Now that DevOps has entered its second decade, the focus has expanded beyond product delivery. It's no longer just about dev and ops, but about removing the constraints between the business and its customers, with a focus on delivering not just new features and products, but also value.
So what comes next as DevOps evolves? We asked 21 DevOps pros and industry luminaries to weigh in on what to expect in the coming year—and beyond. Their predictions center on a few key themes: As companies accelerate their digital transformations, culture, leadership, and team dynamics will continue to shift; security and DevSecOps will be more critical than ever; analytics, AI, and machine learning will continue to disrupt both Dev and Ops; and organizations will tightly focus on value and value stream management.
Here are their predictions.
Culture and leadership
Business leaders will increasingly value DevOps, showing that the work of the DevOps enterprise community matters to the people who matter.
One of the most amazing dynamics within the DevOps enterprise community is seeing business leaders co-presenting success stories with their technology leadership counterparts. For example, Ken Kennedy (executive vice president and president for Technology and Product at CSG) and Kimberly Johnson (chief operating officer at Fannie Mae) described the achievements of their technology leadership counterparts and why it was important to them. I expect this trend to continue, especially given how COVID-19 has accelerated the rate of digital disruption. I believe this bodes well for all of technology.
— Gene Kim, author and founder of IT Revolution
Hybrid product teams will become a pillar of customer value delivery.
With the rise of hybrid (remote/in-office) product teams, upskilling and online training initiatives will expand. As the pressure continues to rise to sell products and services through e-commerce sites, apps, or SaaS solutions, the lines between product and engineering teams will rapidly blur, giving rise to cross-functional, multidisciplinary teams that must learn and grow together. Each member will need to develop a wider combination of process skills, soft skills, automation skills, functional knowledge, and business knowledge, while maintaining deep competency in their focus areas. Product and engineering teams will be measured on customer value delivered, rather than just features or products created.
—Jayne Groll, CEO of the DevOps Institute and author of the 2020 Upskilling Report
Corporate culture will transform as business leaders shift their focus to systems thinking, to drive strategic investments.
Business leaders faced the dilemma of knowing they need to improve time-to-market in order to remain competitive while on a limited budget. Millions of dollars have been spent on digital transformation, which (at best) has yielded local optimizations but not systemic business outcomes. This will drive a focus on applying systems thinking to first identify where and what types of investments will result in delivering desired business outcomes and then scaling these concepts across the organization.
—Carmen DeArdo, senior value stream management strategist, Tasktop Technologies
Security
CISOs will embrace DevSecOps methodologies.
Cloud-native security will rise higher on the agenda for CISOs as their organizations embrace Kubernetes, serverless, and other cloud-native technologies. It’s a significant cultural shift to embed security within DevOps practices, but it’s necessary: Businesses are moving to the cloud so they can deliver new features quickly and at high frequency, and security teams need to embrace new tools and processes to ensure that these deployments are safe as well as fast.
—Liz Rice, vice president, open-source engineering, Aqua Security
Application security will no longer be an afterthought.
As more teams adopt the nimble iteration of DevOps, they won't have time for a lengthy security testing cycle. That's why 2021 will be the year when we officially bury the separate, after-the-fact model of software application security.
As 2021 progresses, more application teams will take full responsibility for their own security, with appropriate support from the security team. As responsibility and budgets shift, application teams will increasingly adopt a DevSecOps process, in which they fully leverage automation to maximize velocity, and develop a culture of continuous improvement that allows each team to tune and optimize its processes.
—Jonathan Knudsen, senior security strategist, Synopsys
More developers will move to application security's front lines.
As developers continue to migrate to the front lines of application security, more development teams will achieve measurably better security and productivity outcomes. By 2024, 40% of development teams will make it into the high-performer category, up from 25% today, demonstrating both high-velocity releases and strong security outcomes. The bad news is that adversaries will continue to outpace them when it comes to finding successful exploit paths to new vulnerabilities.
—Derek Weeks, vice president and DevOps advocate at Sonatype, and co-founder of the All Day DevOps conference
DevOps teams will see the value of threat modeling through security partnerships.
Application and software security professionals have known about the value proposition of threat modeling for a decade. In 2021, we'll see developers embracing threat modeling as security continues to cement existing partnerships and teaches developers to build threat models. DevOps is all about collaboration, and 2021 is the year for the security teams in big and small organizations to break down walls and change the security culture at scale.
—Chris Romeo, CEO, principal consultant, and co-founder of Security Journey
The acceleration of cloud adoption during the pandemic will shift the software security landscape dramatically.
While DevOps represents a clear evolution in the way that software is built, delivered, and operated, the architecture, composition, and very definition of applications will continue to change rapidly, leading to a rethink of software security approaches. These dual pressures of delivery velocity and cloud transformation will have a big impact on software security.
