By Brian Wald, Head of Global Field CTO org at
GitLab
Most development teams have experienced the productivity gains of
adopting DevSecOps methodologies and the corresponding tools and processes.
Recent research has found that C-level executives identified faster iteration,
better code quality, improved operational efficiency, and more secure
applications as the top benefits of implementing DevSecOps.
As DevSecOps adoption grows, many organizations want to capture
this momentum and identify opportunities to improve developer productivity and
efficiency without sacrificing software quality and security. One valuable step
in capitalizing on productivity gains from DevSecOps is to incorporate platform
engineering into development workflows.
Platform engineering is the practice of implementing a customized,
unified infrastructure to route DevSecOps teams through self-service systems
and workflows. Platform engineers have a broad set of skills, from experience
with automation to infrastructure as code, cloud deployments, Kubernetes, and
secure coding practices. They work closely with the DevSecOps team to tailor
their chosen platform to the organization's needs.
Building platform engineering practices into existing DevSecOps
workflows can enhance developer productivity and satisfaction by standardizing
best practices, tools, and architectural patterns. Platform engineering can
alleviate some of the burdens that the shift left movement has placed on
developers' shoulders while ensuring consistent application of security
measures, accelerating time to market, and maintaining compliance with
regulatory standards.
Improving efficiency and productivity
Platform engineering helps ensure that developers can spend their
time delivering value through coding, testing, and reviews rather than tooling
and setting up their application environments. It also allows teams to optimize
software delivery by identifying efficiency gaps and areas of improvement,
comparing performance across teams, and sharing best practices.
By streamlining workflows, teams can increase their development
velocity, reduce repetitive, manual tasks to focus on more valuable work, and
minimize human error with automation. Teams can gain these benefits by:
- Customizing
monitoring tools to determine when and why bottlenecks occur
- Incorporating
pipeline efficiencies, such as custom code related to an organization's
infrastructure or a specific application
- Customizing tools
such as automation scripts for CI to fit the organization's particular
needs
Maintaining secure and compliant workflows
Teams can also use platform engineering to incorporate security
policies and best practices across the organization. Organizations can ensure
regulatory compliance and manage policies to control software quality and
integrity by implementing granular user roles and flexible permissions with the
least privileged access.
Platform engineering principles can codify training, policies, and
checks and balances to make building secure software more efficient and
consistent. For example, teams can configure security and compliance policies
to ensure that scans run at specific times or points in the development
process, set up checks and balances for regulation enforcement, and run regular
security audits.
Facilitating collaboration and removing silos
DevSecOps workflows should facilitate collaboration between
developers, operators, and security teams. Platform engineering can strengthen
this effort and give team members more time and resources to work together.
Teams can work toward a more collaborative culture by innersourcing and reusing code, breaking down
silos to improve collaboration, and creating flexible pipelines that scale
quickly.
Some ways to incorporate these principles include:
- Creating pre-built
workflows to make building CI configurations easier
- Documenting and
enforcing organizational best practices
- Setting up and
customizing platform templates to standardize pipelines
- Ensuring that all
teams have access to critical tools, such as vulnerability scanning and
access management, that can help drive their workflows
DevSecOps and platform engineering are adjacent concepts with a
shared goal of empowering developers and improving efficiency and security. A
DevSecOps platform can serve as a framework for platform engineering, while
platform engineering can optimize a DevSecOps tool.
Platform engineering can be a valuable and complementary partner
to DevSecOps. By consolidating and standardizing tools and workflows,
organizations can create faster, more scalable, and repeatable software
delivery processes. The effort requires a cultural shift in addition to a
product-and tool-led one-but the payoff can be transformative.
##
ABOUT THE AUTHOR
Brian Wald, Head of Global Field CTO org at
GitLab
Brian Wald is Head of Global Field CTO org
at GitLab. He leads a dynamic team of Field CTOs dedicated to transforming
enterprise software development practices.