Security, Automation and Developer Experience: Top DevOps Trends in 2024

If you ask most people to describe the top DevOps trends in 2024, you’ll likely hear postscripts like AI or DevSecOps.

These are certainly trendy topics. But based on the work I do every day helping companies plan and implement DevOps strategies, I notice a different set of prominent trends in the DevOps world. While there’s a lot of talk about how technologies like artificial intelligence can impact DevOps, the biggest changes I’m seeing right now involve other types of solutions and techniques.

Here’s a look at what I consider the three most important DevOps trends right now, as well as an analysis of how they’re poised to change DevOps tools and processes.

Trend 1: Policy-based management and IAC enable DevOps security innovation

Security has always been a priority for most DevOps practitioners. But right now I see DevOps teams adopting new strategies in an attempt to improve the security of the applications and environments they support.

One big change is the increased use of cloud-based policy management as a means of enforcing security best practices in cloud environments. Teams configure cloud services and resources using code-based configuration frameworks that cloud providers support, then scan the configurations to detect risks.

This approach enables consistent, centralized and automatic implementation of cloud management. Instead of simply writing management rules and hoping that engineers remember to follow them when configuring cloud resources, companies are increasingly building automated management guardrails through policy-based management.

In a similar vein, more and more DevOps teams I work with are embracing static analysis of Infrastructure-as-Code (IaC) templates as a means of detecting risk. As with policy-based cloud resource management, an IAC-centric approach to infrastructure provisioning enables not only the automation of infrastructure management, but also the identification of security risks earlier in the development lifecycle.

Moreover, some teams use cloud policies and IAC code scanning as a way of alerting each other to security policy changes that could cause an application or service to fail. They do this by injecting configuration changes into their code using “audit” mode if their configuration framework supports it, or by simply configuring an IaC scanner to flag changes if the audit feature is not available. This allows engineers to detect whether a change may cause a problem for an existing implementation.

This is important because within many organizations the security team operates separately from the application teams. When two groups don’t have an effective way to communicate changes to each other, they can end up interfering with each other’s operations—a problem I like to call the “right/left hand” problem. Configuration scanning provides a systematic way to ensure that every group is on the same page when it comes time to make changes – and an “audit” mode approach provides a grace period that allows time to react before the change actually takes effect.

Trend 2: Doubling down on DevOps automation with GitOps

Another overarching trend currently reshaping DevOps is the use of GitOps to make DevOps automation more efficient and consistent.

GitOps is the use of Git (or a similar source control system) to manage automated DevOps workflows. It involves defining configurations using code, then applying them through features like GitHub Actions.

When you opt for GitOps, you move DevOps automation controls from individual workstations to centralized source control repositories. The result is the ability to monitor and manage all automated workflows through a central hub, which increases efficiency and alleviates problems such as different engineers running different versions of the same automation framework on their personal desktops.

In addition, GitOps automatically generates records of what was changed and how it was changed, as every action is logged through the source control system. This isn’t exactly documentation in the traditional sense, but it does mean that GitOps comprehensively documents every change—which is useful because human engineers don’t tend to be as thorough when it comes to documenting their actions.

To be sure, GitOps is not without its challenges. Effective implementation of GitOps requires additional skills—namely, expertise with IaC frameworks and source control systems—that not all DevOps engineers possess. I also notice a tendency for some teams to set up GitOps pipelines, but rely on manual approvals instead of automated actions to initiate changes—an approach that greatly undermines the value of automating the pipeline in the first place.

But these are challenges that teams can solve with education and full reliance on GitOps. In addition, techniques like automated testing of GitOps configuration code can help build teams’ trust in automation and reduce reliance on manual approvals.

In the future, expect an increasing adoption of GitOps techniques among teams looking to elevate their approach to DevOps automation. Automating individual DevOps processes like software testing and deployment will not be enough; truly effective organizations will turn to GitOps as a way to automate their entire DevOps workflows, end-to-end.

Trend 3: Investing in developer experience

Making software delivery processes more predictable and efficient is only a step towards the ultimate goal of DevOps, which is to help developers become more productive and satisfied with their work.

To that end, I’m currently seeing a lot of interest and investment in the developer experience area. This takes place through two interrelated types of initiatives.

One is platform engineering, which involves creating DevOps teams that specialize in specific functions—such as network management or security—and assigning them to support those functions across the organization. This approach reduces the cognitive costs for developers by freeing them from having to deal with types of work that are not their main focus. In other words, instead of forcing developers to be DevOps generalists, platform engineering allows diverse teams to focus on what they know and enjoy best—leading to higher productivity and higher levels of job satisfaction.

Another major trend emerging in the developer experience space right now is developer self-service. This means that developers can get the technical solutions they need on demand, without a complicated procurement process. In most cases, organizations enable self-service by implementing internal development platforms, or IDPs, which host ready-made infrastructure resources and software environments that developers can deploy on a self-service basis.

These trends carry risks. They require specialized types of skills, and when implemented poorly, platform engineering and IDP solutions can create more problems than they solve. However, when you ensure your teams have the expertise they need, and when you implement a carefully planned IDP that gives developers access to the resources they really need, you’ll likely see a significant reduction in friction within your organization and a boost in developer productivity and happiness.

Conclusion

Admittedly, discussing DevOps trends that focus on security, automation, and developer experience may not be as exciting as discussing whether AI will take the jobs of DevOps engineers. But if you want to know what’s actually changing in the world of DevOps—as opposed to which conversations are the most worthwhile—these are the places to look.

Security, automation, and the developer experience are also among the DevOps domains where there are currently many opportunities for innovation—and indeed, where adopting new tools and techniques will be critical for organizations that don’t want to be left behind as DevOps evolves.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *