Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Puppet Releases Its 2020 State of DevOps Report

Puppet Releases Its 2020 State of DevOps Report

This item in japanese

The State of DevOps Report 2020 released by Puppet reveals that internal platforms for self-service and effective change management practices were key for organizations to move up the DevOps evolution ladder. Security integration in the software delivery pipeline also plays a key role.

The report survey - now in its 9th year of publication - reached out to almost 2400 professionals across the globe. Europe had the largest number of respondents (33%) with the USA and Canada close behind (30%). Most of the respondents (33%) were from technology companies, followed by financial services, industrials and manufacturing. These percentages mirror the previous year's report. The stated aim of this year’s report was to examine "structural issues" that were instrumental in achieving DevOps agility in organizations.

Puppet Labs State of DevOps Report 2020 Demographics
Image courtesy: The State of DevOps Report 2020

The 2020 report noted that internal platform teams are more prevalent and their presence has a positive correlation with evolved DevOps practices. "We found a strong relationship between DevOps evolution and the use of internal platforms", noted Alanna Brown, senior director of community and developer relations at Puppet. Evolved organizations in this sense offer self-service capabilities to their developers like CI/CD, development environments, public cloud and internal infrastructure, monitoring/alerting, database provisioning and audit trails. The report also mentions the five-stage "evolution model" (formulated in previous reports), with five being the highest where self-service resources and automated incident responses are available, business needs define app architecture, and security is a key part of design and deployment. The most common self-service interface is CI/CD across orgs at various levels of DevOps evolution.

It is important to treat an internal platform as a product, the report authors note, and thus allocate resources, time, a permanent team and have management commitment for it to be successful. An internal platform lets application developers focus on their core competency and also have access to a standardized toolset. "Internal platform teams are responsible for providing a platform that provides the infrastructure, environments, deployment pipelines and other internal services that enable internal customers - usually application development teams - to build, deploy and run their applications", wrote the authors. 63% of the survey respondents had at least one internal platform, with 60% between two and four platforms. 31% of these orgs had 26-50% of their devs using a platform.

Mike Stahnke, vice president of platform at CircleCI, says in one of the cited case studies that they measure the success of their internal platform on availability, cost, security and developer productivity. The report also notes that the top challenges to providing such internal platforms are lack of time, lack of standardization, and a lack of technical skills in the team.

The report also shows four different approaches to change management. Effective change management is correlated with emphasis on automation of testing, deployment, risk mitigation, and flexible approval processes. Changes in code (along the lines of infrastructure as code), wider scope for employees to influence changes, and process and culture also play a part. The advantage of having any changes as code is that "changes can be subjected to any validation techniques that are available for code", notes the report.

Operationally mature companies are those that have the highest levels of automation and also have high levels of "orthodox" approval systems. This seeming paradox is explained by the fact that these are typically larger, mid-market organizations that already had mature processes in place for change rollout, and had to adopt automation as part of getting "digitally transformed". Whereas engineering-driven companies are mostly technology companies (33% of overall respondents), governance focused ones that rely more on manual reviews are typically larger organizations with 40% of such respondents employing more than 5000 people. The last category - ad hoc ones - score low on all fronts - automation, approvals and engineering work. The top challenges to automation change management are incomplete test coverage, organizational mindset, and a tightly coupled application architecture.

Integrating security with the software delivery process speeds up handing of critical vulnerabilities. Although this report does not mention specific examples of what security integration entails, the 2019 report does so. The report can be downloaded from the Puppet website.

Rate this Article