DevOps World 2022 was originally set to take place in Orlando, FL on Wednesday 28th September and Thursday 29th September. Unfortunately, Hurricane Ian had other plans and the DevOps World in-person component was canceled. Instead, a virtual conference was launched. However, the time for the virtual event was shorter. And, as the event had been expecting to deliver hundreds of sessions in-person, this meant many of the sessions were cut for online delivery. Yet, CloudBees still put on a great virtual conference with several great takeaways. SPKA Vice President, Michael Roberts has wrapped up the insights below.
The opening keynote was a quick introduction from newly appointed CloudBees CEO, Anuj Kapur. Anuj stated that “despite economic environment, digital transformation in terms of software delivery platforms is still requiring companies to move quickly. Software innovation continuously redefines what’s possible to be the leading software delivery platform, empowering enterprises to compete and win a world of endless possibilities.”
Recently, CloudBees’ acquired ReleaseIQ. The platform’s release orchestration capabilities can improve your software delivery practice. ReleaseIQ’s no code visual pipeline composer allows users to create, view and monitor continuous improvement/continuous delivery (CI/CD) pipelines from drag and drop utilities. These utilities pull in information from multiple tools. Additionally, this non-intrusive, pipeline orchestrator is compatible with most CI technologies including:
- CloudBees CI.
- CD technologies such as ArgoCD or homegrown deployment tools.
DevOps World 2022: Release IQ Insight
Release IQ co-founder Seetharam Param and Shawn Ahmed, Chief Product Officer at CloudBees, provided great insight at DevOps World 2022. They delivered a guided tour through the important technologist questions about ReleaseIQ and its implementation into the CloudBees ecosystem.
“Irrespective of CI/CD tools, engineers can use this composer to create an end-to-end pipeline,” said Seetharam Param. “You don’t need to wait for a Jira ticket or other info from the release pipeline to tell you what to do next.” Then, during one of the breakout sessions, Seetharam conducted a deep-dive demo. This demo showed pipelines that contain manual approval steps where desired, or how pipelines can be completely automated.
The ReleaseIQ dashboard shows commits, builds and deployment data. It also shows deployment frequency and other data points. That may not be new news for you. But, what we hadn’t seen before was that the dashboard shows actionable insights, including your deployment statistics versus the industry averages. This gives organizations insights on how up-to-speed, or behind-the-times that they may be.
DevOps World 2022:
CloudBees Compliance to the Rescue
Tim Johnson, CloudBees Senior Product Marketing Manager delivered a keynote segment entitled “Shift-Left, Done Right”. Additionally, he presented a session entitled “The Compliance Tax and How It Is Slowing Innovation”.
CloudBees showcased their Compliance offering and detailed how regulatory compliance is slowing down innovation and value delivery.
Compliance And Security Tax
The primary purpose of any software-driven organization is to go faster. And, security and compliance efforts are vitally important. But, they don’t add competitive value to an organization. Additionally, they can hinder innovation and slow down software delivery. This is the tax that must be paid and “Shift-Left” approaches only add to that tax. Tim showed actual real-world examples with CloudBees client information that calculates the Security and Compliance Tax. He used that as justification to change the organizational approach for security and compliance in a DevOps world.
Tim’s keynote and breakout session were interesting. Specifically around the “how to start” assessing the work being done and how much of that work is compliance and security “tax”. Also, Tim talked about tagging work, which can be done in tools like Jira. The work can be tagged as:
- A “Feature”, when the work being done is adding a new benefit to the product,
- “Compliance/Risk” when the work provides no added value but satisfies some regulatory compliance, security or other risk assessment need.
- “Technical Debt” when the work isn’t adding features to the existing product but is addressing a technical deficiency. For example, a bug or addressing a non-functional requirement.
Looking at the percentage of time that most are spending on non-value-producing activities is probably surprising for most executives.
