Cloud Native ComputingDevelopersDevOpsFeaturedKubernetesPlatform EngineersSecuritySREsT3M: TFiR Topic Of The MonthVideo

DevOps May Be Overkill For Smaller Organizations; As They Grow Bigger, They Need It | Utpal Bhatt


Guest: Utpal Bhatt (LinkedIn)
Company: Tigera (Twitter)

Tigera provides an active security platform with full-stack observability for containers and Kubernetes. In this episode of TFiR: T3M, Swapnil Bhartiya sits down with Chief Marketing Officer Utpal Bhatt to talk about where the market is headed, particularly in the DevOps and platform engineering space.

Trends that drive the evolution of the DevOps space:

  • The emergence of the CI/CD process or pipeline where there was an increasing reliance on automation to increase the pace of innovation.
  • Increased use of the cloud or, at least, cloud-native architectures. Organizations started moving to the cloud. The initial lift-and-shift became embracing everything that the cloud offers and becoming cloud native.
  • Microservices.

There is room for specialization, whether it’s developing core business applications, the security and compliance requirements, or the details of the cloud-native architecture. Developers, operations people, platform engineers, and security people will work very tightly with each other, but all these roles are not going to morph into one.

The platform engineering team is responsible for the security, compliance, the availability, and the scale of the environment.

Is DevOps dead? No. It depends on the organization. If you’re a smaller organization, it might be an overkill to have one. As the organization grows, there is still the aspect of the code getting committed to your repository, and then taking that all the way in, ensuring that you have the right security configuration embedded in the core, ensuring that your images are all scanned and free of vulnerabilities, ensuring that you have the right admission controller policies so that you’re only allowing clean images into production. All those are very important aspects of the CI/CD pipeline that the DevOps person should handle.

Developers have always been a central entity of technology products. Cloud-native applications have made the developer persona even more prominent because cloud-native architectures, fundamentally, are highly complex, very ephemeral, and distributed. They scale up and down, and have a lot of automation built into it.

The developer experience could be a very holistic view: how do you treat your developer and that developer comes to your website? In many cases, developers are the users of your product. They may not be the end buyers of your product, but are you treating them as if they were the end buyers?

Tigera enhances the developer experience by providing solutions that:

  • help the security team prioritize the most important things the development team needs to fix. Instead of giving a list of 100 things, it provides a ranked listing.
  • give developers and the DevOps team the ability to deploy mitigating controls. This extra layer of security is built around the most vulnerable aspects of the application, which buys the development team more time to fix the bug.
  • ease the social/cultural tension between the development and security teams.  It provides security teams with complete visibility on what is happening inside the cloud-native architecture and helps them interpret vulnerability and exposure risk. On the other hand, developers are given a priority list of things to fix so they still have time to work on the core business application.

Platform engineering or DevOps? Both. It should mirror the evolution, size, and maturity of your organization. You should staff those functional areas and see them as distinct: development is different, CI/CD management is different, infrastructure management is different, monitoring the runtime profile of your application, both from a security and quality of service, is different.

This summary was written by Camille Gregory.