The last book campaign was on “The Phoenix Project,” which is an easy-to-read story about a fictional company’s transformation into the world of DevOps. “Accelerate” is nothing like that, and if you’re a sucker for raw data like I am, then you may enjoy it more.
“Accelerate” details the results of a multi-year study analyzing company’s software development and delivery processes that categorizes them into low, medium and high performers. My goal here is to provide a general view into the book without ruining too much of the fun to see if it’s up your alley.
A question that immediately comes up is as follows: what defines software delivery performance?
Three key indicators were found to positively correlate organization performance, which is defined by an organization’s profitability, market share and productivity. The three indicators were deployment frequency, lead time for changes, and mean time to repair (MTTR).
High performers in 2017 deployed on demand multiple times per day, had less than an hour lead time for changes, and had a MTTR of under an hour compared to low performers’ rate of one deployment a month, a lead time of upwards of a month, and less than a day for MTTR.
We can see that the DevOps processes help organization performance, but the transformation from a low performer to a high performer is much more than just having the right software delivery methodology. Culture also plays a big role, and one of “Accelerate’s” goals was to find a module of culture that was well-defined, can be measured effectively, and would have predictive power.
The book settled on the Westrum model, which predicted that a good culture requires trust and cooperation throughout the organization. Under the Westrum model, these factors lead into higher quality transparent decision-making. When these two conditions are the cultural norms, people are likely to do a better job because problems are discovered and resolved faster. “Accelerate” found this prediction to be true.
The technical process an organization uses can also affect software delivery performance as well as an organization’s culture. Continuous delivery enables companies to push releases out to production safely, quickly and sustainably.
The five key principles of continuous delivery are as follows:
- Build quality in
- Work in small batches
- Computers perform repetitive tasks; people solve problems
- Relentlessly pursue continuous improvement
- Everyone is responsible
To successfully implement continuous delivery, the following organizational foundations must be created:
- Comprehensive configuration management
- Continuous integration
- Continuous testing
The results of continuous delivery will give developers the tools to detect problems, the time and resources to invest in their development, and the authority to fix problems immediately. As such, continuous delivery creates an environment where developers accept responsibility for outcomes, an ownership which has a positive influence on team members’ organizational culture.
The last part I want to touch base on is shifting left on security, which is the idea of building security into your DevOps process. When it is integrated into software development, security will improve software delivery performance at the same time as improving security quality.
High performers were spending 50 percent less time remediating security issues compared to low performers. DevOps adds a lot of new moving parts within an organization’s ecosystem; when there is a focus on security, don’t forget to put extra scrutiny on things like your continuous integration tools that have privileged access to your environment.
If a malicious payload were added to one of your automated build scripts, would you know?
Continuous delivery architecture and management practices also play a vital role in becoming a high-performing team, but I’ll leave those topics for you to explore. I’ve only touched the tip of the iceberg on the details available, so if you are pondering how any of the conclusions were determined or just want more detailed information on any of the topics above, then I recommend picking up a copy of “Accelerate.”
If you are exploring how to shift your security left within DevOps, check out Tripwire for DevOps, a new SaaS offering that allows you to push a container image to a Tripwire repository and then launch the image in a sandbox for vulnerability checks prior to the image being deployed in production.
More information can be found here.
Also, Tripwire is hosting a special webcast on August 21 titled “Leading a DevOps Transformation.“ Join us and the authors of Accelerate to learn how to help your organization achieve higher levels of performance whilst ensuring security is a continuous aspect of the process. You can register here or click on the image below!