JANUARY 2021 • VOL. 2, ISSUE 43 • $9.95 • www.sdtimes.com
IFC_SDT043.qxp_Layout 1 12/22/20 11:36 AM Page 2
Instantly Search Terabytes
www.sdtimes.com EDITORIAL EDITOR-IN-CHIEF David Rubinstein drubinstein@d2emerge.com NEWS EDITOR Christina Cardoza ccardoza@d2emerge.com
dtSearch’s document filters support: ‡ popular file types ‡ emails with multilevel attachments ‡ a wide variety of databases
SOCIAL MEDIA AND ONLINE EDITORS Jenna Sargent jsargent@d2emerge.com Jakub Lewkowicz jlwekowicz@d2emerge.com ART DIRECTOR Mara Leonardi mleonardi@d2emerge.com
‡ web data
CONTRIBUTING WRITERS Jacqueline Emigh, Lisa Morgan, Jeffrey Schwartz, George Tillmann
2YHU VHDUFK RSWLRQV LQFOXGLQJ ‡ efficient multithreaded search
CONTRIBUTING ANALYSTS Enderle Group, Gartner, IDC, Intellyx
‡ HDV\ PXOWLFRORU KLW KLJKOLJKWLQJ ‡ forensics options like credit card search
CUSTOMER SERVICE SUBSCRIPTIONS subscriptions@d2emerge.com ADVERTISING TRAFFIC Mara Leonardi mleonardi@d2emerge.com
Developers:
LIST SERVICES Jessica Carroll jcarroll@d2emerge.com
‡ 6'.V IRU :LQGRZV /LQX[ PDF26 ‡ &URVV SODWIRUP $3,V IRU & -DYD DQG NET with NET Standard / 1(7 &RUH
.
.
.
‡ )$4V RQ IDFHWHG VHDUFK JUDQXODU GDWD FODVVLILFDWLRQ $]XUH $:6 DQG PRUH
REPRINTS reprints@d2emerge.com ACCOUNTING accounting@d2emerge.com
ADVERTISING SALES PUBLISHER David Lyman 978-465-2351 dlyman@d2emerge.com
Visit dtSearch.com for ‡ KXQGUHGV RI UHYLHZV DQG FDVH VWXGLHV ‡ IXOO\ IXQFWLRQDO HQWHUSULVH DQG developer evaluations
SALES MANAGER Jon Sawyer 603-547-7695 jsawyer@d2emerge.com
The Smart Choice for Text Retrieval® since 1991
dtSearch.com 1-800-IT-FINDS
PRESIDENT & CEO David Lyman
D2 EMERGE LLC www.d2emerge.com
CHIEF OPERATING OFFICER David Rubinstein
003_SDT043.qxp_Layout 1 12/23/20 2:47 PM Page 3
Contents
VOLUME 2, ISSUE 43 • JANUARY 2021
FEATURES
NEWS 4
News Watch
Around the industry: Predictions for 2021
15
BizOps requires engaged, enthusiastic teams
17
Developers take a larger role in security
18
Atlassian brings new DevOps metrics to Jira Software Cloud
COLUMNS 36 GUEST VIEW by Anthony Morris
page 12
Breaking the low-code barrier
37 ANALYST VIEW by Michael Horvath AppSec that doesn’t break the bank
WFH reveals an ‘I’ in team page 20
38 INDUSTRY WATCH by David Rubinstein Assessing a developer’s work, and worth
Value stream management will be a driving force behind successful businesses in 2021
2021: The year of low code
page 6
page 25
Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 2 Roberts Lane, Newburyport, MA 01950. Periodicals postage paid at Plainview, NY, and additional offices. SD Times is a registered trademark of D2 Emerge LLC. All contents © 2021 D2 Emerge LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 2 Roberts Lane, Newburyport, MA 01950. SD Times subscriber services may be reached at subscriptions@d2emerge.com.
004,5_SDT043.qxp_Layout 1 12/22/20 2:07 PM Page 4
4
SD Times
January 2021
www.sdtimes.com
NEWS WATCH LinearB takes data-driven software delivery approach
code impacts production. For instance, lack of understanding or visibility can result in degraded services for users.
LinearB has created a new tool to help development teams overcome challenges with extant project management tools that are “good for planning but don’t add value once dev teams start building,” the company said in a statement about the recent product rollout. In its announcement, LinearB said its solution provides developers with actionable information where they work — in Git and Slack. The solution, Dan Lines, COO of the company, told SD Times, “can see where a pull request stalled and send a Slack message to get someone to review it,” among other developerfocused features.
Intel to detect bugs in code
Jakarta EE 9 provides new baseline for evolution The Eclipse Foundation has announced the release of Jakarta EE 9, which provides a new baseline for the evolution of the platform. According to the Eclipse Foundation, the major change in Jakarta EE 9 is the completion of the transition from the javax.* package namespace to the jakarta.* namespace. The foundation explained this namespace change establishes Jakarta EE 9 as a foundation to develop enterprise Java applications on.
JetBrains launches Space for teams JetBrains’ integrated team environment Space is finally available to the public. The
Tech companies form Modern Computing Alliance A number of companies, including Google, Slack, and Zoom, are coming together to launch the Modern Computing Alliance. The goal of the alliance is to address IT challenges that companies are facing across the entire technology stack, from silicon to cloud. Their mission is to “drive ‘silicon-to-cloud’ innovation for the benefit of enterprise customers — fueling a differentiated modern computing platform and providing additional choice for integrated business solutions.” The Modern Computing Alliance will attempt to tackle the most pressing issues in computing today, including performance, security and identity, healthcare, and remote work, productivity, and collaboration.
company first introduced the solution last year at its KotlinConf. Since then, it has taken feedback from its users to ensure the product goes beyond just JetBrains’ needs. “We think that the biggest challenge is ensuring effective and transparent collaboration, working together as a team, and empowering every individual with all the information and tooling they need so that they can do their best,” Maxim Shafirov, CEO of JetBrains, said in the announcement.
Tasktop Viz updated with leading indicator analytics Tasktop is updating its Tasktop Viz solution to give organizations more ways to connect their software delivery processes to their business outcomes. The latest release focuses on real-time, data-driven metrics and on-demand expert advice.
A key feature of the release is the addition of leading indicator analytics, which will alert business leaders to any problems impacting the speed and productivity of their value streams. Leading indicator analytics will be tracked through neglected work in progress, predicted flow time increase and months to complete work in progress.
Rookout shifts observability left Rookout wants developers to have a bigger role when it comes to application performance monitoring. The company announced server performance metrics will now be available in its debugging workflow. According to the company, while CPU spikes, memory leaks and disks filling up were previously IT operations’ responsibility, as DevOps shifts left, developers need to have a better understanding on how
Intel’s newly released ControlFlag is a machine learning programming system that autonomously detects errors in code. A recent study from the University of Cambridge's Judge Business School estimated that of the $1.25 trillion the IT industry spends on software development every year, 50% is spent debugging code. Intel hopes the new solution will significantly reduce the amount of time and money required to evaluate and debug code. “Debugging is expected to take an even bigger toll on developers and the industry at large,” Intel wrote in its announcement. “When fully realized, ControlFlag could help alleviate this challenge by automating the tedious parts of software development, such as testing, monitoring and debugging.”
