What is DevOps?
A combination of the words “development” and “operations,” DevOps is a philosophy and set of practices that brings teams together to deliver better software, faster.
DevOps has been defined in many ways: A culture shift, a set of best practices, or specific tooling. In reality, it’s a combination of all three. DevOps is a way of working where development, IT operations, and security teams partner together to build, test, and provide regular feedback throughout the entire software development lifecycle (SDLC). Using automation and collaboration, teams develop shared context, expertise, and roles to ship more secure and resilient products.
The journey from silos to shared workflows
DevOps sets a new standard for how we build software. Before the mid-2000s, developers, IT operations, and security teams typically worked in silos. Developers wrote code, which was tested by QA teams, then sent to IT operations teams for final deployment to production. Security teams checked code for vulnerabilities only after it was deployed. If issues were found, the entire process started over again. This linear approach to software was slow and frustrating for everyone involved. Then in 2008, system administrator Patrick Debois and software developer Andrew Shafer created a working group to help bridge the gap between operations and development teams. Their best practices became the DevOps processes we know today.
Why adopt DevOps?
Traditional deployments are difficult, manual, and often break down, leading to employee burnout and unsustainable release cycles. In comparison, recent research shows that using DevOps methodologies and principles like automation drive productivity and improve developer experience. DevOps makes building and shipping software faster, friendlier, and more collaborative—and automates almost all of the process. Developers can focus on their goals, prioritize work-life balance, and get more time for the projects they care about. This type of satisfaction builds on what we know from organizational psychology: Teams do their best work when they’re personally invested in the outcome.
Reduce manual tasks and gain consistency, reliability, and efficiency.
Use the cloud to easily provision environments so teams can get to work faster and scale services to meet demand.
Protect customers and code while managing access across locations and environments.
Build and foster a collaborative culture with strong communication.
We’ve gone from over 30 siloed software engineering groups to a largely cohesive team. By using standards and automation, the DevOps journey is now three steps and takes less than a day.
Adoption is more than automation
Automation is key to DevOps. By removing manual tasks and setting up automated DevOps workflows like CI/CD, teams can ship to production faster and focus on only the most critical code. But automation is only one part of the story.
While adopting DevOps automation—and the tools that enable it—are important, having a specific toolset doesn’t equal “doing DevOps.” DevOps is an approach and tools are just one way we put it into practice. More importantly, the tools that work for one organization may not work for yours. It’s about finding the right combination of automation and tooling to support your team throughout the entire DevOps lifecycle. So why is CI/CD so often tied to DevOps?
The mindset we carry is that we always want to automate ourselves into a better job. We want to make sure that the task we’re doing manually today becomes mostly automated.
Breaking down the DevOps lifecycle
DevOps encompasses every part of application development. Whether you call them “steps,” “stages,” or “phases,” the process that teams follow to build and ship software in a DevOps model is typically referred to as the DevOps lifecycle. Like any good DevOps approach, collaboration is always ongoing—teams share many of the same tools and responsibilities from beginning to end.
Teams gather requirements and feedback, and start sketching out the resources they’ll need. DevOps teams focus on continuous planning—plans that can be updated frequently, even on a daily basis. To build out roadmaps and track progress towards their goals, teams leverage project management tools everyone can access and use.
GitHub issues and project boards, Jira
As project managers assign tasks, developers get to work. Here, DevOps comes to life: With version control and cloud-based development environments, developers can make ongoing changes and review code together in real time. DevOps continuous integration (CI) also kicks in, where code changes are automatically turned into builds, tested against required checks, then merged and prepared for deployment.
Continuous integration stack
Git, GitHub Codespaces and Actions, GitLab CI pipelines, CircleCI, Jenkins
After passing initial checks, developers use continuous delivery (CD) tools to automatically push code changes to a non-production testing or staging environment. At this point, applications are ready to be deployed to production at any time by the operations team, without any unexpected surprises.
Continuous deployment stack
CD pipelines with GitHub Actions, GitHub Packages, Microsoft Azure
Software may be out in the world, but the work isn’t over. Operations teams keep an eye on releases with monitoring tools that measure performance and monitor the impact of code changes. They ensure stability and uptime, gather customer feedback and stay in close contact with developers to push required fixes and address incidents faster.
Netdata, Lightstep, New Relic, App Dynamics, Sentry, Raygun, Honeycomb, Splunk
For complex projects, we begin the planning process with a one-pager. Once development kicks off, the way we track what happens next depends on the individual team. Some teams use JIRA, others track it internally in standups, or some just touch base with discussions.
Building a DevOps culture
Successful DevOps depends on cultural change—adopting a collaboration-first approach to software originally developed by open source teams. In open source, developers encourage transparency, shared workloads, continuous feedback and reviews, and robust documentation. These same best practices are often used as benchmarks for DevOps success in industry reports like DORA’s State of DevOps from researchers Nicole Forsgren, Jez Humble and Gene Kim, and popular DevOps frameworks like CALMS.
Collaboration is at the heart of DevOps. Developers and operations teams regularly communicate about timelines and goals, and everyone is responsible for the project’s success.
As teams work together and share tools, automation supports consistency, reliability, and efficiency across the organization so it’s easier to discover and troubleshoot problems.
Ongoing feedback and open access to repositories encourages collaboration within and outside individual teams. It also promotes InnerSource, the process of using open source best practices to build internal code.
But don’t forget DevSecOps
What is DevSecOps?
Like development and operations, DevSecOps integrates security testing and automation into every part of the DevOps pipeline.
For many practitioners, security was always meant to be part of DevOps. Instead of happening at the end of the SDLC, DevOps security starts at the source: Code. This approach is commonly known as DevSecOps or “shifting left.” Using automated security tools, developers find and address security vulnerabilities as they code instead of waiting for security teams to address them after code has been deployed to production. By empowering developers to take responsibility for security throughout the DevOps lifecycle, DevSecOps allows development, operations, and security teams to find and remediate security issues faster.
You fix it and you move forward, because guess what? It takes you a minute to solve that security issue in development when it could potentially take you hours or days to fix in production.
What can you do with DevOps?
See how high-performing teams put collaboration and automation to work.
Start building your DevOps workflow
Whether you’re ready to dive in or still have questions, we’ve got you covered.