It wasn’t that long ago that a Development Operations (DevOps) team’s main role was to manage infrastructure and hardware. They could often be found in the cold basement, cable deep, investigating some bizarre networking issue that resulted in ‘access denied’ errors, or worse, no Wi-Fi connection.
The professional face of this vital role has significantly changed in the last five years. As well as managing any on-premises servers, routers, Wi-Fi access points, firewalls, and uninterruptable power supplies, their role has expanded.
With significant cyber security threats emanating from Asia, as well as disruptive hackers, and teenagers in their bedrooms investigating security loopholes to ‘prove themselves’ in the hacker community, DevOps Engineers certainly have their hands full.
In larger organizations, cyber security is handled by significantly sized teams comprising multiple roles, including security managers, security engineers, security analysts, system analysts, system admins, and IT operations managers. In fact, a senior C-level position has been created to head up divisions of these teams; the CISO (Chief InfoSec Officer). A significant responsibility has been bestowed on this team. They are the first and last line of defense for the organization’s electronic landscape.
For smaller organizations, SMEs of 20 to 100 people, this responsibility tends to lay in the hands of a very small number of individuals, perhaps only one in some cases. Due to the financial constraints of smaller start-up and scale-up companies, this is necessary. It could be argued, correctly, that this decision is a security issue but keeping costs to a minimum is often the difference between a company surviving or going under.
Due to the additional responsibility of security that is added to the DevOps team, it is often renamed DevSecOps incorporating arguably the most essential aspect of the company, which is its security.
Whether for a large team or a small one-person band, DevSecOps tools are key to efficient processes and getting the job done. Gone are the days of self-built programs, BASH scripts, Cron jobs, and scheduled jobs. The tools used by the team on a day-to-day basis must be open, obvious, well documented, editable, tested, and kept up to date.
If a company becomes too reliant on a single individual and there is little or no supervision, vulnerabilities become the norm via a lack of peer review processes. Hand over to new team members, growth and expansion become difficult at best and impossible at worse.
Automation and cloud are key. Integrating tools like GitLab for code and document storage, where access can be controlled centrally, Jenkins for pipeline Continuous Integration and Continuous Deployment are vital.
As a final point, it’s vital not to forget reliability. A new role has crept into this team in the last few years, the Site Reliability Engineer or SRE. This is a hybrid role that sits very much in the Operations and Security team but also has a significant impact on the Development team. Their remit incorporates aspects of software development and applies them to infrastructure and operations problems. For example, they may manage a series of tools that monitor any new code produced for vulnerabilities before it is released. This is a vital part of ensuring that web and mobile applications are in tip-top condition and as secure as possible before being delivered to users.
This article has briefly looked at the changing role of DevOps Professionals.