Kubernetes to deprecate Docker container runtime The Kubernetes team has announced that it is deprecating the use of the Docker container runtime sometime after the release of Kubernetes 1.20, which is the upcoming release of the container orchestration tool. Instead, Kubernetes will use runtimes that use the Container Runtime Interface (CRI). “This doesn’t mean the death of Docker, and it doesn’t mean you can’t, or shouldn’t, use Docker as a development tool anymore. Docker is still a
004,5_SDT043.qxp_Layout 1 12/22/20 2:08 PM Page 5
www.sdtimes.com
useful tool for building containers, and the images that result from running docker build can still run in your Kubernetes cluster,” the Kubernetes team wrote in a post. The Kubernetes team explained that this change does not affect Docker images, and that Docker images will continue to work as they always have.
GitHub launches literate programming environment GitHub has announced it is teaming up with fastai to develop a literate programming environment for Python, nbdev. Computer scientist Donald Knuth defined literate programming as a way of programming that allows developers to work in the order demanded by the logic and flow of their thoughts rather than an order dictated by the computer. According to GitHub, a subset of ideas from literate programming have shown up in tools like Swift Playgrounds, Jupyter, and Mathematica, but there is a lack of tooling to
encompass the entire development life cycle.
Apache TVM reaches ASF top-level status The Apache Software Foundation (ASF) has announced Apache TVM is now a Top-Level Project. Apache TVM is an end-to-end open deep learning compiler stack for CPUs, GPUs and specialized accelerators. Reaching top-level status means the project has graduated from Apache’s incubation program and meets specific ASF requirements. Apache TVM aims to make it easier for developers to work with machine learning computations and applications, and run them on any hardware modules, platforms and systems. Top features include high performance with minimal runtimes; ability to run on backends, CPUs, GPUs, browsers, microcontrollers, FPGAs, and ASICs; support for deep learning compilation models in Keras, Apache MXNet (incubating), PyTorch, TensorFlow, Core ML, and Darknet; and support for C++, Rust, Java and Python.
People on the move
Gravitational rebrands as Teleport Gravitational changed its name to Teleport and released the Teleport Unified Access Plane. “The decision to formally change our name to Teleport supports the natural evolution that our company has followed from the point it was founded — to create software for engineers that allows them to quickly access any resource anywhere,” said Ev Kontsevoy, the CEO and cofounder of Teleport. Teleport Unified Access Plane aims to solve a deficiency in alternative solutions by providing consolidated access to all computing resources such as servers, Kubernetes clusters, or internal applications across all environments and behind network address translation (NAT).
The GitOps Working Group launches As the GitOps trend continues to take hold of the software
January 2021
SD Times
development community, a group of technology companies are banding together to provide developers with the necessary skills. Amazon, Codefresh, GitHub, Microsoft, and Weaveworks announced the GitOps Working Group. This is an open Cloud Native Computing Foundation (CNCF) project inside the fluxcd GitHub organization. The working group is launching to provide skills, knowledge, and competency when implementing GitOps tools and methodologies.
IBM acquires APM company Instana IBM has announced that it will be acquiring monitoring company Instana. The company explained the acquisition will help bolster its hybrid cloud and AI strategy. According to IBM, it will now be able to better help companies manage the challenges and complexities of managing application performance across teams and clouds. z
n David Schneider, ServiceNow president emeritus, has joined the board of advisors for crowd intelligence software company Armored Things. Schneider is also on the board of directors at the cloud security company Zscaler.
n Guido van Rossum, creator of the Python programming language, has come out of retirement to join the developer division at Microsoft. Van Rossum explained he will work to make using Python better for Windows and the open-source world.
n Dan Papandrea has been appointed to the lead of open source community and ecosystem at Sysdig. He will be responsible for the growth, adoption and contributions of open-source Sysdig projects.
n ServiceNow also announced enterprise software verteran John Ball would be joining its customer workflow business unit as its senior vice president and general manager. Previously, he was executive vice president and general manager for Saleforce’s Einstein AI platform and applications.
n Riverbed has promoted Sekhar Kancherlapalli to chief information officer. Kancherlapalli will now be responsible for the company’s IT functions and operations as well as lead Riverbed’s cloud and digital initiatives. Prior to the promotion, Kancherlapalli was chief architect for the company, and has held senior cloud and enterprise architecture roles at Oracle, Liberty Mutual Insurance and Fidelity.
n SolarWinds has named Sudhakar Ramakrishna president, chief executive officer and member of the board of directors. The transition will be effective on January 4, 2021. Ramakrishna has 25 years of experience in cloud, mobility, networking, security and collaboration markets.
5
006-11_SDT043.qxp_Layout 1 12/22/20 2:12 PM Page 6
6
SD Times
January 2021
www.sdtimes.com
2021: THE YEAR
BY JENNA SARGENT ow-code app development platforms have been around for years, but for a long time, they were often looked down upon by developers as something not powerful enough to be used to create actual applications. Whether this was because of a fear of low code making their jobs obsolete or a true belief that these platforms couldn’t deliver on their promises, they were often viewed as just a toy for business users, not something that should actually be used in production environments instead of apps created with code by the development and IT teams of an organization. Over time, however, that mindset has changed, and people from all segments of the business — developers, IT, and business users — have seen what the platforms are actually capable of, making them a more viable option nowadays. In fact, Gartner predicts that by 2023, over 50% of medium to large enterprises will be using low code as a strategic application platform. This recognition by the industry is why SD Times is declaring 2021 the year of low code. 2020 has been a particularly big year for low code, and that’s likely been helped along by the sudden work from home (WFH) orders that many companies were subject to. Without much advance notice, workers had to do their jobs entirely from home. This meant that processes that were historically done on paper, and perhaps physically transferred to another person in the office, were no longer viable. Business users needed a way to transform their manual, office-based processes into ones that could be accomplished online. Many turned to low code to
L
help get that done. Sheryl Koenigsberg, head of global product marketing at low-code application platform Mendix, explained that another area where low code has increased this year as a result of the changes the world has gone through is in companies’ interactions with their customers. “So we think of one category of stuff having to do with workers needing to work from home, but the flip side of that is people aren’t going to stores, people aren’t going to government agencies. Customers are not able to interact in person. So that’s kind of the other way in which we have
006-11_SDT043.qxp_Layout 1 12/22/20 11:15 AM Page 7
www.sdtimes.com
January 2021
SD Times
OF Working from home has sped the adoption, as software-driven businesses realize they need people with business knowledge creating applications
seen the pandemic influence peoples’ use of low code because they’re very eager to offer capabilities to their customers,” she said. Shane Young, PowerApps guru at PowerApps911, a consulting company for Microsoft’s low-code environment Power Platform, has also seen similar trends of growth. He believes that growth has doubled since early April. “It’s been growing year over year pretty
steadily, and then back when kind of the lockdown happened, so [at the] end of March, there was kind of this momentary pause where everyone didn’t do anything, and then say a week, 10 days later, it just took off and it hasn’t stopped since. So I would say we’ve definitely seen growth double since early April,” he said. Young cites the same reasons for that growth — transformation of manual processes.
