Why and How do Large-scale Organizations Operationalize DevOps

An essential part of organizational efforts is to provide products to customers. To sustain competitive positions on existing markets, and to expand into new markets, firms utilize and continuously optimize approaches to efficiently provide effective products. Meanwhile, applying agile practices is a commoditized way for organizations to better adapt to changes during the development of their products. For bringing products to customers, more than their development is required. Typically, multiple organizational functions, all with individual goals and practices, are included in the development and delivery of products. This is often associated with friction points between those functions, and hinders the optimization of effectiveness and efficiency in providing products to customers. In retrospective, not all firms were able to recalibrate themselves and find back to former success after they had once missed to (again) innovate by timely addressing changes on their existing markets, discovering unmet or changed customer needs, and providing new products that bring together emerging technology with evolving customer demands. This potential threat now appears to be omnipresent with the ongoing proliferation of digitalization through the practical world of all of us. The emerging phenomenon of DevOps, a portmanteau word of “development” and “operations”, describes approaches to streamline development and delivery of products across organizational functions, to efficiently provide effective products, and to enable organizational digitalization efforts. This dissertation sheds light on reasoning, configurational factors, and dynamics behind DevOps implementations in large-scale. The composition of four independent yet interrelated scientific papers, the cornerstones of this dissertation, answers why and how large-scale organizations operationalize DevOps. In sum, this dissertation adds systematic and foundational knowledge, presents new applications and nuanced concretizations of scientific empiric approaches, connects allied but distinct research communities, and provides guidance for practitioners acting in this timely, relevant and interesting domain

Secrets Management in a Multi-Cloud Kubernetes Environment

Secrets are anything that can be used to authorize or authenticate to e.g. cloud services, databases, APIs etc. They are something that an organization must protect from being ended up in the wrong hands. As the size of the organization grows, the importance of protecting the business-critical secrets becomes more and more relevant and that is why the organizations also must pay an increasing amount of attention to their secrets management as the organization grows. The secrets being compromised is a threat that can be prevented with a variety of methods. Configuring all of these prevention methods manually is non-trivial. Secrets management platforms implement these methods by both improving security and automating tasks. The use cases of a secrets management platform might have great variety between organizations based on their requirements. Some organizations might want to fully automate the entire lifecycle of their secrets management and use extensive features of a secrets management platform, whereas many others would only need to store their existing credentials to a centralized and secure location. A case study is performed on the secrets management of a company called Anders Innovations. Their adoption of a secrets management platform required some further investigation as their end goal was to get a full cloud-agnostic service that can automate their secrets management. The research questions are made with a mindset that they would act as a reference for other organization in plans of adopting a secrets management platform. The first research question is about generalizing the cloud-agnosticism of secrets management. The second research question aims to clarify the automation of secrets management in automated build environments, which are being used in an increasing amount as organizations adopt new DevOps practices. The third research question is about combining the access rights management with an existing system of an organization

DevOps for Digital Leaders

DevOps; continuous delivery; software lifecycle; concurrent parallel testing; service management; ITIL; GRC; PaaS; containerization; API management; lean principles; technical debt; end-to-end automation; automatio

Holding on to Compliance While Adopting DevSecOps: An SLR

The software industry has witnessed a growing interest in DevSecOps due to the premises of integrating security in the software development lifecycle. However, security compliance cannot be disregarded, given the importance of adherence to regulations, laws, industry standards, and frameworks. This study aims to provide an overview of compliance aspects in the context of DevSecOps and explore how compliance is ensured. Furthermore, this study reveals the trends of compliance according to the extant literature and identifies potential directions for further research in this context. Therefore, we carried out a systematic literature review on the integration of compliance aspects in DevSecOps, which rigorously followed the guidelines proposed by Kitchenham and Charters. We found 934 articles related to the topic by searching five bibliographic databases (163) and Google Scholar (771). Through a rigorous selection process, we selected 15 papers as primary studies. Then, we identified the compliance aspects of DevSecOps and grouped them into three main categories: compliance initiation, compliance management, and compliance technicalities. We observed a low number of studies; therefore, we encourage further efforts into the exploration of compliance aspects, their automated integration, and the development of metrics to evaluate such a process in the context of DevSecOps.publishedVersio

IT Governance Mechanisms for DevOps Teams - How Incumbent Companies Achieve Competitive Advantages

More and more organizations are deciding to move from traditional, plan-driven software development to agile approaches in order to stay competitive. Therefore, the IT functions have been deciding to implement cross-functional DevOps teams. To enable collaboration within DevOps teams, incumbent companies have to implement mechanisms to govern dynamic and agile environments. The present research investigates which IT governance mechanisms are helpful for the implementation of DevOps teams. For this purpose, we conducted a qualitative research study and interviewed team members in six companies that have already implemented DevOps-oriented teams. We describe which IT governance mechanisms-”in the form of structure, processes, and relational mechanisms-”are important for DevOps teams to achieve competitive advantages. Our findings show that agile roles and responsibilities, hybrid or decentralized organizational structures, as well as communications and knowledge-sharing models are conducive to the government of a DevOps team