kantver - Fotolia

Wanted: DevOps governance that enables -- doesn't inhibit -- work

DevOps doesn't follow the strict work rules of old-school development processes, but rules are still needed. Read about four elements of DevOps governance that keep chaos at bay.

For IT organizations used to working within specific frameworks such as ITIL and COBIT, the move to DevOps can seem -- in the words of one DevOps engineer -- like chaos.

There may be some truth to that observation: Results from a survey of 2,000-plus IT industry executives released earlier this year by software company Quali and analyzed by Enterprise Management Associates (EMA) showed a lack of central governance and automation for new application environments.

"This leads to pockets of developers using their favorite, often not well integrated, DevOps tools," Torsten Volk, EMA's managing research director for hybrid cloud and infrastructure management, said when announcing the survey results.

Quali CMO Shashi Kiran identified similar lapses in DevOps governance.

"Sometimes, when you want to get stuff off the ground, there isn't a lot of discipline with best practices and standardized practices because the emphasis is always on getting things done quickly," he said.

Torsten VolkTorsten Volk

As a result, experts said developers may opt to use the tools and open source codes they individually prefer and move along without enough oversight, potentially leading to too many variations as projects scale.

Volk said, "To clean up this mess, we need a template or blueprint-driven approach with one central management platform or point of access, assuring consistency of deployed application environments, from the app server and back-end data to the load testing software."

Although DevOps eschews the strict divisions of work that dominated old-school development processes, leaders at effective DevOps shops said rules are still needed. They said organizations need to have some level of DevOps governance to ensure the teams deliver on the benefits DevOps promises, like speed, without creating additional problems.

Carl CaumCarl Caum

"It can feel chaotic, but it's not [when done right]," said Carl Caum, technical product marketing lead at Puppet Inc., an automation software company that uses DevOps for its own internal work. "When you build the right culture, then everyone wants to work together and the work can be auditable, verifiable and collaborative."

Top-down, bottom-up DevOps governance

Managing the DevOps environment isn't traditional IT management, however, with dictates coming down from the top.

The best rules are the ones that are invisible. When you put these guardrails on, you shouldn't be converting them into hurdles. You want to facilitate the process and not become a blocker. That's the balancing act.
Shashi KiranCMO, Quali

Rather, experts said, it means establishing parameters for teams so they have the right amount of freedom to pursue solutions they believe will work. It means allowing them to use the tools they prefer from an approved toolbox. And it means having them work within the automation set up by the organization to ensure the standardization required to work effectively at scale.

However, all these guardrails should enable, not restrict.

"The best rules are the ones that are invisible," Kiran explained. "When you put these guardrails on, you shouldn't be converting them into hurdles. You want to facilitate the process and not become a blocker. That's the balancing act."

Caum agreed, saying executives or managers alone can't drive DevOps governance if the organization wants to succeed.

"The companies who do it well have a top-down as well as a bottom-up approach," Caum said.

The practitioners on the ground need a say in choosing the tools and practices they want. And then they need to promote those options to others in the organization; they need to be champions for DevOps, Caum and others said.

Meanwhile, they said, the CIO and other leaders should champion the DevOps practices, highlight the benefits produced, and work to guarantee that the work created is auditable and verifiable and meets standards; those wins go a long way to gaining converts.


Standardization is also critical for an effective DevOps shop, with standards tailored to the needs and objectives of each individual organization, leaders said.

"Everything goes through the pipeline. I equate the pipeline to the assembly line, and everything is automated in the pipeline to ensure we're learning as we go," said John Jeremiah, IT and software marketing leader at Hewlett Packard Enterprise.

Shashi KiranShashi Kiran

In fact, organizations should consider standardizing on certain tool sets and workflows that establish, for example, what the process is for checking in code at which checkpoints in order to ensure the code is secure, Kiran said.

"The sooner organizations can get to standardization that's unique to their organization, the faster they can move forward," Kiran said.


Automation is another key way to ensure DevOps teams stay on the road and to guarantee visibility.

"There's lots of automation that has to be put in place," said Forrester Research analyst Diego Lo Giudice. "There is a big concern about not having control with DevOps, particularly on the operations side, where they're coming from ITIL where everything is written in a process with very strict control points." The concern is that these controls are lacking in DevOps.

Diego Lo GuidiceDiego Lo Guidice

"But you do have DevOps governance. You can have all the control points you want, but they're automated," he added.

Lo Giudice stressed that automated environments improve compliance.

"Traditional governance practices rely on manual controls because most of the processes are manual. Automating processes eliminates variability, reduces cost and makes the remaining manual processes more visible," he wrote in his 2016 report "Use DevOps And Supply Chain Principles To Automate Application Delivery Governance."

Automation was also stressed as a key ingredient of DevOps success in the "2017 State of DevOps Report" presented by Puppet and DevOps Research and Assessment (DORA). "High performers automate significantly more of their configuration management, testing, deployments and change approval processes than other teams. The result is more time for innovation and a faster feedback cycle," the report states.

However, despite the importance of automating everything from testing and verification to the release process, Quali's survey found that automation remains one of the top 10 barriers to DevOps success.


Another barrier to achieving effective DevOps governance, according to the Quali survey, is establishing the right collaborative culture. Other leaders echoed that sentiment, saying that organizations must build collaboration and trust if they want to effectively run a DevOps shop.

"In the end, it's about people," Caum said. "If you don't get people to buy into helping other people, then you're done. That's the hardest part, the cultural aspect -- getting people to care about other people and empowering other people. And no tooling or governance process is going to fix that. There is nothing you can build that will make people care. It takes time and work to make it work."

Caum said executives looking to foster the right culture should use automation to ensure quality and consistency with changes, have people verify other other's proposals, and use systems of verification such as automated testing. Such pieces help build trust that the DevOps governance process works well, helping to combat the possibility of a culture emerging where staffers don't want to work with each other and retreat to their own siloed disciplines, experts said.

"All of that together increases the rate of collaboration and deployment and reliability of the infrastructure," Caum said, "and makes the company be able to things they weren't able to do before."

Next Steps

A proper DevOps methodology is the best path ahead

DevOps engineers needed for successful deployment

Chatbot tech supports demands of IT and DevOps

Dig Deeper on Enterprise application development, DevOps and software agility