Young continued: “What it’s really been a lot of is people realized that they have a lot of processes that required paper, walking it over to somebody’s desk and saying ‘hey, sign this’ or ‘do this,’ and when we’re all working from home, you can’t walk over to my desk and have me sign this, or share some information with me. So a lot of the app uptake has been just trying to [create] simple apps, which lends itself so well to low code, but just things that facilitate conversations, or facilitate approvals, or what are the processes that used to be paper or hand-driven that now need to be electronically driven?” These apps are nothing new, Young explained. People had already been using low code to build similar apps, but the WFH changes certainly sped up the timeline of those apps, and increased how many companies used them. “It used to be like I’ll get to that one day, and in April that one day is today, I need to start this project that I was going to start eventually. It didn’t change the types of apps, it just sped up the timeline of those apps,” Young said.
Getting started with low code So for those interested in low-code development, where is the best place to continued on page 8 >
7
006-11_SDT043.qxp_Layout 1 12/22/20 11:16 AM Page 8
8
SD Times
January 2021
www.sdtimes.com
< continued from page 7
start? Young recommends starting a low-code program by looking at processes that are currently spreadsheet-driven. For example, say you have an Excel spreadsheet that is used to collect data from everyone on your team. You would email out the spreadsheet, have everyone fill it out and send it back to you, and then you’d have to cut, paste, and merge the data together. This is a process that can easily be simplified by transforming it into a lowcode application. You could build an app where everyone inputs their data and it does the job of merging that data for you into a central location.
recently is regarding citizen development programs. One of the biggest things companies want to know about is training. Low-code developers might not need to be experts in a programming language, but there are several concepts that make it easier for someone without a programming background. According to Bratincevic, the companies who have successful citizen development programs provide training not just on the low-code platform and how to build applications with it, but also provide training on problem-solving and design thinking. “The ones that are being smart about it and going after it proactively, yes. They buy it, they
up a scenario where one of Mendix’s salespeople was visiting an airline to give a demo of their platform, which the airline was considering using for its checkin process. They had modeled out the logic, and then the head of the flight attendants’ union walked by and they waved her over. She was able to look at it and quickly point out that the logic they were using didn’t account for the fact that the passport is needed before the ticket number can be validated. “So there’s an example where you can incorporate people into low-code development who don’t have a technical background at all, because it’s so accessible,” Koenigsberg explained.
Goodbye, shadow IT ‘Technology is not just the job of a small group of specialists. There’s a spectrum developing. The more software-driven a company is, the more software work business people need to do.’ —John Bratincevic, Forrester
Mendix’s Koenigsberg believes there are certain skill sets that transfer well to low code. For example, an actuary who has a bunch of custom actuarial tools and has written a lot of Excel macros would transition very easily to low code. Another example is a mechanical engineer who is used to doing model-based development. Koenigsberg believes that person would very easily transition to low code as well. “So I think that what low code does when there is a developer shortage is it means you don’t necessarily have to get that person with the Java certification, the .NET certification, who’s been doing it for 20 years. You can take somebody who has business domain expertise and have them meaningfully contribute to the software that the company needs,” said Koenigsberg. Forrester senior analyst John Bratincevic explained that the number one question he’s gotten from companies
train people, they figure out how to mature it, the whole thing,” he said. PowerApps911’s Young believes that teaching about data structures would also be helpful. “I think that’s one of the biggest mistakes we see, you’re like ‘all right, I need to collect this data and so I’m just going to make one table with 1,000 columns and then fill in all those columns.’ And that works, which is awesome, but it’s really slow and it doesn’t really scale over time, so I think that would be the biggest win for a lot of them.”
Domain experts building better apps One of the results of subject matter experts being able to build their own apps rather than handing something off to an IT team that doesn’t have handson experience of a certain process is that they can incorporate their own knowledge and expertise into the application. For example, Koenigsberg brought
When companies give their business users a platform to create the applications they need, it also has the potential to cut down on shadow IT. Rather than a business user finding and downloading a random application or signing up for a service that IT has no idea about, they have this platform, signed off on by IT, that allows them to build the applications they need in a controlled environment. “The worst case is when the IT department is swamped and isn’t delivering, the business is unhappy, maybe business comes along and says we want to look at this tool, and IT says you shouldn’t use that, blah blah blah,” said Mike Mason, global head of technology at ThoughtWorks. “The folks who need the software go ahead and build it anyway without getting any help from centralized IT, and then you run into a real problem because people are just building these tools, and can get themselves into a problem, can end up with a system that is difficult to maintain or extend. You might end up with security concerns around where the data is sitting and all that kind of stuff,” said Mason. Mason believes a more positive approach would be to involve IT in the selection of low-code platforms, so that governance is easier and people aren’t tempted to build things off on their own. Despite this extra control and the other benefits of low code, IT is often continued on page 11 >
006-11_SDT043.qxp_Layout 1 12/22/20 11:16 AM Page 10
10
SD Times
January 2021
www.sdtimes.com
From 1x to 10x with low code Companies are obsessed with finding the next 10x engineer to join their team, but 1x engineers aren’t as enthusiastic about the idea. 10xers are like the startups valued at more than a billion dollars — they are unicorns. A rare breed. They are highly desired because of their ability to produce 10 times faster and 10 times more than the average developer. “Founders, if you ever come across this rare breed of engineers, grab them. If you have a 10x engineer as part of your first few engineers, you increase the odds of your startup success significantly,” Shekhar Kirani, a partner at the venture capital firm Accel, tweeted. Kirani went on to explain that while 10x engineers hate meetings and don’t like to work with crowds, they are always learning and they know every line of code in production. This fixation on finding a 10xer can have negative effects on the development teams. Developers feel pressured to produce more and to be faster. On top of it, their list of responsibilities keeps growing, leaving them feeling burned out. In fact, when Kirani tweeted about 10x engineers, a lot of developers came out defending the 1x engineer and as a result the 1x engineer and 10x engineer websites were created to give a clearer understanding of the two. “You might have already heard of a 10x engineer. Probably too often, actually. If there’s such a thing as a 10x engineer, surely there must be a 1x engineer, too?” according to the 1x engineer website. 1x engineers are described as people who do research, write readable code, read docs, update docs, work well with others, and spend time doing things outside of engineering. If you visit this 10x engineer website, you get a 404 error message, and the page simply states “10x Engineers aren’t real.” According to Malcolm Ross, vice president of product and deputy CTO at low-code automation company Appian, 1x engineers are right to be worried about the 10x engineer. Companies want to remain competitive and that means they have to be faster and produce higher quality software. “Ultimately [developers] need to be more productive. They
