We previously examined the core chronic conflict within IT organizations in the ensuing downward spiral where the accrual of technical debt keeps making everyone's job just a little bit harder. As a result, much of our work becomes unproductive and wasteful. The good news is that there is a better way. In this video, we'll examine the three principles of DevOps and how they enable us to break the downward spiral. These principles enable everyone to contribute meaningfully to organizational goals and ensure the success of the organization in a competitive, rapidly changing environment. Let's start by describing the ideal flow. Small development teams should be able to work independently to implement features, test their work, and deploy their changes quickly and safely. Deployments should be routine and predictable, allowing IT operators to work normal business hours. Customers shouldn't notice changes, except the availability of new features where the seamless resolution of minor issues. Business leaders should be empowered to conduct experiments, such as testing an idea for a new feature to discover how to serve customers better. Perhaps most importantly, business leaders, developers, and IT operators are working together to achieve the organization's goals. Nevertheless, improving flow by itself is not sufficient. We must also ensure that our changes maintain the dependability and security of the system. Thus, fast feedback is also essential. Feedback starts when developers commit changes to the version control system. Automated tests automatically run in a production-like environment, one that is as close as possible to the real thing. These tests uncover failures quickly, which results in faster fixes. Moreover, this feedback comes quickly enough for developers to learn from their mistakes, rather than struggling to debug the code that they wrote months earlier. Despite our best efforts, there will still be failures that impact our production systems. Consequently, we rigorously monitor these systems so that problems are detected quickly. In some cases, our telemetry will alert us to problems before they become customer-facing failures, such as when a change causes our database servers to start thrashing. We mobilize the entire organization when necessary to identify and solve the underlying problem. Any issues are addressed quickly, often by reverting the problematic change. The fast flow of work in constant feedback allows small teams to work safely in a much larger organization. Because individuals are responsible and held accountable for their own work, everyone builds automated testing and peer review into their daily activities so that problems are found as quickly as possible. Instead of waiting for others, self-service portals support the creation of environments on demand. Everyone is more productive because there are fewer interruptions for urgent issues. This environment fosters a culture of experimentation. We form hypotheses that we can test quickly and rigorously. For example, we can determine how much a new design increases user engagement by rolling out the feature to a small set of users and measuring how much more time they spend with the application. We can even go further by intentionally injecting faults into our production systems to see how they will respond. Netflix is famous for making resiliency integral to the design of their systems by randomly killing servers to see how the system responds. When there is a failure, teams conduct a blameless postmortem to identify the underlying causes and how to prevent them in the future. This knowledge is shared across the organization so that others benefit from what we've learned. What I've just described may leave you wondering about the scalability of these DevSecOps practices. Fred Brooks observed in 1975 that adding manpower to a late software project makes it later, partly due to the increased communication and coordination among participants. Fortunately, the right mix of system architecture, technical practices, and cultural norms allow us much greater scalability than previously possible. The 2015 state of DevOps report examined the number of deployments per day per developer to understand how the number of developers affects the frequency of deployments. Among low performers, the frequency of deployments decreases with more developers, as one might expect. Whereas the frequency of deployment stays constant for medium performers, and actually increases for high performers. Stated differently, DevSecOps allows us to maintain developer productivity regardless of the size of the organization, either a small start-up or a technology giant. When we discussed the downward spiral, we mentioned its human and economic costs. It wouldn't be appropriate to conclude this presentation without highlighting the business value of DevSecOps. Fortunately, the impact of DevSecOps has been rigorously assessed. If you're interested in the details, and I recommend Accelerate: The Science Behind DevOps. The lean practices and technical capabilities that underpin DevSecOps directly address the aforementioned costs of the downward spiral. This illustration shows six constructs that have been empirically measured with arrows between constructs indicating a predictive relationship. For example, lean management predicts software delivery performance, which in turn drives organizational performance. As you can see, adopting lean management practices, lean product development practices, and continuous delivery decreases employee burnout. These same practices ultimately improve the performance of the organization. If you remain skeptical, consider the following statistics regarding high-performing organizations that embrace DevSecOps. They are 440 times faster from committing code to deploying that change into production. They deploy changes 46 times more frequently. They are 170 times faster to recover from failures. They have a five times lower change failure rate, meaning that they are 20 percent as likely for a change to cause a failure in a production system. Clearly, these organizations are able to move quickly without sacrificing dependability or security.
