With the advancement of digitalization in various industries, enterprises are gradually increasing their demand for agility, and the demand for agility is not only limited to IT architecture, but also the demand for agility in software development and deployment. At present, we have entered a new era of "only fast and unbreakable".
In this era, many enterprises want to quickly see the results of business transformation through agile innovation. Against this backdrop, DevOps is becoming a driver of core business growth, not only automating, but also helping developers deliver software faster and with security.
In the current digital era, DevOps has become an important means for enterprises to pursue continuous delivery and quickly respond to market changes. As a software delivery approach that integrates development and operations, DevOps emphasizes collaboration between teams, cultural convergence, and technical practices.
According to the 2023 DevOps Report, more than 80% of enterprises worldwide are already adopting DevOps. This shows that DevOps has become the standard in the software development industry, and enterprises want to improve the speed and quality of software delivery by implementing DevOps.
According to the data in the 2023 DevOps Report, more than 90% of enterprises that have adopted DevOps say that CI CD has helped them reduce their lead time. At the same time, 70% of these companies say that CI CD improves software quality. This shows that the implementation of DevOps can significantly improve the speed and quality of software delivery for enterprises, so as to better meet customer needs and market changes.
In addition, DevOps can also help enterprises achieve the goal of "reducing costs and increasing efficiency". Based on DevOps' emphasis on development and O&M collaboration, O&M costs can be reduced and efficiency improved through automated tools and processes. According to the survey data, more than 80% of enterprises that have adopted DevOps say that DevOps has helped them reduce their operation and maintenance costs. At the same time, 70% of these enterprises say that DevOps has improved operational efficiency. This shows that the implementation of DevOps can help enterprises reduce operation and maintenance costs and improve efficiency, so as to better control costs and improve the competitiveness of enterprises.
Jim Mercer, research vice president of DevOps and DevSecOps at IDC, said: "IDC's latest DevOps research, DevOps Practices, Tools, and Awareness Survey, shows that platforms are being used more broadly to improve productivity, security, and collaboration. In addition, as the enterprise continues to shift left, more of the work will be left to developers and DevOps teams, who can accelerate this shift by providing DevOps and platform engineers with an integrated platform that streamlines development and security processes, helping enterprises deliver trusted software. ”
The development status of DevOps platform in different industries is also different, Dong Renyuan, general manager of JFag Greater China, said to Ti ** that based on JFrault's existing customers, the financial industry is the industry with the greatest demand for DevOps platform, "because the banking industry itself focuses on security, high availability and 'two places and three centers', and the business must not be interrupted, and there must be no downtime." The DevOps platform can well meet these needs of users in the financial industry, so at this stage, the financial industry has the greatest demand for the DevOps platform. Dong Renyuan pointed out.
At the same time, Dong Renyuan also said that from the perspective of development, the automotive industry will be the next explosive growth of the application scale of the DevOps platform, "The automotive industry and the financial industry are relatively similar, especially the rapid and good development of China's new energy vehicle technology, many new energy brands have emerged, and these car companies are basically going abroad for further development." If our car companies want to export to the EU, the EU needs all car manufacturers in China to provide software bill of materials (SBOM), and the DevOps platform can generate a software bill of materials by scanning all the best software bills of materials with one click, and the generated software bills of materials can be directly submitted to the EU for review. Dong Renyuan emphasized.
It is not difficult to see from the industries where the above two DevOps platforms are widely used that users who have a large demand for DevOps platforms also attach great importance to security. Of course, in this era where data has become an important asset for enterprises, security has become a prerequisite for everything.
In recent years, with the increasing use of open source software, attacks against open source software have begun to surge, and enterprise developers have encountered many new challenges. For example, the number of CVE vulnerabilities against NPM is increasing year by year, and the number of attacks against NPM malware packages is increasing every month, and the number of attacks against NPM malicious packages has basically reached more than 6,000 attacks in the first half of 2023.
With the increasing complexity of software systems and the increasing importance of data, security and reliability have become important concerns in the digital transformation of enterprises. The implementation of DevOps can help enterprises strengthen the security review and security protection of the system to ensure the security and reliability of the software system. At the same time, DevOps can also reduce human error and error by automating tools and processes, and improve the stability and availability of software systems.