need to deliver the goals of their organizations or themselves faster to be competitive,” he said. “If a business manager finds one developer that can generate something 10 times faster than another developer, who are they going to go with? They’re going to go with the 10xer. The world needs more 10xers.” The good news, however, is that you no longer need to be a genius in software to become a 10xer today. Another way to become a 10xer is to use tools which enable productivity. For instance, low-code development enables developers to visualize complexities and understand the nuances of software more easily so they can start building faster. The use of AI can also help eliminate redundant work, provide guidance, and accelerate productivity. “10xers have three common attributes. They are superstars when it comes to coding prowess. They understand the ins and outs of their business so the apps they build actually solve the problems that need to get solved. And they make everyone around them better. Because low code specifically addresses the first attributes, it has the potential to help more folks become 10xers,” said Goncalo Gaiolas, vice president of product for low-code platform provider OutSystems. But developers need more than low code to take them to that next level. “We absolutely believe that with a more holistic platform approach, orders of magnitude more developers will be able to become 10xers! High-productivity, Internet-scale, industrial security, and continuous adaptability shouldn’t only be the domain of digital economy powerhouses,” Gaiolas explained. “Multi-functional development approaches that serve a diverse team and support the full DevOps life cycle serve to improve productivity and collaboration and ultimately help development teams rise to 10x. A platform that incorporates low code with other productivity tools makes it easier for professional developers to bring together a multidisciplinary team that includes UI/UX experts, business analysts, and architects. It’s this diverse team working together that can build applications to solve their most pressing problems and achieve 10x.” z —Christina Cardoza
006-11_SDT043.qxp_Layout 1 12/22/20 11:16 AM Page 11
www.sdtimes.com
< continued from page 8
the last to get on board with bringing in these solutions, said Young. “I was helping [a Fortune 50 company] build an app and whatever app it is they wanted to build, they went to IT to get an internal quote. And IT was like ‘Oh yeah it’ll be 9 months and $170,000 for us to build you this app,’ and then I think I quoted him $25,000 and 6 weeks to build it in the Power Platform.” To IT, that contrast is scary, Young explained. He continued: “IT is afraid of why this thing is so much smaller, cheaper, and faster, when they had to quote $170,000 for it. So I think that’s what IT struggles with. They’re the last ones to embrace low code/no code. They don’t want to look at it, they don’t want to think about it because they’re afraid it’s going to cost them their jobs. It’s not, but that’s the natural reaction.”
Low code isn’t a silver bullet Low code isn’t perfect. Even though we’re declaring 2021 the year of low code, that doesn’t mean low-code platforms are a silver bullet for all of a company’s problems. One issue that arises with low code is that sometimes your use case might evolve and grow past what the platform is capable of. Mason gave an example of a company wanting to create an app that 10 people use and two people develop it. That use case might be in the sweet spot for that particular lowcode platform, but imagine if that app continues to be successful and grows in complexity. Now it might be something for a 10-person team to build to service 10,000 people in your company. Looking into the scalability of a platform can be tricky. “A number of the low-code vendors kind of tout their platform as being very highly scalable and they’ll give an example of a glossy tablet application for their bank that they developed on a low-code platform and they rolled it out to all their branches so it’s obviously pretty highly scalable,” said Mason. “And you look at that and you go therefore low code scales pretty well, doesn’t it? And the answer is well, that depends. What is that thing actually doing? If it largely doesn’t have very
much logic in it and it’s just a little glossy thing to sit at the front of the bank when someone comes in and get them directed to a teller, that’s actually a pretty simple thing to deploy and scale so the ‘hey this low-code platform does cloud scaling,’ it’s true, but in what use case? What complexity of application are you able to scale?” Another issue Mason sees with low code is that most platforms have a graphical drag-and-drop interface, which sort of sets an upper bound on the complexity of what you can do with these platforms. Issues such as how to do testing, version control, and data management may arise. “With software, traditional code, because it’s text, we have good methods for understanding what has changed. If two people change the same thing at the same time, you get a merge conflict and we can figure out how to deal with that. Those things are all more difficult to do in a low-code platform,” said Mason. Mason believes that the key to seeing success with a low-code program is to go in understanding its limitations. He gave an example of the UK losing 16,000 coronavirus cases from its database because they built the tracking system in Excel and ran into its limits, and anything over a certain number just got dropped, resulting in data being lost. “That’s really where our skepticism on low code comes from, which is there’s this kind of tension between low-code vendors who want to portray their solution as being able to do everything, and I’ve literally been on a phone call with a low-code platform salesperson where they said there is nothing you could not build in our solution, versus sort of the reality of every abstraction, every solution has a sweet spot, it has edges where if you get to that edge you start to run into more trouble, and you need to know where that sweet spot is and you need to have a very honest conversation about it,” Mason said. Despite these criticisms from Mason, he believes low code does have a place in organizations, as long as those organizations aren’t trying to push it to the limits. The issues tend to arise once low code is seen as that silver bullet
January 2021
SD Times
solution for the organization. Forrester’s Bratincevic also believes that it’s important for companies to understand that while people can use low code to build substantial apps, these platforms can’t “do everything under the sun.” Understanding that there are certain patterns that need to be worked in when doing low-code development is important so that people don’t push these platforms beyond their scope.
Low code as a feature, not a platform Bratincevic believes that low code is becoming so widespread that it’s starting to become more of a feature of platforms than a category of platforms itself. “You have these platforms, generalpurpose platforms for making apps, that’s kind of what low code is or started as,” said Bratincevic. “You’re seeing it become more of like an adjective, like a feature. So if you look at a bunch of software categories in general, go search for low code online and you’ll find low code for X, low code for Y. What’s happening is the idea of abstracted development features, it’s becoming a feature of many software categories. So the way I see it is what’s going on is like a glacial shift towards democratization. Technology is not just the job of a small group of specialists. There’s a spectrum developing. The more software-driven a company is, the more software work business people need to do.” When the apps you buy have lowcode capabilities built-in, that makes them adaptable, which is something companies should be looking for, Bratincevic explained. “COVID showed us that we need to change even the systems that we think don’t have to change. So low code is an incredible way to build that adaptability in. So to me that’s the big thing. Citizen development, democratization, technology being business people’s business — that’s not just a myth, there’s absolutely people that are pursuing it quite actively and I see it work out in some pretty cool places and it seems like a very important part of the formula for adaptability, for changing the software you have in this really fast, ongoing way,” said Bratincevic. z
11
012-14_SDT043.qxp_Layout 1 12/22/20 2:53 PM Page 12
12
SD Times
January 2021
www.sdtimes.com
Nichole Kelly, Vice President of Growth, Windward Consulting Group IT leaders must focus on developing soft skills like compassion, empathy and emotional intelligence when managing teams in a remote infrastructure. Employees are dealing with a vast array of challenges related to the pandemic that require more flexibility and understanding from their leaders. Special considerations should be made not only for parents, but also for caretakers of vulnerable populations and those who have multiple family members working from home in small spaces.
