Alexis Kestler
In this comprehensive 3000+ word guide, I will dive deep into the new and trending Ops (operations) methodologies that are reshaping IT service delivery. While these approaches have their nuances, they share the common goal of enhancing communication, collaboration, automation, and analytics to achieve velocity, reliability, and customer-centricity. Let‘s geek out on the details!
DevOps – Breaking Silos for Speed and Stability
Of all the Ops trends, DevOps has seen the most viral growth. The tremendous success of “unicorn” tech companies like Netflix, Facebook and Slack catalyzed its adoption. By breaking down walls between developers and IT operations staff, DevOps enables the continuous development and deployment of software.
Central principles of DevOps include:
- Infrastructure as code – managing configs and assets in a GIT repo
- Continuous integration and continuous deployment – building, testing and releasing code changes automatically
- Monitoring and logging – actionable insights into application performance and usage
- Culture of collaboration – bringing dev and ops together as one team
According to the State of DevOps Report, high performing teams who adopt DevOps practices are able to deploy code up to 30x more frequently than low performers. They also have 50% fewer failed deployments and can recover 168x faster.
Additional benefits highlighted in the report include:
- 24x faster time-to-market for new features and fixes
- Improved application stability and security
- Much higher employee engagement and job satisfaction
- Greater alignment between IT teams and business objectives
While DevOps has demonstrated immense ROI, effectively implementing it can still be challenging. For some large regulated enterprises, transforming tools, culture and org structures to a DevOps model takes years. Resistance to change and gaps in skill sets are common hurdles.
That said, the momentum behind DevOps is now unstoppable given the pressures of digital transformation. Research firm Gartner predicts that by 2025, 75% of CIOs will be held directly responsible for mission failure if they don‘t evolve traditional IT practices. Game over for old school waterfall development!
For hands-on DevOps learning, check out resources like the DevOps Institute and online courses.
SysOps – Specialists for Scalable Infrastructure
While DevOps improves the software delivery process, SysOps focuses on efficiently managing the underlying IT infrastructure and systems. SysOps engineers design, deploy, scale and monitor environments like cloud platforms according to ITSM frameworks like ITIL.
SysOps requires deep technical skills across areas like:
- Automated infrastructure provisioning and orchestration
- Performance monitoring, capacity planning and troubleshooting
- Security, access controls and compliance
- Disaster recovery and backup
With the explosive growth of cloud platforms like AWS, Azure and Google Cloud, demand has skyrocketed for SysOps experts. Consider that Netflix runs on AWS, with thousands of virtual servers streaming content to over 220 million subscribers globally. Their SysOps teams allow developers to focus on writing code rather than configuring racks of hardware.
Compared to old school on-prem sysadmins, SysOps engineers rely heavily on infrastructure as code, API-driven automation and cloud-native tools to effectively "scale out." However, challenges remain around monitoring uber complexity, costs containment and avoiding vendor lock-in.
DataOps – Unlocking Value from Data
DataOps aims to help companies accelerate the delivery of analytics by improving collaboration between data engineers, analysts and business users. Core DataOps principles include:
- Treating data as a product, not a byproduct
- Agile governance with reusable data services
- CI/CD for data flows and models
- Metrics-driven – SLAs for data quality and availability
For modern data platforms, a DataOps workflow allows organizations to quickly meet new analytics use cases while ensuring integrity and compliance. As Tamr‘s VP of Data Strategy commented, "DataOps lets users shop for analytics like shopping online…quick discovery to value."
DataOps roles focus on the full data lifecycle including:
- Data ingestion and collection from sources
- Data modeling, mapping, and standardization
- Metadata management – data context and lineage
- Data security, access controls and compliance
- Monitoring data quality and SLAs
Mastercard‘s Chief Data Officer credits DataOps with "delivering insights at the speed of commerce." However, for many companies legacy systems pose challenges to realizing the full potential of DataOps. Beyond just technology, it requires embracing agile data principles across people, process and tools.
SecOps – Embedding Security into Operations
SecOps evolved to help break down siloes between security teams and IT operations. It aims to embed security deep into IT and development processes. Core goals include:
- Shifting security left into the software delivery lifecycle
- Real-time monitoring and rapid response
- Security as code – bake into infrastructure and configs
- Proactive governance and compliance
The guiding mantra for SecOps is evolving from a pure "no" of old school security to a "know" culture focused on enabling business safely. Shared metrics allow security and IT ops teams to align priorities.
Enabling capabilities include:
- Dynamic scanning of infrastructure as code
- Runtime app self-protection and behavior monitoring
- Automated policy enforcement
- Orchestrating disparate security tools into workflows
- Leveraging threat intelligence feeds
Leading companies like Netflix and Salesforce use SecOps to build in layered "defense in depth" based on asset criticality and risk scenarios. According to Gartner, "Security and risk management leaders must incorporate SecOps, DevSecOps and CloudSecOps capabilities into their programs."
However, gaps remain in skilled talent, outdated tools, and immature processes. Fully realizing SecOps requires changes in technology, people and process across security, IT and development teams.
