Introduction to Contino Research Report: DevOps Maturity in the Enterprise
How mature are DevOps practices in regulated enterprises?
Contino has first-hand insights into DevOps maturity at major banks, insurance companies, public sector organizations and other large, highly-regulated enterprises.
Our latest research report – DevOps Maturity in the Enterprise – presents an overview of the data gathered from DevOpsMaturity.com – Contino’s tool for self-assessing your DevOps maturity. The tool presents the user with a series of questions regarding the maturity of their people, process and technology. Respondents are asked to select on a scale from 1–10 (1 represents ‘Strongly Disagree’, 10 represents ‘Strongly Agree’) to assess the organization’s capability.
We analyzed the data of 100 assessments from 72 enterprise organizations who have used the tool to assess their own maturity over the last 12 months.
Here are the high-level results across the three key assessment areas: people, process and technology.
Assessment AreaAverage Maturity
(1 = completely disagree;
10 = completely agree)[People] Skills4[People] Culture5[Process] Agile Practices5[Process] Organizational Design4[Process] Security and DevSecOps2[Technology] Architecture4[Technology] Continuous Integration6.5[Technology] Continuous Deployment5[Technology] 12 Factor Application5
The report explores what these data tell us about DevOps maturity in the enterprise. In this blog, we’ll have a look at the high-level findings!
Introduction to DevOps Maturity in the Enterprise
The insights from this inaugural DevOps Maturity report reveal a generally immature software delivery landscape in the modern enterprise.
Very few respondents are prepared to even tentatively agree that any part of their DevOps setup is mature. Only one assessment area (Continuous Integration) scores above 5 (a 6.5 on average). The rest are 5 or below, painting a worrying picture for enterprises that are increasingly feeling the pressure to accelerate their digital innovation capability.
The technology arena scores higher than people or process, pointing to a common (but problematic) bias toward trying to fix problems first with technology, rather than dealing with the messier areas of culture, processes and skills. Skills, in particular, score poorly across the board.
The lowest scoring assessment area is security and DevSecOps. It seems that security remains an ‘afterthought’, considered only at the end of the software delivery cycle, rather than being embedded at every stage as per DevOps best practice. Given the ever-rising tide of breaches and hacks, this is an area that needs immediate attention.
The results also suggest that even where DevOps practices have been implemented structurally (e.g. cross-functional teams), silos still exist between Dev and Ops, as well as between engineering and InfoSec. This suggests that these DevOps practices have been imposed from the top-down, with the bottom-up cultural elements lagging behind (hence the stubborn silos). The result is that, ultimately, respondents report that DevOps is currently not delivering what it is supposed to: secure code!
There are, however, also promising signs that a solid foundation is in place. With the exception of security, respondents gave at least small indications of incipient maturity in all areas. While there is still a long way to go, the foundations are nearly in place.
Key findings:
- The report reveals that overall DevOps practices are generally immature – only one area scores above 5
- Enterprises are best at transforming technology, however people and processes remain poor - especially in terms of security
- Engineers are skilled but lack specific DevOps skills
- Respondents report very low levels of prior DevOps experience in their teams
- Companies are still struggling with silos despite attempts to create cross-functional teams and to foster collaboration
- Security drastically needs improving!
- Where DevOps processes are in place, they do not seem to be delivering the hoped-for business outcomes
- However, there are encouraging foundations in place on which to build a truly mature DevOps function
The report suggests that digital transformation in the enterprise is very much a work in progress. There is evidence from many areas of the IT business that progressive elements are struggling to get away from deeply-entrenched traditional ways of working. And, so far, it’s not quite working.
What’s to be done?
Enterprises often struggle when they overlook the importance of combining all three pillars of DevOps: people, process and technology. They concentrate on one (almost always technology), forget the others and then fail. It’s at this point that they realize that reading the books and articles wasn’t enough. What they actually need is a hand from someone who has done this before.
It’s worth noting that respondents strongly disagreed with the assertion that they had anyone on their team who had prior DevOps experience (they gave an average score of 1). Such experience is crucial to be able to spot the various gaps, identify any functional silos within the organization and decide how best to move toward product-focused and cross-functional teams. The technology part comes with locating the gaps in automation, i.e. identifying what’s still being done manually and eliminating those inefficiencies, in so far as is feasible.
Overcoming the silos is crucial. Here, setting incentives that are more business-driven is critical because it helps teams think the right way. For example, imagine that there are a number of siloed teams: database, cloud engineering, release management, etc. All these teams should be incentivized toward a common business goal, rather than only thinking about their own silo. This also gets teams talking to each other, as reaching that common business goal involves different teams.
Lastly, crucial for all of the above is finding the right people that have the right mindset, skillset and the willingness to change and working with them closely.
To self-assess your own DevOps maturity, visit www.DevOpsMaturity.com.