Franz Aman, CMO, relational database company MariaDB Three hundred and sixty. That’s the number of database systems out in the wild. And while choice is good and finding the right tool for the job is smart, it also adds major complexity. As companies move to modernize in the cloud, they will seek simplification, which will lead to massive consolidation in the database market. Database vendors that offer multi-functional capabilities will win, rather than a multitude of niche databases that need to be stitched together and require different ways of accessing data.
David Karandish, CEO, helpdesk solution provider Capacity 2021 will be the death of the point solution. Organizations are exhausted at the prospect of working with yet another vendor to solve yet another business problem with existing tech stacks. Instead, organizations will look to vendors that take a holistic approach to their problem sets.
Tim Armandpour, SVP of Engineering, PagerDuty AI isn’t taking over — it’s getting a new job description: copilot. CIOs looking to AI to run their organizations on autopilot (hoping to improve their bottom line) are doomed to fail. Rather than taking over control, AI is going to take care of dayto-day repetitive tasks and keep the system running so developers can focus on more creative, intangible processes.
012-14_SDT043.qxp_Layout 1 12/22/20 2:57 PM Page 13
www.sdtimes.com
January 2021
SD Times
Jeff Whalen, VP of Product, fuzz testing provider ForAllSecure Rust will continue to mature and will become a preferred language for new projects. Developers have found that it offers performance without compromising safety. Microsoft, Amazon, Apple, Cloudflare, and many others are transitioning projects to Rust, or selecting Rust as the language of choice for new projects.
Federico Larsen, Co-founder and Chief Technology Officer, Copado, a Value Stream platform for Salesforce Next year’s continuation of a remote work world will encourage businesses to continue improving their ability to coordinate as digital teams. Value stream mapping will be a major focus for software developers and DevOps teams since it provides a way for teams to align around customer value and identify optimizations. Value stream maps will be the anchor for IT teams to not only quantify their performance and visualize the process in real-time, but also allow them to stay competitive. Goals are constantly changing and value stream maps give teams the opportunity to quickly iterate on processes to keep up with the pace of our new normal.
Anupam Singh, Chief Customer Officer, Cloudera The public cloud is still Post-It notes and passwords, with no clear-cut answer on who is responsible for cloud security privileges. I predict that next year we’ll see security and governance take center stage. Everyone thinks of the cloud as a cost-effective and efficient solution, but the key that they’re missing is the governance model.
Monte Zweben, CEO and co-founder, Splice Machine Feature Stores will be the #1 product used to operationalize Machine Learning in 2021. Ninety percent of the work done by data scientists is boring, monotonous, and repetitive. Feature stores allow data scientists to more efficiently convert raw data into features, by providing a methodology that can be shared within a company.
Lelah Manz, SVP, General Manager of Web Performance, Akamai Builder culture will continue to drive innovation. As forward-leaning organizations embrace their roles as creators of digital experiences for their end users, the ability for developers to independently innovate becomes tantamount to their competitive differentiation and ultimately their success.
Michael Beckely, CTO and Co-Founder, Appian BPM is Back (Again).: The death and rebirth of BPM has occurred countless times over the past two decades. COVID-19 proved that fast and powerful process automation is crucial to keep people and enterprise data connected — no matter the circumstances.
Brendan O’Leary, Senior Developer Evangelist, GitLab CI/CD will be vital for developer recruitment and retention. As more organizations move to working remotely indefinitely and as more initiatives are moved virtually, the demand for developer services will continue to grow. It is key for organizations to adopt continuous integration and delivery models in order to recruit and retain top developer talent.
13
012-14_SDT043.qxp_Layout 1 12/22/20 2:54 PM Page 14
14
SD Times
January 2021
www.sdtimes.com
Sendur Sellakumar, SVP of Cloud, Splunk Successful organizations will blur (or erase) the line between ITOps and DevOps. People say the DevOps movement is a transformation and a journey; I actually don’t think it’s a journey. Instead, I think it’s a different way of adopting, and it increases the heterogeneity of the operating model for our companies. In other words, for most organizations, DevOps has to coexist with traditional IT operations.
Clara Angotti, President, migration automation provider Next Pathway
Antony Edwards, COO, Eggplant 2021 will see a shift from the speed of delivery of software and applications to focusing on the quality of the digital experience. Continuous delivery will no longer be an acceptable excuse for low quality. The approach of ‘just release it, and if there are problems, we’ll fix it in the next release’ will be retired. Users will no longer tolerate this, which will tip the balance towards quality rather than speed of delivery.
Alyssa Miller, Cybersecurity Advocate, Snyk
We predict that cloud services will grow at a rate of 40% as companies will drive to re-platform in order to be more nimble, cost-effective and customer-driven. The movement to the cloud will be seen as a ‘must-have’ for every company. The growth of cloud offerings will make it easier and cheaper for all companies, large and small, to take advantage of the cloud. Companies will evolve from a “cloud-first” strategy to a “cloud-only” strategy, ensuring that operational efficiencies are realized along with better access to information and more meaningful insights to key data.
Reza Shafii, VP of products, Kong As we transition to an infrastructure-as-code and infrastructure-as-declarative-configuration, the benefits of the proven Git workflow will combine with CI/CD automation benefits. This will drive mainstream acceptance of what is called GitOps. Vendors and technologies that can support this workflow will thrive, those who don’t will lose more relevance.
DevSecOps culture will grow. Developer workloads are exploding, with responsibility for software development, infrastructure, micro services and security. Not only is this unsustainable but it puts applications at risk of being vulnerable, having a poor interface and a delayed roll out. To overcome this, developers need to join forces with security and operations team. Next year, there will be a surge in DevSecOps which will see people, process and culture come together to create stronger, more secure applications while limiting the stress, workload and pressure put on developers.
Hans Eckman, principal research director, Info-Tech Research Group DevOps will follow the path of ‘BADgile,’ becoming Dev-’Oops.’ Many teams are mistakenly ‘Doing Agile’ rather than ‘Being Agile,’ and have ended up with what I like to call BADgile. The same affliction also impacts teams moving to DevOps, their over-focus on automation tools resulting in missed requirements and defects being pushed into production.
The Little Book of Big Mistakes and How to Avoid Them
Project Management Scholia focuses on the 17 most consequential reasons IT projects fail and presents ways the project manager can avoid these problems by reading the danger signs and taking timely corrective action. The book dives into the often painful lessons learned — not from the library or the classroom — but from the corporate trenches of real-world systems development.
By George Tillmann
Available on Amazon
George Tillmann is a retired programmer, analyst, management consultant, CIO, and author.
