Key Takeaways from Continuous Discussions(#c9d9) Episode 93: 2018 Review and 2019 Predictions

In a recent episode of the Continuous Discussions (#c9d9) podcast, we reflected on major DevOps trends and looked ahead toward the new year. We discussed the driving forces in the DevOps during 2018 and how we foresee the industry shaping for the year to come. The conversation also covered resolutions for the DevOps industry to focus on. We were joined by an amazing group of analytical and research-focused panelists.
The panel included: Mike Kavis , Chief Cloud Architect, Deloitte Consulting LLP’s Cloud Practice; Jayne Groll , Co-founder and CEO, DevOps Institute (DOI); Charles Betz , Lead DevOps Analyst, Forrester; Jay Lyman , Principal Analyst, 451 Research’s Applied Infrastructure & DevOps Channel; and, CloudBees’s Sam Fell and Anders Wallgren .
Continue reading for some of the top takeaways from the discussion!

A Look Back at 2018

DevOps has moved beyond the fundamentals of automation, according to Kavis , “I've been with working with clients on DevOps since 2015 and it used to be all about CI and CD. Now, it’s gone beyond that and into, ‘What's a new operating model look like? We're now in the cloud but now it's chaos, we don't know how to run this stuff.’ It's more about people, processes, and leadership.”

The past year was pivotal according to Groll , “I think we saw a little bit of pivot. Up until 2018, as we saw industries move over to the enterprise space, there was a lot of talk about what is DevOps, what is a definition that people could wrap their heads around. Is it the same as continuous delivery, is it bigger than that, is it smaller than that? I think in 2018 we stopped asking the question of what DevOps is and started to ask the question of how we do it.

Betz noticed some big changes while talking to prospective customers, “They were way more educated this year than previous years about Agile, DevOps, and CD. There's still a lot of confusion about the overlap, how these things interact, what comes first, what's an overall issue, and what's a niche issue. But we see a way more educated consumer than a year ago.”

Lyman talked about the impact of major acquisitions, “We saw the consolidation in Cloud-native applications. We started the year with Red Hat's acquisition of CoreOS, then, we had the IBM acquisition of Red Hat, and VMware's acquisition of Heptio. That has some big impacts in terms of talent and customer reaction. That's something interesting to see and spoiler alert, I expect to see more of that consolidation in 2019.”

Wallgren noted the struggles with legacy architectures, “I think a lot of people are realizing that application architectures, especially existing applications, can really hinder you in adopting these things, both from a technology point of view, from a process point of view.”

What’s Next for DevOps in 2019

Forrester had predictions for 2019, and Betz shared his favorite, “We predicted that in some cases mean time to recover (MTTR) is going to start going up. I've had anecdotal evidence from some big companies who say MTTR is moving in some directions that are surprising to people. I'm wondering if this is the leading edge of the automation paradox where it's great that we're squashing bugs quickly, we’re automating the heck out of everything. But what's left for the people to do? All the hard things. So, you start to find that any given incident or issue or defect is a zero-day phenomenon, you've never seen it before and so your tier 1 and your tier 2 staff have no clue because there's no knowledge.”

Wallgren talked about what will be relevant next year and, in the future, “Kubernetes is the new operating system. What's relevant is how do I store state, how do I manipulate state, how do I scale up, how do I scale down, how do I get my stuff in and out. Those are the things that really matter, and whether that's Linux, Windows, mainframe or whatever.”

Kavis talked about his prediction for the cloud, “You have to be crazy to do machine learning and AI yourself when you can just access APIs on the cloud. I think those types of servers are going to drive more or all the public cloud movements from large enterprises because people are going to be focusing on plumbing with hybrid. A lot of times it's hybrid for the sake of hybrid, not because this is a business reach. It's because people don't want to let go of control.”

Lyman ’s prediction centered around the growing appreciation and understanding for secure code, “I think the DevOps security trend is going to really take off next year, driven by high profile incidents, breaches, and vulnerabilities. We did survey work and most organizations are keenly aware that they need to include security tooling in their CI/CD release process. The survey showed that about half of a large enterprise CI/CD workflows include any security tooling at all. So, it's a little bit of a glass half full, half empty depending on how you want to look at it.”

2019 will be operations’ year for the spotlight, says Groll , “If you look at DevOps from its early days, it was kind of like press the button or the button presses itself, you deploy and you start again, and there are a whole bunch of people like me standing on the mountain going, ‘Now what? That's great we deployed. How do we operate this?’’”

In 2019 I will...

Kavis emphasized the importance of people and process going forward, “We need to push the message to focus on value instead of technology. We also need to push the message that you need to invest in organizational change management, human capital type activity, because the technology can only take you so far. I think we need to get out of our tech beanie hats and start thinking about the hard stuff, the people and process.”

Inspiration is a key term for the DevOps community to focus on from Groll ’s perspective, “How do we start to create the human aspect of, ‘how do we do this?’ Because that's hard. We can buy tools, we can implement tools, we can learn new technology. Transforming people, that's really, hard because they have opinions. In today's talent market, they're so busy jumping jobs that you transform one and they go take it to somebody else.”

The security people need to be in the same room as the DevOps and data analytics people, says Lyman . “When we look at half of CI/CD workflows in the enterprise not having any security tooling at all, there's room for improvement. Hopefully, we'll start seeing people that are working in these different domains that include security and data analytics and database administrator. And our research indicates that that is happening, but I think the speed at which it happens will depend largely on how many high-profile security incidents we have and those types things as any time that happens, that drives that security thinking.”

Betz also emphasized the importance of security “I’m extremely concerned that we're going to see a very high-profile compromise of a digital pipeline involving GitHub and tooling of various vendors we all know and love. I think about a fundamentally compromised CDRA pipeline when it's been scaled out across an enterprise, it's an extremely scary thought. And we've got a position that it may not happen, and I'll be glad if it doesn't, but we're on the record with the prediction that this will happen to somebody and it won’t be pretty.”

Wallgren added to the security resolution, “We're not taking all the steps we need in order to prevent it or even to detect. You must tell the story of how it happened, what the problems were because that's a teaching moment and you don't get those very often at that scale. I just hope that that happens more and more.”

Watch the full episode: