DevOps principles and practices for a successful engineering team

Welcome to the CircleCI guide on the essential principles for leading a high performing DevOps team. In this guide, you’ll find relevant resources to help your team cultivate a DevOps culture that allows for informed decisions and maximum operating efficiency.

What is DevOps and why is it important?

Many teams are now making the move to DevOps, and there is a good reason: using DevOps practices helps enable teams to be more responsive to market changes. They can deploy code more quickly and more safely, and with less fear of breaking production.

But switching to DevOps is not an either/or proposition. DevOps is a mindset of bringing operational knowledge to development, yes, but it also comes with a panoply of processes, approaches, and ways of using tools that set it apart.

Cultivate a DevOps team environment, before buying all the tools

DevOps is the latest in a long succession of problem-solving processes that each come with a digital garage full of tools: CI/CD systems, testing frameworks, monitoring tools, and security audit tools to name a few. But applying a DevOps mindset before tool adoption is essential.

Before moving to DevOps, ensure your team is aligned on the following:

  1. Everyone is on the same page with respect to what you’re trying to achieve with this transformation. Everyone should agree on the problem you’re trying to solve, and that you are aligned on the pain points.
  2. Start small. Don’t try to make the entire organization into a model DevOps team overnight. Instead, start with one team, and see if the process changes work within your organization.
  3. Always measure. Before you start any improvement plan, get accurate metrics for where you’re currently at (i.e. our dev cycle takes X time). Then once you’ve implemented changes, you can measure their effectiveness.
  4. Do not try to automate everything at once. One misconception about DevOps is that all the infrastructure provisioning and configuration management must be done automatically. This is referred to as “infrastructure as code (IaC).” IaC practices are designed to support applications at scale. Try automating the building and testing of your application before automating sophisticated deployment scenarios.

For more information on DevOps culture and tooling, see: Moving to DevOps: what tools do you really need?

For more information on Infrastructure as Code, see: How do I use Infrastructure as Code?

Get DevOps buy-in from management

Getting your manager to say ‘yes’ to new DevOps tools can be challenging. Use the following tips to approach getting new tooling approved:

  1. Emphasize the problem, not the tool. Before any conversation begins, we need to identify the action item. No manager wants to have meetings that don’t have actionable insights.
  2. Use relevant data to support your need. Developers are pros at generating data, so include some specific stats in your ask.
  3. Get buy-in from your team’s least likely fan. It is important to loop in others who are going to be affected and who are likely to have opinions about the new tool.
  4. Demo the tool and invite questions. Ask your team if they see any issues down the road that introducing the tool may create.

For further information and tips on approaching management read: Getting your manager to say ‘yes’ to DevOps tools.

Use DevOps to increase security

CI/CD pipelines are a critical piece of your technology stack where your infrastructure has access to many different resources, from development and production environment to analytics keys and code signing credentials. The more resources your pipelines have access to (secure secrets, proprietary code, databases, etc.), the more important it is to keep your CI/CD system secure.

How do you secure CI/CD pipelines with DevSecOps? We recommend implementing security best practices from the following three solutions:

  1. Secure pipeline configuration - It is possible to use your CI/CD pipeline configuration to make security issues less likely to happen. (check out CircleCI orbs).
  2. Code and Git history analysis - Take time to identify secrets that have been committed to the codebase so that you can deactivate and replace them.
  3. Security policy enforcement - Some security aspects can’t be statically checked based on known vulnerabilities, but rather are specific to your particular company, and therefore need to be codified as policies.

To learn more about adopting a DevSecOps methodology download this ebook, Ultimate guide to CI/CD security and DevSecOps.

Set meaningful DevOps goals for your team

When it comes to team success, finding the right DevOps metrics to measure is crucial. While there is no universal standard that every team should aspire to, our data and the 2020 DevOps software trends we’ve seen play out on our platform show that there are reasonable benchmarks for teams to set as goals.

Learn how to measure DevOps success with four key benchmarks for your engineering teams

Ultimately, your ability to measure your baseline and make incremental improvements on these metrics is more valuable than chasing “ideal”.

Download 2020 State of Software Delivery: Data-Backed Benchmarks for Engineering Teams to find out how you and your team can amplify your software delivery going forward. Download the report here.