015_SDT043.qxp_Layout 1 12/23/20 1:15 PM Page 15
www.sdtimes.com
January 2021
SD Times
INDUSTRY SPOTLIGHT
BizOps requires engaged, enthusiastic teams When organizations discuss digital transformation, they’ll often rank processes, tools and culture — in that order — as keys to success. Yet it’s the people part that’s the toughest to pull off. One of the newer industry initiatives underway now is the idea of BizOps, which has been defined by a coalition of software providers and academics as the step after DevOps that truly ties IT to the goals of the business. To make it work, the key is to get your teams engaged and enthused about the work. But in today’s work from home reality, engagement and enthusiasm are hard to see. Serge Lucio, general manager of the Enterprise Software Division at Broadcom, thinks of engagement in two dimensions. One is context. And the second is, do people trust and have confidence that they can deliver? “What people tend to forget is, what is the cause and effect between what I do as an individual and that thing that we’re all striving towards?” Lucio said. “And when you push to production 300 times a day, you can be sure that pretty much every developer contribution is almost [automatically] pushed to production. So if I screw up, I have immediate feedback. If my deliverable did not affect anything, or maybe improves the metrics, I can see it. So one of the key things that was really enlightening to me in these early days was you can start to do that.” For example, operators have a set of KPIs around uptime that they’re monitoring all the time, but they might not be clear on which alerts really matter to the business, so they don’t have the context to make a more informed decision. “When we talk about data-driven decision making, we can start to teach Content provided by SD Times and
single release we’re doing today where we don’t have what we call a design sponsor, an actual customer, coming to the planning cycles, and that basically shares with our teams when they expect those new capabilities or features or whatever we’re building to impact their lives. And so you get that kind of personal kind of relationship, where it suddenly becomes about that person and making that person successful.” A technique that falls under the BizOps umbrella is value stream management, which is getting traction in the industry because it helps people understand how they relate to the work and the product. This, he said, “can start to shift the conversation from individual metrics to metrics like cycle time and change rates. them to stitch information from a busi- It’s ‘Do I feel like I’m relevant in what ness initiative, which is tied to dollars, I’m doing, and do I understand the to what we’re measuring from the user ecosystem I play in?’ And they feel like experience point of view,” he said. their work is valued by their peers, by Engaging internally with co-workers the people that matter.” and managers, though, is just part of Another important aspect of keeping the story. Some developers or architects developers engaged and working toward a common goal is empathy for your colleagues and end ‘There’s no single release we’re users. “We’ve trained busidoing today where we don’t ness analysts to actually have what we call a design interact with the end users, sponsor, an actual customer, and we’ve created degrees coming to the planning cycles.’ of separation, where the —Serge Lucio build group oftentimes is not even exposed to that end might only care about creating that user,” Lucio explained. “beautiful” piece of software, and what But over the last decade or so, the they care about is their relationships emergence of design thinking and later with the team. What moves things into value stream practices has helped to get the realm of BizOps is engaging with the end users back in front of the develend users, to close the feedback loop opers. “I think empathy is actually the and ensure the work you’re doing biggest challenge that we need to overmeets the needs of both company and come… but I don’t think many CIOs would recognize that as their biggest customer. At Broadcom, Lucio said, “There’s no problem.” z
15
016_SDT043.qxp_WirelessDC Ad.qxd 12/22/20 3:43 PM Page 1
presents
How to build a data-driven DevOps culture
FREE VIRTUAL POWER TALK Thurs. Jan. 21 at 1:00 pm EST
Make 2021 the year you commit to using data to drive your DevOps strategy. You might have dabbled in data before and reported on flow metrics, but you can get so much more value by really diving into the data from your software delivery pipeline.
Steve Boone
Bryant Schuck
David Rubinstein
Moderated by SD Times’ David Rubinstein, this live interview with DevOps experts Steve Boone and Bryant Schuck will discuss how you can use data to influence people, processes, and technology and build a data-driven organization. Steve and Bryant will cover: • Aggregating data from disjointed tools • Using data to manage security and governance • Foundational elements for data-first strategy development
This will be a jam-packed half-hour with actionable insights on removing the guesswork from DevOps with a data-driven approach. Register Now
https://resources.sdtimes.com/ hclsoftware-how-to-build-a-data-driven-devops-culture
017_SDT043.qxp_Layout 1 12/23/20 3:52 PM Page 17
www.sdtimes.com
January 2021
SD Times
INDUSTRY SPOTLIGHT
Developers take a larger role in security A
s companies shift their businesses to engage with customers online, developers are becoming a center point for innovation. So as these companies build out DevOps and DevSecOps practices, they’re assembling teams around the developer to ensure that as they’re building new features at a rapid pace, security and operations components move along with that. Yet development and security traditionally have been at odds. Development is about moving quickly to innovate, while security is about risk management in the organization, and that takes time. As development teams have gained more influence inside the business, security leaders have had to change their mindset and find new ways to talk to developers. Eric Swenson, VP of product marketing for security solutions provider Checkmarx, said security needs to work to enable secure development and move beyond a “department of no” stigma to help reduce risk down from what it’s doing because it’s going to potentially introduce risk. Some years back, Swenson said, “I had a conversation with a friend of mine, who was a security architect for an online streaming company. I challenged his mentality around security being a gate or possible blocker. He told me at one point, he would rather shut down a website to prevent any sort of data breach or disruption to business operations. And I said, ‘Well, you know, that’s interesting, but try to go into your CEO to tell him you’re going to shut down the website because you’re concerned about a security risk. You may be making a career limiting move.’ ” DevOps — and DevSecOps — require moving security planning and testing into software development. Applications are being built in small pieces, moving through CI/CD pipelines, and deployed into containers. Content provided by SD Times and
Some teams are working only on the front end of the application. Others are only working on the back end, and still others are working on the integrations. Because of this, security has to be considered across the entire development lifecycle, compared to waiting until the application is running in production — which leads to higher costs for remediating vulnerabilities, and slows innovation. “Developers are checking in and out
about the entire software development life cycle, it’s definitely an evolving process. Traditionally, the heavy-handed role of security has to evolve to educate and guide development in toward best practices for secure development.” Yet developers often do not have education in security, so to ask them to be responsible for it in their applications or components requires some training, Swenson said. Importantly,
The argument that developers don’t care about security is quickly going away. pieces of the application they’re responsible for, adding additional features and capabilities then checking them back into the central repository as it moves through the development process; scanning for critical vulnerabilities as early in this process as possible by the developer presents an opportunity for share ownership in securing the application,” Swenson explained. And because applications are being built from small services and components, it makes sense to have the developers creating those pieces own it all, including security testing. “For organizations adopting a DevOps philosophy for application development, part of that philosophy is empowering developers to use the tools and technologies necessary to move quickly and innovate; security teams have to shift their approach to a more consultative role with developers,” he said. “And so really, if you’re thinking
while training developers in security, it’s important this is a collaborative effort between developers and security. “This is about bringing two teams with differing goals together to focus on a common objective: coding securely.” Swenson added that the argument that developers don’t care about security is quickly going away. Developers, he noted, would rather fix something early on, while in development, rather than having to go back and fix it post production, because the business wants its developers to continue to move forward with the next feature release. He said that developers think, “If I just fixed it before I released it, or before it’s in production, I would be in a much better place, a much happier developer, because, you know, nobody wants to go back and do the re-work. They always want to be pushing on to the next thing and seeing what they can accomplish there.” z
17
018_SDT043.qxp_Layout 1 12/22/20 11:36 AM Page 18
18
SD Times
January 2021
www.sdtimes.com
DEVOPS WATCH In other DevOps news n AWS released the Amazon DevOps Guru to help developers improve application availability. The new solution automatically detects operational issues and uses machine learning to recommend actions. It collects analytics such as app metrics, logs, events and traces to identify patterns and detect problems such as under-provisioned compute capability, database I/O over-utilization, and memory leaks.
