Virtualization Technology News and Information
Article
RSS
Supercharge DevSecOps Workflows and Drive Business Results With Platform Engineering

By Brian Wald, Head of Global Field CTO org at GitLab

Most development teams have experienced the productivity gains of adopting DevSecOps methodologies and the corresponding tools and processes. Recent research has found that C-level executives identified faster iteration, better code quality, improved operational efficiency, and more secure applications as the top benefits of implementing DevSecOps. 

As DevSecOps adoption grows, many organizations want to capture this momentum and identify opportunities to improve developer productivity and efficiency without sacrificing software quality and security. One valuable step in capitalizing on productivity gains from DevSecOps is to incorporate platform engineering into development workflows. 

Platform engineering is the practice of implementing a customized, unified infrastructure to route DevSecOps teams through self-service systems and workflows. Platform engineers have a broad set of skills, from experience with automation to infrastructure as code, cloud deployments, Kubernetes, and secure coding practices. They work closely with the DevSecOps team to tailor their chosen platform to the organization's needs. 

Building platform engineering practices into existing DevSecOps workflows can enhance developer productivity and satisfaction by standardizing best practices, tools, and architectural patterns. Platform engineering can alleviate some of the burdens that the shift left movement has placed on developers' shoulders while ensuring consistent application of security measures, accelerating time to market, and maintaining compliance with regulatory standards. 

Improving efficiency and productivity 

Platform engineering helps ensure that developers can spend their time delivering value through coding, testing, and reviews rather than tooling and setting up their application environments. It also allows teams to optimize software delivery by identifying efficiency gaps and areas of improvement, comparing performance across teams, and sharing best practices. 

By streamlining workflows, teams can increase their development velocity, reduce repetitive, manual tasks to focus on more valuable work, and minimize human error with automation. Teams can gain these benefits by:

  • Customizing monitoring tools to determine when and why bottlenecks occur 
  • Incorporating pipeline efficiencies, such as custom code related to an organization's infrastructure or a specific application
  • Customizing tools such as automation scripts for CI to fit the organization's particular needs

Maintaining secure and compliant workflows 

Teams can also use platform engineering to incorporate security policies and best practices across the organization. Organizations can ensure regulatory compliance and manage policies to control software quality and integrity by implementing granular user roles and flexible permissions with the least privileged access.

Platform engineering principles can codify training, policies, and checks and balances to make building secure software more efficient and consistent. For example, teams can configure security and compliance policies to ensure that scans run at specific times or points in the development process, set up checks and balances for regulation enforcement, and run regular security audits.

Facilitating collaboration and removing silos 

DevSecOps workflows should facilitate collaboration between developers, operators, and security teams. Platform engineering can strengthen this effort and give team members more time and resources to work together. Teams can work toward a more collaborative culture by innersourcing and reusing code, breaking down silos to improve collaboration, and creating flexible pipelines that scale quickly. 

Some ways to incorporate these principles include:

  • Creating pre-built workflows to make building CI configurations easier
  • Documenting and enforcing organizational best practices
  • Setting up and customizing platform templates to standardize pipelines 
  • Ensuring that all teams have access to critical tools, such as vulnerability scanning and access management, that can help drive their workflows 

DevSecOps and platform engineering are adjacent concepts with a shared goal of empowering developers and improving efficiency and security. A DevSecOps platform can serve as a framework for platform engineering, while platform engineering can optimize a DevSecOps tool. 

Platform engineering can be a valuable and complementary partner to DevSecOps. By consolidating and standardizing tools and workflows, organizations can create faster, more scalable, and repeatable software delivery processes. The effort requires a cultural shift in addition to a product-and tool-led one-but the payoff can be transformative. 

##

ABOUT THE AUTHOR

Brian Wald, Head of Global Field CTO org at GitLab

Brian Wald 

Brian Wald is Head of Global Field CTO org at GitLab. He leads a dynamic team of Field CTOs dedicated to transforming enterprise software development practices.

Published Wednesday, November 06, 2024 7:33 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2024>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567