
Can access to testing tools solve the problem?
For Kamran, testing tools can strengthen the coding practice, but these will not compensate for the skill gap. “Adoption of tools and efforts in upskilling need to go hand in hand. Imbibing the security practices in the culture and education need to be given equal importance for tooling to be effectively used,” he added.
Joarder suggested the use of automated code review tools can also minimise bad coding practices.
Can AI help?
Kamran believes that AI can play a significant role in helping DevOps teams test, code, release and monitor software products efficiently. It can also empower them with automation and quick and efficient identification and resolution of issues.
“However, culture and behaviour are at the core of a strong DevOps practice. Leveraging AI to automate repetitive processes and enhance productivity and efficiency is excellent. But AI cannot replace human intelligence, knowledge, and soft skills like stakeholder empathy – some of the hallmarks of a robust DevOps culture,” he cautioned.
Joarder concurs and adds that with a mature DevSecOps pipeline, AI will come in handy with root cause analysis, fault prediction, and resourcing.
“Then again, each client and industry is different with their unique requirement and that needs to take into consideration while using any AI tool-based suggestions,” he warned.
CIOs and the practice of DevSecOps
Kamran lists four areas where the CIO will be needed to ensure sustained DevSecOps practice:
- Inter-team collaboration for holistic development that solves real-world business challenges
- Identifying the critical metrics for alignment and success and educating all stakeholders on them – from developers to business users
- Identifying the skills gaps and bringing in the right technical skills on-board
- Building an organization-wide, holistic approach to DevSecOps, thinking on behalf of all stakeholders and business functions, and subsequently reducing the piecemeal approach to DevSecOps that is very common today.
Joarder is optimistic that more enterprises will adopt DevSecOps. He believes that with a greater variety in the type of cyberattacks, policies, processes and testing methodologies will need to evolve.
“For DevOps developers, they not only need to focus on automation and testing but also other aspects of DevOps like a clear understanding of roles and responsibility but also focus on training and enablement of developers, etc,” he concluded.
