It’s an old story: DevOps’ need for speed and agility clashes with IT’s need for security and control. Striking the right balance between control and agility is key to fostering a smooth relationship between DevOps and IT.
Many enterprises have achieved this balance by implementing a self-service IT model. In a self-service environment, IT creates a pre-approved catalog of resources that developers and engineers can access themselves, regardless of where they are, through a single portal. These resources might include storage, compute, networking or multi-tier app stacks. Thus, DevOps can get the things they need on their own, when they need them, avoiding the IT bottleneck while IT still maintains control.
This gives DevOps the speed and agility they want while allowing IT to maintain control. IT can place guardrails on resources, such as role-based access controls and permissions, usage quotas, cost controls, security and compliance measures. IT can also set up approval workflows to ensure visibility and management. DevOps increases efficiency and expedites time-to-market. They will also be much less likely to go around IT and procure the resources they want on their own, such as spinning up public cloud resources with a credit card. This kind of activity leads to unauthorized apps and resources running in the background without IT’s knowledge – otherwise known as shadow IT – which can create significant security vulnerabilities and cost overruns.
So, the balance between DevOps and IT, the yin and yang of speed and control, is attained. All is well in the kingdom, right? Not exactly. While self-service IT is essential, it needs to grow more intelligent to remain effective.
Hybrid cloud environments are changing rapidly. As helpful as most current self-service IT systems may be, a multi-cloud strategy will continue adding more layers of complexity to IT infrastructure management. While a prudent enterprise will automate as many cloud management processes as possible and have stringent guardrails in place to enforce cost and security policies, there is still plenty of room for things to go wrong when you have multiple engineering and development teams consuming cloud resources in a rapidly-changing environment.
When various combinations of resources are provisioned in ways that IT didn’t foresee, or new tools are added that didn’t exist when existing policies were drafted, you have an environment that’s susceptible to misconfigurations and inadvertent security risks. Furthermore, tools and resources available to DevOps via the self-service portal may become outdated or not be as effective or useful as they once were. If IT hasn’t replaced or upgraded them yet, DevOps might still be tempted to go outside the system to get what they need.
Staying on top of the evolving challenges in hybrid cloud management will require a new, more intelligent approach to self-service IT. This approach will further empower DevOps and assist IT by embedding greater awareness into decision-making processes across the organization.
Say, for example, a developer writes a piece of code. Unbeknownst to the developer, something they just wrote in the code could potentially create a security vulnerability. The old way of preventing cybersecurity breaches resulting from flawed code entails top-down, more centralized security scans or reactive audits.
The new, more proactive approach would leverage an advanced automated alert and visualization system that informs people about the impact of the decisions they’re making, as they’re making them. In the example above, the developer would automatically receive an alert about the security issue in the code so it can be rectified right then and there, before resource deployment.
Similarly, this shift-left-and-rectify approach can be applied to cost control and compliance issues, as well. If resources are being provisioned sub-optimally and would incur unnecessary expenses, DevOps would be automatically alerted to the oversight and presented with a cheaper option. IT can make the solution even more cost-effective by allowing developers to take direct actions from the platform, instead of going to various portals. (According to the FinOps Foundation’s State of FinOps 2021 report, 39% of engineers do not currently have the necessary tools to take these actions). This type of intelligent automation can also ensure regulations and standards such as PCI-DSS, CIS and the AWS Well-Architected Framework are always adhered to.
While traditional self-service IT systems still serve a vital purpose, these types of proactive cloud management and optimization initiatives will keep self-service IT agile and able to adapt to rapidly changing conditions. By embedding greater awareness into decision-making across the enterprise, DevOps functions even faster and more efficiently, and IT maintains even greater control. Hybrid cloud environments can be managed more intuitively and with greater confidence that misconfigurations and oversights that lead to security issues, cost overruns, and compliance risks will be intelligently and continuously remediated. The yin and yang endures.
