Four Trends from the Enterprise DevOps Summit in Vegas 2022
Last month we attended our first in-person DevOps Enterprise Summit in Las Vegas. IT Revolution organizes the event. That's the publishing company behind titles such as The DevOps Handbook, the Phoenix Project, Accelerate, and DevOps for the Modern Enterprise (written by Accenture's own Mirco Hering). If you have not read any of these, we highly recommend you do!
IT Revolution - Helping Technology Leaders Succeed
DevOps for the Modern Enterprise (itrevolution.com)
GitHub - devopsenterprise/2022-las-vegas: DevOps Enterprise Summit Las Vegas 2022 Slides
We learned and explored a few topics at the conference. These are the latest trends, in our opinion. Let us know your thoughts in the comment section below.
Backstage is on the Center Stage
Companies are investing in developer experience. The new and old rockstar in an enterprise is technology. Because most products are digital or sold digitally, technology is gaining importance. However, the number of skilled people on the market is limited. The significance and shortage let enterprise organizations set the focus on software development. Not only to accelerate product development but also to reduce frustrations.
Backstage is a concept and a tool from Spotify. It is an open platform for building developer portals. Developers can create new software and microservices, features, data pipeline, and more based on templates. In these templates are best practices already baked in. It simplifies life for developers not only for starting new but also for managing existing components and exploring what is newly done by other developers. All of that reduces cognitive overload. And this brings me to our next topic.
Spotify Backstage | Supercharged Developer Portals
From rock stars to the Cognitive Overload
Our time is limited. Our attention is limited. New topics are limitless, but we must understand, validate and manage them. Developers are now the center stage, and we push more and more work and knowledge to these practitioners. We call this shift left. Developers take over testing, security, architecture, infrastructure provisioning, and operations. We do this because we want to accelerate the workflow. When the developer can do everything, the waiting time goes to zero. That's at least the theory.
In many presentations, people were calling out the cognitive overload from developers. The talk from Vanguard hit it home. The structure of products and platforms must help to reduce cognitive overload. Building services on top of platforms, including guardrails, security, and best practices, let developers consume a service by clicking a button. The backstage platform is an excellent example, but just the starting point.
Psychological Safety is everywhere but nowhere
Most companies are cultivating a "Yes, but" attitude. Asking for change, we get the answer, "Yes! But…". For example, "Yes, we understand we should reduce the lead time, but the legacy code forces us to slow down." Or "Yes, I understand we must change, but we do not have time for that." People who don't feel safe, don't want to change. The status as-is is safe.
It felt like each presentation was calling out for psychological safety. But at the same time, no one could point the finger at it. A presentation about psychological safety was missing. We have seen no definitions, recommendations, or any of that. But everybody called out how important it is. In the next DevOps summit, I expect a presentation from Fable+ (full transparency, the company is part of Accenture) showcasing their InsightScan. The tool scans a team in around 20 min. It provides insights to optimize psychological safety and motivation.
Services – fable+ (fableplus.com)
Regulatory Requirements, Audits, and Information Security: Pivot to the SBOM
In May 2021, President Biden signed an executive order to improve US cybersecurity. One consequence is the focus on Software Composition Analyze (SCA), a process that created the Software Bill of Material (SBOM).
The SCA identifies all the components that comprise an application. For example, if you want to know what applications are using Log4J, you can get this detail quickly. It has all up and downstream information and the underlying infrastructure. SCA is more reliable than your Configuration Management Database (CMDB) because it should not require manual updates.
For the SBOM, the industry currently agrees on three formats: CycloneDX, SWID, and SPDV. It includes, for example, information about the supplier, component, version, author, and relationship.
Investments Unlimited - IT Revolution
https://ntia.gov/page/software-bill-materials
Interesting is also what we have not seen. The Cloud was missing. Maybe it's, for most teams, a prerequisite. Perhaps because it was not a cloud convention, but I would have expected it. We see that most teams struggle to get the Cloud's total value. The DevOps concepts are one part of the answer.
In many of the presentations, we felt that the DevOps community had not done an excellent job articulating the benefits to the business departments. But, finally, the investment in automation, the upskilling of our people, and the new tools come from whatever the business is selling.
These are our trends. What is your view? What are the significant trends and new topics in DevOps right now? Could you write us a comment?