Above the Line/Below the Line
Tim also mentioned another method a CloudBees client currently uses to measure this as the “Above the Line/Below the Line”. This means things that provide value to the product are above the line, and anything that isn’t providing direct value is below the line. Then, the organization can look at the number of activities, and percentage of time spent, on Above the Line versus Below the Line activities.
DevOps World 2022: Shifting left
All executives want to reduce defects and “shift left”. Additionally, they want to identify and resolve defects in the development process. To emphasize the point of adoption of this “shifting left” methodology, CloudBees compiled data from a survey of their clients. Next, Tim shared the results:
- 86% think more about compliance than the previous year.
- 82% of them are more concerned about cybersecurity attacks over the previous 12 months.
The development and deployment process has become increasingly complex in the pursuit of making defects easier and less expensive to find earlier, This has led to a decrease in agile team velocity. That means they are producing less valuable work to the customers they are meant to serve.
According to this CloudBees survey, developers spending over half of their time on something that doesn’t add value.
DevOps World 2022: 3 Actionable Compliance Items
According to CloudBees, to shift left, and remain compliant, organizations should look at 3 actionable items for compliance on-demand:
- Organizations should state what is safe and secure that allows a policy to be mapped to automation. This allows IT operations staff and developers understand how to prioritize risk and security in conjunction with other initiatives.
- Compliance checks should be run across the entire production environment, test environments and other systems. This is to ensure there is one single source of truth and transparency for compliance and auditability.
- There should be a problem/threat context in relation to the software development process, impact on business critical services and applications.
DevOps World: What Is CloudBees Compliance?
CloudBees believes they have created a capability that provides all of those items in one tool called CloudBees Compliance:
- It runs continuously alongside the software delivery process
- Uses out-of-the-box regulatory control frameworks, like CIS, CSA, FedRAMP, PCI, GDPR, NIST, HIPAA.
- Or your own custom controls to ensure compliance in real-time at every stage.
This allows for automated compliance from commit through production.
To balance risk and innovation, CloudBees Compliance understands, in real time, the state of the software delivery estate as measured against internal controls and regulatory frameworks. Additionally, it also produces trusted documentary evidence of security, compliance, and risks, including who accepted the risks. By providing context to alerts, IT and developers know which issues need to be dealt with first and then prioritize actions.
Through Compliance, users can enhance risk posture based on comprehensive, real-time risk and compliance data for:
- Critical business services.
- Digital assets.
- Business units.
Developers can become disgruntled when they have to deal with thousands of security and compliance alerts each week. Or, when they don’t have the ability to add “cool new product features”. Eventually, the disgruntled developer will want to leave the company. But, with the implementation of Compliance, organizations can materially enhance the developer experience. How? By eliminating alert storms and having to guess what needs to be fixed.
The last part of the keynote at DevOps World 2022 was from James Governor, Principal Analyst & Co-Founder of RedMonk. His topic was Remix Culture and the parallels between remix culture and DevOps. He talked about the parallels and evolution of music, fashion, and DevOps. Then, he explained how Platform Engineering is an essential job in the evolution of DevOps. James uncovered the need for a set of services that devs can use and ops can manage. Because simplicity is the new desired outcome.
This is a period of fragmentation, tool fatigue, and complexity. Thus, the desired outcome should be:
“Trying to find tools that can provide a platform where individuals utilizing the platform can be happy to use it.”
James also mentioned Accelerate by Nicole Forsgren, Jez Humble and Gene Kim along with Team Topologies by Matthew Skelton and Manuel Pais. He said these were excellent books about the changes in the DevOps ecosystem. I also highly recommend these.
SPK Wins Service Partner of the Year from CloudBees
CloudBees Partner Day was held on 3rd November 2022. SPK and Associates were awarded the CloudBees Service Partner of the Year award for 2022. Read more about the award here.
What’s Next For DevOps World?
Unfortunately, DevOps World 2022 was not in-person this year but it will be next year. SPK and Associates will definitely be a part of DevOps World 2023 and we look forward to seeing you there.