DevOps World London 2023: A way out of lingering software delivery anti-patterns

The DevOps World Tour of 2023 came to its last stop fittingly in one of the global financial hubs.

The conversations at the London event added a necessary spotlight to the ever-growing responsibility of developers to make security and governance a reality in code. The circular chase of companies to stay in code with ever-changing regulations while making it seamless in a developer’s workflow.

In case you missed this event, here are a few thought provokers from the multi-angular discussions spanning the entire day from kickoff to the happy hour.

DevSecOps stops you from treating governance as an anti-pattern.

Companies stagnate in their DevOps maturity partly because of how they tackle (or don’t tackle) security and governance. Similar to testing, shifting left in governance doesn’t have to be a big lift. You can factor in your regulator’s requirements early in the software development process. Consider applying ‘infrastructure as code’ principles to ‘policy as code’ to make this possible.

Your developers and platform teams can now stick to regular working hours.

Jenkins is massive and here to stay! Most software you’ve experienced had to touch a Jenkins pipeline at some point. This level of popularity makes scale and resilience crucial. Several new releases from CloudBees address this need by resolving the bane of the developer’s existence - ‘time waiting for things to finish.’ Troubleshoot faster from the ground up using Pipeline Explorer. Save a significant portion of build time across multiple developers via Workspace Caching. And say goodbye to monolithic controllers with HA/HS.

We deserve a new cloud native DevSecOps platform right now.

IDC forecasts that 750 million cloud native applications will be created globally by 2025. Couple this fact with the shortage of professional developers and the explosion of low-code apps, and you swiftly end up with a living nightmare for security and governance folks. On the flip side, this can be a market opportunity in disguise.

The CloudBees launch of a cloud native DevSecOps platform on Nov 1st chooses to focus on the latter. In the words of Eric Billingsley (General Manager SaaS at CloudBees), the platform lets “engineers have freedom and DevOps teams have the right amount of control.” Open and extensible for developers, along with built-in security and compliance, offering flexibility for organizations to mirror how their globally distributed dev teams work with each other.

Developers need to look more like their customers.

We need diverse teams to design and build well-thought-out products. To look more like the customers they serve through their products. To tackle unconscious bias in coding and emerging areas like GenAI. If there’s still any hesitancy, look at the overwhelming results from multiple studies showing how diverse organizations are way more profitable than average.

You can’t escape vulnerabilities, but you can better manage the risks.

Shift left in phases unless you want to make it overwhelming for your developers. The reality, despite that, is companies can’t escape vulnerabilities completely. It’s up to Application Owners to be familiar with the risks and accept the ones they can be comfortable with.

What can we do to control the risks from legacy applications? The first step involves education. Be well versed on the risks. Entertain more automation at a regular frequency to discover vulnerabilities. Finally, don’t leave your judgment at the door on what the right level of security needs to be.

Platform teams are indirect revenue generators.

Approach your internal developer platform as a product. This mindset shift can transform the platform as an enabler of innovation and creativity by improving interoperability among developers. Make the platform fit your organization’s business context. Don’t forget about the different stakeholders in the process - everyone from internal developers to product owners to users of your applications.

Remember - A platform team’s work is never complete without a healthy dose of ongoing feedback. Collect pipeline metrics, send developer surveys, run internal platform improvement sessions, to name a few.

You can’t build two separate products - one with AI and one without AI.

An organization-wide AI strategy is an absolute must to avoid complete chaos. AI is not a detachable feature, so stop treating it as one.

Consider second-order implications as the impact of AI grows within your product portfolio. Two example scenarios to get you thinking of the implications - (i) How will AI affect your pricing strategy? AI functionality relies on some version of metering. Does this completely change your current subscription pricing? (ii) What about your AI engineers? You need to make them part of your platform team!

Hey Devs, We can’t wait to see what you build next!

Anuj Kapur (CEO of CloudBees) kicked off the London event, sharing stats on why the software transformation is still in its infancy. Despite Marc Andreessen’s seminal piece on why software is eating the world coming out almost a tech lifetime ago in 2011, seeing current software spending as a fraction of global GDP convinces you of the room to grow. Still not convinced? Let’s throw in one of many bold predictions from Vinod Khosla - venture capitalist plus early investor in OpenAI - to get you dreaming of the possibilities.

“The thing nobody talks about is that in 10 years we’ll have a million bipedal robots and in 25 years we’ll have a billion. You’ll buy yours for $10K and it will be as important to your life as your smartphone is now.”

As we're about to enter 2024, consider this prescient line from the end of Anuj's speech - "(It's a) great time to be a software developer. We can't wait to see what you build next."