The findings reveal emerging and legacy technologies are being rebuilt around the needs of developers, and companies are piloting and adopting new technologies like microservices and containers in service of speed. But despite advances, security and speed remain at odds in the enterprise.
Our survey shows technology rollout is increasing faster than headcount, so we took a deeper cut of the data to understand the impact of these trends on specific teams: infrastructure teams, application teams, security teams and cross-functional teams.
Specialized teams are critical to success in the enterprise, but to thrive in the continuous enterprise, a new breed of cross-functional teams are emerging as the fastest, most forward-leaning teams in the enterprise. Our findings below reveal how other teams stack up, how the role of IT is changing and more.
THE NEED FOR SPEED
- Respondents in our survey cited faster deployment speed as the number one priority to boost overall performance.
- The majority of teams surveyed are releasing changes to production not monthly, weekly or even daily, but on-demand. Likewise, teams overwhelmingly report reducing the time it takes between an initial software commit and running code in production from weeks and days to mere hours.
Break Silos to Increase Speed.
- Cross-functional teams are 17% more likely than application teams to release changes to production on a continuous, on-demand basis. Further, cross-functional teams are 23% and 24% more likely than infrastructure and security teams, respectively, to release changes to production on-demand.
- Cross-functional teams were also the most likely to reduce the time it takes from initial software commit to running that software commit.
Fail Fast.
- When a failure occurs in production, the majority of respondents (55%) are able to recover in one hour, the shortest possible recovery time in the survey. One-third of respondents (33%) are able to recover in the next window of 4 hours.
- Cross-functional teams are 26% more likely than security teams to recover from failure in one hour. And cross-functional are 21% more likely than application teams to recover in the one hour period.
EMERGING TECHNOLOGIES
Virtual is Reality.
- The overwhelming majority (86%) of respondents have completed or are in progress of managing a project to migrate infrastructure from physical to virtual. Respondents report an average of six months to complete a virtual migration project.
Cloud Reigns.
- Furthermore, the overwhelming majority (81%) of respondents have completed or are in progress of managing a project to run some applications in cloud-based architectures. Just like virtualization projects, respondents report an average of six months to complete a project to run cloud-based apps.
- Three quarters of all respondents are running cloud-based apps in a public or hybrid cloud and only 25% are running them purely in a private cloud. Overall, there is an even split between public and hybrid private use, with 37% and 38% respectively.
- And again, cross-functional leads the pack: they are the most likely team to have completed a project to run applications in cloud-based architectures.
- Application teams are 45% more likely to run a cloud based project in a private cloud than an infrastructure team.
- Twenty percent of security team respondents reported no plans to run applications in cloud-based architectures, whereas all other respondent teams had less than 7% with no plans to run apps in the cloud.
Cross-Functional Fuels Container Craze.
- More than two-thirds of respondents (67%) are already running or plan to run containers in their infrastructure. 17% are unsure of their plans to run containers and 15% are not or have no plans to run containers in infrastructure.
- Cross-functional teams are the team most likely to be running or plan to run containers in their infrastructure. Cross-functional teams are also 24% more likely than security teams to already be running or have plans to run containers in their infrastructure.
Microservices, Macro Use.
- The majority of respondents have or are in progress of re-architecting monolithic applications into microservices. 11% have completed a project to do so, 44% are in progress, and 12% will be managing a project to do so. 22% are unsure or exploring, and only 12% have no plans to run monolithic apps as microservices.
- Cross-functional teams are the most likely to have completed a project to re-architect monolithic applications into microservices.
- Respondents report an average of a 7-month timeline to complete a project to adopt microservices.
- On average, respondents run or will run 44% of their applications as microservices.
Standardizing Automation.
- The use of automation is on the rise, with more established technologies seeing wider adoption across the organization. In terms of estate coverage, 61% are automating infrastructure, 30% are automating compliance and 27% are automating container management.
- The majority of respondents (58%) say teams across the company are using or mostly using common standard tools to automate tasks, however, only 19% of those teams consider this problem solved.
- Cross-functional teams are the most likely to use a common standard for tooling across the company, while security teams were the most likely to use their own tooling.
ARE COMPLIANCE AND VELOCITY AT ODDS?
Nearly two-thirds (64%) of respondents report their company is subject to regulatory compliance standards. The following data points are from those respondents who are subject to regulatory standards.
Compliance Checks are Consistently Inconsistent.
- Assessing the state of compliance is challenging: 22% of users assess inconsistently and 23% don’t assess at all.
- Seventy-three percent of respondents wait to assess compliance after development work has begun, and 59% assess compliance once that code is already running in production.
- Three quarters of respondents assess the state of their compliance policies on a quarterly (or longer) basis, with 46% making assessments at an inconsistent rate or not at all.
- Security teams are the most likely team to assess in production (22%) or just prior to releasing to production (17%), whereas application, infrastructure and cross-functional teams most often assess for compliance in the development phase (25%, 26% and 23% respectively
- Security teams reported more regular compliance assessments than any other team, most frequently (30%) assessing quarterly. “Inconsistent” was the most common response given by application (39%), infrastructure (32%), and cross-functional (34%) teams than any other compliance assessment milestone in the survey.
Ready, Set, Remediate!
- After a compliance violation or security vulnerability is discovered, it takes 30% of respondents days to remediate them across all apps. 22% say it takes weeks, 15% report hours, and 6% report months.
- Infrastructure teams can remediate compliance violations or security vulnerabilities across all affected apps and systems faster than any other team.
- Infrastructure teams are 95% more likely than security teams to remediate compliance violations or security vulnerabilities across all apps in hours. They are 40% more likely than application teams to conduct this remediation in hours, and 27% more likely than cross-functional teams to do so.
- More than half (57%) of infrastructure teams take hours or days to apply remediations to all affected systems. In contrast, 48% of security teams report it takes weeks to apply these remediations.
THE CHANGING ROLE OF “DEV” AND “OPS”
Workloads Are Increasing Faster Than Headcount.
- 63% of respondents see their workloads increasing. But only 44% expect to see an increase in the size of their development teams and only one-third expect to see an increase in the size of their operations teams.
- Development teams are 33% more likely to grow in size in the next year than operations teams.
- More than a third (36%) of respondents said their company plans to increase the size of their development team by 1x-2x. Eight percent report 3x growth to development teams and 32% said the team size will remain stable.
There’s No Crystal Ball.
- No matter how fast a team is moving, how many new technologies they are deploying, unexpected work will remain. On average, respondents say 19% (i.e. one full day) of the work week is spent dealing with unplanned/unexpected work.
- Bug fixes/break-fix scenarios is overwhelmingly the most frequent factor reported as causing unplanned work (84%). This was followed by failures in deploying application releases (42%), failure from unauthorized our unmanaged change (32%) and then re-architecting changes to meet InfoSec standards (21%).
VIEWPOINTS FROM CHEF
- Building the Continuous Enterprise requires teams to increase velocity and embrace emerging technologies. To do so, teams should begin shifting to a developer services model - where the services and preferred tools of developers are adopted across teams - and work to fold security and compliance into the production cycle earlier.
- IT stacks are a complex mix of legacy and emerging technologies, physical and virtual machines, and on-premises and cloud-based services. To address the complexity, IT must embrace hybrid - delivering services, infrastructure and applications through a mix of cloud and on-premises solutions - as the operating model.
- Lastly, specialization is so important in our work - teams should continue building expertise in applications, infrastructure and security, and to further increase speed and performance of IT, teams must collaborate. Enterprises should build dedicated cross-functional teams who are committed to achieving common business goals.