DevOps, DevSecOps, SRE - what is it, what's next
DevOps, DevSecOps, SRE - they are all approaches/methodologies in the world of software engineering and I.T. operations which focus on the efficient development, deployment and management of software applications. They emerged and evolved in the last decade to meet the changing needs of the software development and IT operations.
DevOps
Before DevOps, there was little collaboration between development and operations, and these two disciplines were treated distinctively. Considered a traditional approach, it was prone to create silos - with each team acting independently, with different priorities, at times miscommunicating requirements, and so on - which often would come to hurt the business relying on the IT systems by delayed deployments, difficulties in handling issues, lack of visibility over the healthiness and the behavior of the systems, etc
2000's - Agile comes into play
Agile came into play in the 2000's as a new software development methodology which emphasized collaboration and continuous improvement in the Software Development LifeCycle (SDLC). Until that time, the software development generally was following traditional processes, like goods manufacturing, and, as the software industry expanded and evolved, a rupture got to become necessary with approaches created around the software industry's needs, rather than forcing approaches from unrelated domains - as in the traditional way.
Heavy-weight developers like Kent Beck, Ward Cunningham, Martin Fowler, among others, began to meet and discuss new approaches and they come up with the Agile Manifesto, which outlined 4 values (and 12 principles)
- Individuals and interactions over processes and tools.
- Working software over comprehensive documentation.
- Customer collaboration over contract negotiation.
- Responding to change over following a plan.
Then, DevOps is born
Agile was helping breaking down silo's in the SDLC, however, it was not fully addressing the challenges of coordinating and integrating software development and IT operations.
DevOps emerged in the mid-2000's in response to the need for a closer collaboration between development and operations, as organizations begun to realize the benefits this approach would bring.
Throughout the years, DevOps got to become a methodology that combines Dev and Ops in a single and integrated approach to software development and delivery. It focuses on automation, continuous integration and deployment (CI/CD), and agile practices to improve software delivery speed and quality. The primary goal of DevOps is to ensure that software is developed and delivered to end-users as quickly and efficiently as possible.
SRE - Site Reliability Engineering
SRE is a methodology for managing and operating large scale and complex software systems, with a special focus on reliability.
It was created by Google in early 2000's to address the challenges of managing their large-scale and heavily-complex software systems, and it was popularized by the book "Site Reliability Engineering: How Google Runs Production Systems."
Overall, it emphasizes the use the use of automation, monitoring and testing to ensure that the systems are reliable and performant while the primary goal of SRE is to create scalable, reliable and efficient systems able to handle high loads, and minimize downtime
But, isn't it DevOps?
In short, DevOps and SRE share many similarities, but in some key areas they diverge. They both focus on automation, collaboration, continuous improvement, monitoring and agile principles. However:
- Focus: DevOps’s primary focus is on continuity and speed of product development. SRE’s focus is on the system’s reliability, scalability, and availability.
- Scope: DevOps has a broader scope. It encompasses all aspects of the development and delivery, while SRE is focused on the management and reliability of large-scale and complex systems (yes, in DevOps, reliability is a key point, but it's not the main focus)
- Process Flow: while DevOps has the perspective of the development environment and delivering into production, SRE has the perspective of production to ensure that the systems work flawlessly at large scale and that the product environment is properly monitored
What about DevSecOps?
Well, DevSecOps is an "extension" to DevOps. It places a greater emphasis on the security aspect throughout the SDLC, and it integrates security in every phase of the development and deployment - from design to production.
It's main focus as methodology is to treat security as a critical component rather then an afterthought, in order to reduce security vulnerabilities, increase compliance, improve the overall security posture of the organization, etc.
Historically speaking, throughout organizations, the proneness to silo-ing was manifesting in the security aspect too, as it tend to be considered a separate function, with security teams only getting to review software applications once they were completed, thus raising challenges to address security concerns. DevSecOps emerged in response to this challenge, with the goal of integrating security in the DevOps process, and making it an integral part of the software development and delivery.
What's next?
Well, in IT, methodologies tend to have a high volatility, and the evolution of the present-day practices will certainly be shaped by the ongoing evolution in technology and the changing needs of the industry.
However, I personally think that methodologies which focus on collaboration, automation and continuous improvement have strong roots in the industry, and, for the time being, DevOps and SRE will mostly stay and we will witness the emergence of variations on those methodologies to address specific needs. Probably, at some point, there will be a rupture due to the weight they will gain, but not in the near future.
One example of this variation is obviously DevSecOps, which comes to address the increasing cyber security threats. Other variation examples, more obscure, are:
- BizDevOps - aligning business goals with DevOps processes
- GitOps - infrastructure management with Git as primary interface
We will have to see how AI and machine learning will be integrated, and how DevOps and SRE will adapt their workflow and tooling - I think the first widely adopted integration will probably be at the observability concern.