To get ahead of cloud transformation, software security will evolve into a risk-based vulnerability management service that seeks to automate and orchestrate security services as part of the software build-and-delivery pipeline. Security teams will arm developers with “point of capture” tools and coaching to eliminate vulnerabilities during development and provide policy guardrails for enabling speed. Throughout the pipeline, orchestrated security services will automatically reinforce the policy guardrails and enable risk-based vulnerability management for overburdened, under-resourced security teams that are challenged to get in front of cloud adoption. This will result in an increased demand for API security, cloud application security, application security orchestration services, and consolidated, risk-based vulnerability management approaches to software risk reduction.
—Jason Schmitt, general manager of the Synopsys Software Integrity Group
Cybersecurity will move out of the dark ages as intelligent cybersecurity emerges.
For years, both DevOps and security teams have struggled to implement security across ever-changing and complex environments. Today's reactive approach to cybersecurity, with agent-based scanning and manual orchestration tools, has led to endless vulnerabilities. But in 2021, reactive security approaches will become a distant memory, part of an era that will come to be known as the "cybersecurity dark ages." Cybersecurity in this new era will rely on intelligent machine-generated code that builds security, compliance and infrastructure in minutes.
DevOps and security teams will use intelligence-based code solutions to automatically build secure infrastructure, replacing manual attempts to fix vulnerabilities. Teams won't have to spend limited financial and personnel resources building secure infrastructures. Rather, the trend will use artificial intelligence and machine learning to build secure infrastructure.
—Lisa Azevedo, founder and CEO of Containn
Analytics and automation
Predictive DevOps will be the next transformation that will deliver business value.
This is about using AIOps techniques across the delivery chain to be more efficient in delivering continuous value improvements for the business. To achieve true value, DevOps teams will pivot toward monitoring the business instead of monitoring the application or infrastructure. As a consequence, many dev and ops organizations will realize that they do not have the right skill set to understand what really matters to the business—and the concept of BizDevOps will be born. Business people will become part of the team that delivers digital instead of being a consumer of digital.
—Lars Rossen, chief technology officer, Micro Focus
Autonomous DevOps automation will become the new normal.
DevOps will rely on more advanced and autonomous techniques to generate automated outputs across various stages and activities within the lifecycle. To that end, robotic process automation tools will invade the DevOps ecosystem and help with automation of manual and error-prone tasks for greater productivity. In addition, augmenting digital apps and automating end-to-end user flows and testing will become a reality in a codeless manner. This will allow teams to cut down their test automation time. Code reviews for better validation of post-code commits will also join standard unit testing and human code reviews. These will better enable the identification of more complex security, functionality, and performance issues.
—Eran Kinsbruner, chief evangelist for Perfecto, Perforce Software
Analytics techniques will be adopted at every step in the software development lifecycle to make smarter decisions.
This will enable, for example, optimal business prioritization of backlog items to maximize customer satisfaction, effective testing validation to minimize risk through change impact assessment, and shorter time to resolve application problems through anomaly detection and proactive resolution. This will be enabled through analytical systems that will ingest big data across the value stream, including human and machine data, using a variety of analytics techniques such as machine learning, deep learning, NLP, etc.
—Mark Conway, director, Office of the CTO, Micro Focus
Operations management
DevOps will integrate with AIOps to provide seamless operational feedback, and automated bug fixes will remove most human involvement.
Organizations will begin to understand AIOps' true potential for DevOps. While CloudOps teams understand that AIOps provides a layer of automation to remove the humans from having to deal the rising multicloud complexity, organizations are now considering integration with DevOps tool chains and processes. The advantages of leveraging AIOps as part of the DevOps tool chain includes the ability to leverage automated operational feedback from AIOps tools, including root-cause analysis and data consolidation/aggregation, that allows organizations to summarize gigabytes of operational data and direct that back to developers for application improvement, as well as to the automated DevOps systems such as testing, integration, and deployment. The objective will be to provide automated improvement of application operations, without having to have humans figure out what’s wrong and how to fix it.
—David Linthicum, chief cloud strategy officer at Deloitte Consulting
Microservice configuration management will become critical for tracking and deploying logical application versions and microservices across clusters.
Tracking the versions of microservices running across all clusters will become increasingly difficult as organizations embrace Kubernetes. In the process, those organizations will lose the concept of application versions and instead will need to track microservice relationships and configurations cluster by cluster.
To address the challenge, organizations will begin automating configuration management of microservices, versions, and the logical applications they create before deploying them to clusters. Those configuration insights will provide DevOps teams with the data they need to make informed decisions and the confidence to push microservices across dozens of clusters all day long. The bottom line: You will still need the ability to control what you release to your end users. Tracking the configurations and versions of services to application relationships will eliminate the risk and complexity of a microservice implementation.
—Tracy Ragan, CEO and co-founder, DeployHub
Organizations will strive to achieve the platform-as-a-product model for internal platforms, but adoption will be difficult.