Atlassian brings new DevOps metrics to Jira Software Cloud BY CHRISTINA CARDOZA
Atlassian is adding four new features to its Jira Software Cloud in order to give DevOps teams more ways to visualize and measure progress. In a recent 2020 DevOps Trend Survey, the company found that about half of DevOps teams are struggling to measure and improve business value. The new features are designed to provide a deeper understanding from idea through to production and across Atlassian and third-party tools, explained Suzie Prince, head of product for DevOps at Atlassian. “Measuring sense of your data is essential to the financial health of your company. It’s how you know whether your DevOps practices are moving the bottom line, and whether they’re actually helping your team ship faster or deliver better code,” Prince wrote in a post. According to Prince, one of the biggest challenges DevOps teams face is how tools are integrated. “No single vendor will ever deliver all the products an agile software team needs, so the burden still lies on the team to manually connect the dots,” Prince explained.
To help connect the dots, the company has announced deployments, deployment frequency, and cycle time capabilities for Jira. Code in Jira enables teams to view recently active repos across Bitbucket, GitHub, GitLab or Git integration. Deployments in Jira provide a realtime view of where deployments are without having to ask a developer how things are going. “Lack of access to this information can slow decision-making and lead to more meetings and even duplication of work,” said Prince. Deployment frequency tracks performance across any CI/CD provider and detects trends so teams can understand the value they are shipping and how it changes over time. And lastly cycle time is designed to track the granular view of each segment in a development workflow including current cycle time and historical trends. “Using the Cycle Time calculation, you can see which segments are taking longer than expected, identify bottlenecks, and determine where problems most commonly occur,” Prince wrote. z
n The CI/CD platform provider CircleCI announced a number of new enterprise-level capabilities last month. The platform now includes Server 3.0, a new version of its server hosting option, for teams with in-house DevOps and Kubernetes expertise. Additionally, it added new functions to its reusable configuration offering orbs, and extended security and compliance with CircleCI runner. n Lightstep introduced the AWS Lambda Extension to the OpenTelemetry project. According to the company, this will help DevOps teams collect, ingest and understand serverless data. “OpenTelemetry will become the defacto open standard for collecting telemetry data,” said Daniel Spoonhower, co-founder and CTO of Lightstep. “Serverless functions like AWS Lambda add a level of abstraction and agility that are an important component of modern architectures — this is why we’ve contributed the AWS Lambda Extension to the OpenTelemetry project for anyone to use.” n xMatters added new incident management features to give DevOps and SRE teams the ability to collaborate across the enterprise. The new features increase automation throughout the incident management life cycle to enable teams to diagnose, collaborate, resolve issues, and continuously learn. z
019_SDT043.qxp_Layout 1 12/22/20 11:36 AM Page 1
presents
March 10, 2021
Join your peers for a day of learning Virtual VSM DevCon is a one-day, digital conference examining the benefits of creating and managing value streams in your development organization. At Virtual VSM DevCon, you will learn how to apply value stream strategies to your development process to gain efficiencies, improve quality and cut costs.
Highlights from last year’s sessions: l
An examination of the VSM market
l
What exactly is value?
l
Slow down to speed up: Bring your whole team along on the VSM journey
l
Why developers reject Value Stream Management — and what to do about it
l
You can measure anything with VSM. That’s not the point
l
Who controls the flow of work?
Taught by leaders
l
Tying DevOps value streams to business success
on the front lines of Value Stream
l
Making VSM actionable
l
Value Stream Mapping 101
l
How to integrate high-quality software delivery into the Value Stream
l
Transitioning from project to product-aligned Value Streams
l
The 3 Keys to Value Stream infrastructure automation
REGISTER FOR FREE TODAY! https://events.sdtimes.com/valuestreamdevcon 2020 Sponsors A
Event
020-23_SDT043.qxp_Layout 1 12/22/20 2:59 PM Page 20
20
WFH reveals an ‘I’ in team SD Times
January 2021
www.sdtimes.com
But organizations are racing to adopt tools that let their teams collaborate from isolation
BY JAKUB LEWKOWICZ
T
he year 2020 has forced the hands of organizations around the world to rely on collaboration tools as their primary means of working and connecting with coworkers and consumers. Now collaboration tool providers are looking towards integrations and new features to draw more users into a unified platform. The shift to remote working happened at such a massive scale and in such a short time that collaboration tools have been dubbed the “new work nucleus.” The business technology review site TrustRadius wrote that it saw a 400% increase in traffic to the collaboration software category from the beginning of the pandemic to now. Also, last month’s collaboration traffic was four times as much as traffic from exactly a year ago, correlating directly to buyer intent. Meanwhile, research firm IDC found that a whopping 96% of North American businesses will be spending more and investing more on team collaboration solutions into 2021. Major software companies are seeing tremendous opportunities in expanding into the collaboration tool space. In early December, Salesforce issued a bid for $27.7 billion to acquire Slack, which if it comes to fruition, would make it the second-largest software deal in history. “Being able to kind of federate out the work of best tooling and having that all integrated I think that’s a brilliant
strategy by Salesforce and also really empowering the remote workers too, because just between the nature of the cloud and everything that they’re doing with enabling people to work from anywhere access, and then combining that with Slack,” said Dave Messinger, the CTO and vice president of product at Topcoder. The collaboration market is mature and cloud office suites have gained widespread adoption as primary tools for organizations for file sharing and work collaboration. There is currently a lack of differentiation among the core features that these platforms offer, forcing vendors to look towards specialization, according to Gartner in its Market Guide for Content Collaboration Tools released in May 2020. Aspects of collaboration in these platforms — such as file sharing, device synchronization and the provisioning of collaborative workspaces — have been fleshed out by collaboration platforms. Within various industries, the most sought-after collaboration feature was video conferencing with 65% of companies adding it to accommodate changing work requirements during COVID 19, according to Avaya in its “Work from Anywhere” study released in October 2020. Avaya is a business collaboration and communication solutions provider. This was backed up by TrustRadius, which showed that the most searched comparison between collaboration vendors was Microsoft Teams and Zoom for
their video conferencing capabilities, and by a giant margin.
