Security, automation and developer experience: The top DevOps trends of 2024


If you ask most folks to describe the top DevOps trends in 2024, you’ll likely hear buzzwords like AI or DevSecOps.

Those are certainly trendy topics. But based on the work I do on an everyday basis helping businesses plan and execute DevOps strategies, I’m noticing a different set of salient trends in the world of DevOps. Although much is being said about how technologies like AI might impact DevOps, the biggest changes I’m seeing right now involve other types of solutions and techniques.

Here’s a look at what I view as the three most important DevOps trends at present, as well as a breakdown of how they are poised to change DevOps tools and processes.

Trend 1: Policy-based management and IaC enable drive DevOps security innovation

Security has always been a priority for most DevOps practitioners. But right now, I’m seeing DevOps teams adopting new strategies in a bid to improve the security of the applications and environments they support.

One large-scale change is greater use of cloud-based policy management as a means of enforcing security best practices in cloud environments. Teams are configuring cloud services and resources using the code-based configuration frameworks that cloud providers support, then scanning the configurations to detect risks.

This approach makes it possible to enforce cloud governance consistently, centrally and automatically. Instead of simply writing governance policies and hoping that engineers remember to follow them when they are configuring cloud resources, businesses are increasingly building automated governance guardrails via policy-based management.

In a similar vein, more and more of the DevOps teams I work with are embracing static code analysis of Infrastructure-as-Code (IaC) templates as a means of detecting risks. As with policy-based management of cloud resources, an IaC-centric approach to infrastructure provisioning makes it possible not just to automate infrastructure management, but also to identify security risks earlier in the development lifecycle.

What’s more, some teams are making use of cloud policy and IaC code scanning as a way of warning each other about security policy changes that might cause an application or service to break. They do this by inserting configuration changes into their code using “audit” mode if their configuration framework supports it, or by simply configuring IaC scanners to flag changes if an audit feature is not available. This allows engineers to detect whether a change might cause a problem for an existing deployment.

This is important because within many organizations, the security team operates separately from application teams. When the two groups lack an efficient way of communicating with each other about changes, they may end up disrupting each other’s operations – an issue I like to call the “right hand/left hand” problem. Configuration scanning provides a systematic way of ensuring that each group is on the same page when it comes time to introduce changes – and the “audit” mode approach provides a grace period that allows time to react before a change actually takes effect.

Trend 2: Doubling down on DevOps automation with GitOps

Another overarching trend that is currently reshaping DevOps is the use of GitOps to make DevOps automation more efficient and consistent.

GitOps is the use of Git (or a similar source control system) to manage automated DevOps workflows. It involves defining configurations using code, then applying them through features like GitHub actions.

When you opt for GitOps, you move DevOps automation controls from individual workstations to centralized source control repositories. The result is the ability to track and manage all automated workflows via a central hub, which increases efficiency and mitigates issues like different engineers working with different versions of the same automation frameworks on their personal desktops.

In addition, GitOps automatically generates records of what has changed and how it has changed, since every action is logged through the source control system. This isn’t exactly documentation in the traditional sense, but it does mean that GitOps comprehensively documents every change – which is beneficial because human engineers tend not to be so thorough when it comes to documenting their actions.

To be sure, GitOps is not without its challenges. Implementing GitOps effectively requires additional skills – namely, expertise with both IaC frameworks and source control systems – that not all DevOps engineers possess. I also notice a tendency on the part of some teams to set up GitOps pipelines, but rely on manual approvals instead of automated actions to trigger changes – an approach that largely undercuts the value of automating pipelines in the first place.

However, these are challenges that teams can solve through education and by fully leaning into GitOps. In addition, techniques like automated testing of GitOps configuration code can help to build teams’ confidence in automations and reduce reliance on manual approvals.

Going forward, expect to see more and more adoption of GitOps techniques among teams seeking to level-up their approach to DevOps automation. Automating individual DevOps processes like software testing and deployment won’t be enough; truly efficient organizations will turn to GitOps as a way of automating their entire DevOps workflows, from end-to-end.

Trend 3: Investing in developer experience

Making software delivery processes more predictable and efficient is merely a step toward the ultimate goal of DevOps, which is to help developers become more productive and satisfied with their jobs.

To that end, I’m noticing a great deal of interest and investment right now in the realm of developer experience. This is playing out through two interrelated types of initiatives.

One is platform engineering, which involves creating DevOps teams who specialize in certain functions – such as network management or security – and designating them to support those functions throughout the organization. This approach reduces cognitive overhead for developers by freeing them from having to handle types of work that are not their main focus. In other words, instead of forcing developers to be DevOps generalists, platform engineering lets different teams focus on doing what they know and enjoy best – leading to greater productivity and higher levels of job satisfaction.

The other major trend currently playing out in the realm of developer experience is developer self-service. This means the ability of developers to obtain the technical solutions they need on-demand, without a complicated procurement process. In most cases, organizations enable self-service by implementing Internal Development Platforms, or IDPs, which host ready-made infrastructure resources and software environments that developers can deploy on a self-service basis.

There are risks inherent in these trends. They require specialized types of skills, and when poorly implemented, platform engineering and IDP solutions can create more problems than they solve. However, when you ensure that your teams have the requisite expertise, and when you deploy a carefully planned IDP that gives developers access to the resources they actually need, you’re likely to see a significant reduction in friction within your organization, and a boost in developer productivity and happiness.

Conclusion

Admittedly, discussing DevOps trends that center on security, automation and developer experience may not be as exciting as debating whether AI will take away DevOps engineers’ jobs. But if you want to know what’s actually changing in the world of DevOps – as opposed to which conversations are most hype-worthy – these are the places to look.

Security, automation and developer experience are also among the domains of DevOps where there is a great deal of opportunity at present to innovate – and, indeed, where adopting new tools and techniques will be critical for organizations that don’t want to be left behind as DevOps evolves.

 



Source link