Organizations seeking to limit the cognitive load on software product teams have successfully used a platform-as-a-product model for defining, refining, and running their internal platforms. By applying to internal platforms the product management approaches normally used for B2C and B2B cloud products—such as UX, user personas, Net Promoter Score (NPS), and fine-grained cost tracking—organizations will find that their internal platforms are more responsive, less bloated, and less constraining to software product teams. But treating an internal platform as a product needs a different mindset and approach compared to the inflexible, monolithic, and cumbersome internal platforms of the past. Many organizations will adopt the surface aspects of platform as a product without the deep change needed; without true product management and a focus on UX, these approaches will flounder.
—Matthew Skelton, founder of Conflux and co-author of the book Team Topologies
Development
Developers will have more say in the technology direction and data strategy of their companies.
Expect an aggressive “shift left” across all industries, where CIO’s will depend more on their development teams to guide the technical direction of the company. Historically, development teams have taken a top-down approach to move their data to the cloud, but, as with many things in the world, that changed with the pandemic and the subsequent reinforcement of cloud-based environments. In 2021, DevOps teams will continue to have far more say in the data strategy process, and as a result we’ll see a greater increase in the mobility of workloads, correlating with an increase in cloud data management techniques.
—Danny Allan, chief technology officer, Veeam
In an all-digital world, developers will have a more important seat at the table.
Rapid technology advancements, sweeping changes in business priorities, and a seemingly insatiable demand for software have collided—meaning developer roles will evolve and will have a more important seat at the table. GitLab’s latest DevSecOps survey found that developers are already seeing this change and reporting new ops and security responsibilities while releasing software at a faster rate. In 2021, software will be seen as critical to business success, and developers will become embedded in business teams, rather than technology teams.
—Brendan O'Leary, senior developer evangelist, GitLab
Organizations will finally realize that deploying to production on every code commit isn't always appropriate.
Though much is made of the big tech companies’ ability to deploy to production many times per hour and deploy to production on each code commit, organizations will begin to realize that that approach isn’t always appropriate. In order to succeed with that level of code commits, an organization’s software and associated delivery must have both a low cost of change and a low cost of failure. The big tech companies have lots of resources that they can choose to expend on establishing and maintaining these low costs. Most organizations will realize, however, that they don’t fall into that “deep pockets” category, and so they must craft continuous delivery processes that are consistent with that organization’s tolerance for change and failure. More organizations will be responsible and appropriate with their expectations and plans in 2021.
—Paul Grizzaffi, principal automation architect at Magenic
DevOps will follow the path of "BADgile," becoming DevOps for most teams.
Many teams are mistakenly “doing agile” rather than “being agile” and have ended up with "BADgile," and this same affliction will also affect teams moving to DevOps in the coming year. Their over-focus on automation tools will result in missed requirements and more defects pushed into production.
Successful DevOps teams will improve their end-to-end processes first, including robust automated and manual testing to validate quality standards and security requirements, and the segregation of duties across workflows. Because you can't fail fast enough to make up for poor quality.
—Hans Eckman, principal research director, applications—agile development and management, Info-Tech Research Group
Value streams
DevOps will expand from product delivery to value delivery.
DevOps will expand beyond product delivery to business value delivery and value stream delivery, enabling a broader digital transformation. This requires taking an outside-in view from the business outcomes back into the people, processes, and technologies required to power them. We will see tighter collaboration between business stakeholders and delivery teams, aligning goals and measuring the right business KPIs such as customer satisfaction, usage, and transaction rates, followed by continuous adaptations in processes and technologies to improve them.
—Yaniv Sayers, senior director and chief technologist, Micro Focus
DevOps journeys will accelerate as teams adopt value stream management practices and platforms cross-organization.
DevOps debuted with the Three Ways, the first of which focuses on optimizing the flow of work, but teams are still struggling with understanding and improving cycle times from idea to value realization. Increasingly, organizations will be designing around value streams, and value stream mapping has long been established as a de facto practice for laying the groundwork for making improvements based on DevOps principles. Where value stream mapping failed, in driving ongoing, continuous and data-driven conversations that measure progress in a DevOps journey, value stream management will win. It connects the elements of the DevOps toolchain, allowing visibility of value, since it starts as an idea and continuing through its journey until it reaches the customer. By inspecting their value stream management platform’s data and insights, teams will be able to adapt, choose whether to pivot or persevere based on value stream performance, and receive real-time customer feedback.
—Helen Beal, chief ambassador, DevOps Institute
Keep learning
Take a deep dive into the state of quality with TechBeacon's Guide. Plus: Download the free World Quality Report 2022-23.
Put performance engineering into practice with these top 10 performance engineering techniques that work.
Find to tools you need with TechBeacon's Buyer's Guide for Selecting Software Test Automation Tools.
Discover best practices for reducing software defects with TechBeacon's Guide.
- Take your testing career to the next level. TechBeacon's Careers Topic Center provides expert advice to prepare you for your next move.