DevSecOps – Driving Security Deeper into DevOps
DevSecOps expands on SecOps practices by driving security earlier into the software delivery lifecycle – the mantra of "shifting left." It aims to make security intrinsic from code commit through production runtime. Core principles include:
- Security automation and testing
- Treating infrastructure and config as code – secure by design
- Continuous compliance monitoring
- Risk-based governance and metrics
DevSecOps expands visibility and control across the continuous integration and deployment (CI/CD) toolchain:
- Plan – Threat models, abuse cases, user stories
- Code – Static/dynamic analysis, secrets detection
- Build – SAST, SCA, license checks
- Test – DAST, IAST, penetration testing
- Release – Policy enforcement, runtime protection
- Monitor – Anomaly detection, SIEM integration
According to a survey from ThreatStack, companies using DevSecOps practices are able to reduce time-to-remediation by 30% or more. Leaders like CapitalOne and Netflix are huge advocates. Analyst firm Forrester predicts over 50% of security leaders will adopt DevSecOps toolchains by 2023.
However, evolving processes, tools and skills for end-to-end DevSecOps remains challenging. For regulated industries like healthcare and finance, change occurs cautiously. Executive alignment and addressing talent gaps are key for successful adoption.
ITOps – Keeping the Lights On
While the previous Ops approaches focus on innovation and velocity, ITOps represents the baseline blocking and tackling required to deliver IT services. ITOps, or IT System Operations, involves:
- Monitoring and troubleshooting infrastructure
- Managing incidents, problems, changes and outages
- Backups, disaster recovery and business continuity
- Scheduling and running production workloads
- Asset lifecycle management
ITOps keeps your lights on by ensuring core IT services are available, performant and recoverable according to ITIL practices. ITOps underpins everything from cloud uptime to laptop rollouts. Mature ITOps capabilities separate market leaders from IT laggards.
However, traditional ITOps relies heavily on manual efforts and tribal knowledge. Teams struggle to keep pace reacting to alerts and issues. Lack of automation, stale tools, and inconsistent processes lead to challenges at scale.
Modernizing ITOps requires embracing areas like AIOps to improve prediction, prevention and resilience. ITOps needs to evolve from reactive to proactive data-driven operations.
AIOps – AI Augmented IT Operations
AIOps adds artificial intelligence and advanced analytics to enhance monitoring, automation and decision making for IT operations. It ingests data streams from diverse monitoring tools and systems to enable:
- Anomaly detection and pattern recognition
- Intelligent alert correlation and noise reduction
- Automated remediation and responses
- Predictive capacity forecasting
By leveraging massive volumes of operational telemetry, AIOps platforms illuminate previously dark areas of IT complexity. Leading tools like Moogsoft, BigPanda and Dynatrace have helped the likes of JP Morgan and Microsoft manage dynamic cloud environments.
According to Gartner, "AIOps platforms enhance IT operations by applying big data, machine learning and other advanced analytics to significantly improve operational visibility and automation." The benefits span noise reduction, faster problem resolution, and optimized infrastructure.
However, AIOps does not aim to replace skilled IT operations professionals. Humans are still needed to train algorithms, investigate issues, assess risks and drive continuous improvement. Even with advanced AIOps, ITOps remains a mission critical function.
NoOps – The ‘Opsless’ Utopia?
NoOps takes IT automation to its extreme – the hypothetical end state of IT operations so automated that dedicated ops teams are no longer needed. With NoOps, developers just focus on code while cloud providers handle all infrastructure management.
This utopian vision is driven by patterns like:
- Infrastructure as code and policy as code
- Declarative versus procedural automation
- Serverless computing and PaaS services
- AIOps and intelligent remediation
NoOps provocatively suggests that modern cloud platforms and SaaS apps require minimal internal IT operations. Just code and pay. However, most experts consider NoOps more fantasy than reality. Even with advanced cloud automation, human oversight remains critical for:
- Incident investigation and root cause analysis
- Custom application support and tuning
- Infrastructure and architecture strategy
- Vender management and financial governance
- Security and regulatory compliance
While NoOps currently lives more in theory than practice, it points to IT Ops needing to continue to evolve from being reactive, manual and siloed to becoming proactive, automated and integrated via approaches like AIOps, SecOps and DataOps.
The Ops of the Future
Looking ahead, DevOps, AIOps and DataOps are seeing the most rapid enterprise adoption – over 50% amongst IT leaders per recent surveys. As competitiveness depends ever more on data and speed, Ops approaches will continue to converge and evolve.
Silos continue to fall as automation, AI and end-to-end telemetry become pervasive. Forrester describes the path for top CIOs as creating "business-aligned, adaptive, and autonomous digital operations."
However, gaps remain in updating skills, tools, metrics and culture to enable modern collaborative Ops. Improving communications and nurturing talent are critical success factors. According to experts, excelling at any Ops approach requires carefully balancing technology, people and process.
The future belongs to resilient, customer-obsessed and data-driven IT organizations. Ops innovation must continue for companies to compete and thrive on analytics and agility. What will the next wave of Ops bring? I can’t wait to see!