According to Wang Qing, Technical Director of JFag China, since 2022, CIOs of enterprises have begun to pay attention to how to integrate DevOps and security components, "Many enterprises have bought a lot of security scanning tools, but security personnel have found that these security scanning tools cannot be combined with DevOps processes, and even the scanning of security tools prevents the rapid release of DevOps processes, which is a pair of contradictions. How to combine these two teams to better collaborate is a big challenge faced by major industries, companies and large enterprises. Wang Qing said.
It is worth noting that JFath, which saw the market demand, recently released a lot of new features and new products, which mainly focus on solving a series of problems such as "security shift left" of enterprises. In Wang Qing's view, supporting developers to scan in the pipeline and achieve "security shift left" is also a major trend in the integration of DevOps platforms and security components in the future. Wang Qing also put forward his own perception of the current enterprise "security left shift" is not doing well, he said that the manifestation of security left shift is that developers can use third-party software at will. In this case, it is difficult for the CIO or security leader to manage the security, and if the security control is implemented, the manual approval of the open source components of the enterprise will greatly hinder the progress of their delivery. So, these points are one of the reasons why traditional safety shifts left can't move, because they lack the ability to automatically block a safety based on the artifact library. Wang Qing emphasized.
At the same time, in Wang Qing's view, in the future, security scanning at the artifact library level is a general trend, he pointed out, "traditional scanning tools need to send packets by email or FDB and copy them to the scanning server for scanning, and there will be a 'chimney' problem in this mode - DevOps information and security information are two chimneys." ”
In the JFrault platform, the DevOps information and security information of the artifact are aggregated and integrated as a whole, so it is a 'dimensionality reduction attack' to the traditional vulnerability scanning tools. Wang Qing said to Titanium**, "We prevent the use of vulnerabilities in the case of the left-most shift, and we can block the remote repository, which is currently only a function that JFud can achieve." ”
Looking ahead, DevOps will pay more attention to security, including strict review of the security of the first and strengthen the security protection of the system. At the same time, reliability will also become an important indicator of DevOps to ensure the stability and availability of software systems.
After achieving security, the next step is how to improve the capabilities of the DevOps platform to provide users with a better experience. This year's popular large model, under the banner of "reconstructing all industries", has almost swept the whole industry, and for the DevOps field, the large model also has a lot of room to play.
In Wang Qing's view, large models can help CI CD automation "go to the next level", "because once its deployment method is standardized, the model can automatically generate the corresponding ** scripts." Wang Qing explained.
At the same time, with the emergence of more and more AI and machine learning models, there is also a need for a platform with integration capabilities to help AI really land. IDC research shows that the global AI (artificial intelligence) ML (machine learning) market, including software, hardware, and services, is expected to grow by 196%, more than $500 billion. However, as more ML models are put into production, end-users often face challenges in terms of cost, lack of automation, lack of expertise, and the ability to scale.
Deploying an ML model into production from start to finish takes a lot of time and effort. Even in production, users face challenges such as model performance, model drift, and bias. "As a result, having a single system of record that helps automate the development, ongoing management, and security of ML models, with all other components packaged into the application, provides a compelling alternative to optimizing processes." ”
To address these needs, JFroth sees a new track, and Dong Renyuan said that the new ML model management capabilities in the JFraiser platform align AI delivery with existing DevOps and DevSecOps practices to accelerate, secure and manage the release of ML components.
Titan** noted that in addition to JFag, there are many domestic and foreign services such as VMware, AsiaInfo Technology, Jiawei Blue Whale, etc. It is reported that VMware is using a new next-generation transcendence DevOps concept and way to manage, release the management method of the platform as a product, build the IT system through the platform concept, and promote it accordingly.
From the perspective of the industry, in July this year, the first national standard in the field of DevOps in China - "System and Software Engineering Development and Operation and Maintenance Integration Capability Maturity Model" was also officially released. It is reported that this standard will provide an important standard basis for subsequent domestic organizations to promote the integrated delivery model of DevOps development and operation and maintenance and establish a corresponding capability evaluation system.
DevOps has become one of the important choices for enterprise software development, both from the perspective of enterprises and industries.
DevOps will also play an important role in the digitalization of enterprises in the future based on its capabilities and features that improve the speed and quality of software delivery, reduce operational costs and improve efficiency, facilitate team collaboration, enhance security and reliability, and enable agile and flexible responses. Enterprises actively promote the implementation and application of DevOps, which also helps to adapt to the rapidly changing market environment and technology trends, and enhance the competitiveness and innovation ability of enterprises. The mutual promotion and development of DevOps and large models will also achieve a "win-win" situation.
(This article was first published in Titanium**app, written by Zhang Shenyu).