Integrations are the biggest topic But aside from features such as video conferencing and chat, collaboration platforms also offer project and task management, workflow automation, abilities to track location and changes to a file, and much more. Tool providers are primarily looking to pull these functionalities together with integrations. Integrations have become especially important as organizations are using many different collaboration tools within their organizations for different tasks. For cloud-based productivity, teams rely mostly on G Suite and Office 365. Then, they implement video conferencing tools such as Zoom or WebEx and workflow automation tools such as Jira and ServiceNow. “Jira is also a popular tool for developers these days. I’d say there’s a 50/50 split between issue management on Jira vs GitHub among the wider developer community. Most developers prefer GitHub because it’s friendlier, but probably too slow for project management, so as companies grow they are switching to Jira,” Aaron Haynes, the CEO of Loganix, wrote in an email. Loganix offers link building services for SMBs and SEO agencies. Finally, organizations are using instant messaging tools such as Slack and Teams as primary forms of contact. And there are usually many more circu-
020-23_SDT043.qxp_Layout 1 12/22/20 2:59 PM Page 21
www.sdtimes.com
January 2021
SD Times
of developers who know what these tools really can do into a new level. We’re going to see additional integrations and this is where collaborative apps get their superpowers,” Kurtzman said. “Once you add workflow, the core IP stack, and the MarTech stack and integrate them, they develop new metrics that are just starting to be recognized and the developers pretty much understand this. So 2021 is going to rock for developers.”
Providing workspaces
lating at once. Now, companies are looking more at unified solutions. “You traditionally see organizations using many tools — typically one for planning, another for creating code, another for building and deploying it, and 1-3 tools for monitoring and observability. However, what we’ve seen happening is a need for a single DevOps platform. Some enterprises have tried stitching these disparate tools together into their own “DIYOps” platform, but this undifferentiated work distracts their teams from the business goals and their customers. Thus, teams and DevOps tools companies alike are moving towards a single DevOps platform,”
Brendan O’Leary, a senior developer evangelist at DevOps solution provider GitLab, wrote in an email. The different types of tooling are implemented because there are primarily three layers to collaboration. The first is a communications layer and the second step is essentially a content layer, where organizations can do their office sharing, office suites and file sharing. And that third layer is that productivity layer. That’s the integrations of the IP stack and this varies by department, according to Wayne Kurtzman, a research director of Social and Collaboration at IDC. “This change really puts the abilities
With integrations, collaboration tool providers are now focusing on providing the right team workspaces. “An effective collaboration tool enables developers to sync up the different tooling,” Topcoder’s Messinger said. “Like right now Jira and GitLab integrate out of the box and there’s a lot of integrations you can set up. So developers are in GitLab tagging the issues they want, and that syncs to a SaaS with Jira.” The necessity of proper integrations with collaboration tools is also driven by more complicated pipelines that have emerged at development companies due to CI/CD growth, Messinger added. In the past, traditional pipelines went from QA to a production release. Now, the process includes much more shifting between different parts of the organization. “We have several clients now in the enterprise space that are doing this now with much more complicated multistep, multi environments and multicompany type development pipelines. So I think, you know, being able to find the right resource and the right talent has always been a problem for these guys from a deployment and development standpoint,” Messinger said. “So being able to integrate those collaboration tools or those pieces is just critical.” While the collaboration tools can handle some scenarios effectively they can still be difficult to use in others. continued on page 22 >
21
020-23_SDT043.qxp_Layout 1 12/22/20 2:59 PM Page 22
22
SD Times
January 2021
www.sdtimes.com
< continued from page 21
“Tasking, status reports, and the standard software development life cycle is pretty nailed down and easy to follow. I think tools like Slack have made things easier and even now like being able to add a kind of bridge corporate Slack so we can add customers and have our Slacks talk to each other and still be compliant. Teams is doing a good job of that as well,” Messinger said. “I think probably where some of that stuff may fall down is I think it’s tough to make some of that stuff be like a system of record. So it’s almost too easy to collaborate in some cases as like, ‘Hey, did you change that requirement or that piece of information?’ And it’s like, ‘Oh, it was in a Slack conversation?’ It’s like good luck going back and finding that piece of information where it was agreed to in a Slack conversation.” Messinger added that he has seen a
they can get better, and more loyalty and trust is built by the companies who now are communicating and feel that they have more input,” IDC’s Kurtzman said. One such place for collaboration between consumers is Microsoft Teams’s Uservoice site, where people can suggest changes and people can vote on those changes. “Microsoft is actually implementing those changes,” said Mark Rackley, a partner and chief strategy officer at PAIT Group, a Microsoft technology consultancy. “So if there’s something you don’t like about Teams today, there’s a good chance that it’s going to change in two, three, or six months so just keep an eye on all the changes.” Vendors are also working on producing customized views and reports and developing AI, advanced analytics, virtual assistants and machine learning within their platforms.
‘A lot of time was spent before saying let’s spend a lot of time planning, but now it’s just like let’s forget planning and we need Teams now.’ —Mark Rackley, PAIT Group
dramatic increase in interest for whiteboard-type tools. These include tools like Trello and Miro. He added that tools like Miro are doing a better job of creating that collaborative environment than before, though it’s still not the same as just being able to sit down and collaborate with everyone in one location on the whiteboard.
Customer collaboration, features are focus Another phenomenon that has been picking up steam regarding collaboration tooling is that tool providers are working to provide ways for their customers to suggest additional features and integrations. “I think one of the more interesting aspects in collaboration the last few years is how enterprises increasingly are adding both partners and even user customers to collaborate, not necessarily in the same private group, but they’re extending their collaboration network so
“People are in there doing conversations every day so why not do conversations with a bot to do other tasks within their organization whether that’s general help questions, or things like filling out simple forms for vacation requests and things like that to start other workflows,” Rackley said. IDC’s Kurtzman agreed that interest in machine learning and AI in collaboration tools has seen great interest as a way to free up developers’ time. “We’re also seeing an increase in people learning basic coding skills to take the next step. At the same time, we’re seeing enterprises look to no-code where possible, but still there’s complexity, higher value complexities that developers will need to fulfill,” Kurtzman said. A large determining factor as to what tools a company chooses is how easy it is to set up and for teams to start using it. This became especially important as many organizations were forced
to shift from their physical workspaces to the digital realm in a matter of days. This forced newcomers on the bandwagon quickly, and also those organizations that already had pockets of collaboration tools had to assess how they would move their work entirely online. “One of the most important things that happened to collaboration applications in 2020 is that the adoption, not the revenue, but the adoption of collaboration applications jumped by a fiveyear span in a period of only six months between January through June 2020,” said Kurtzman. PAIT Group’s Rackley said the pandemic has quickly pushed implementation of collaboration tools up on organizations’ priority lists. “It’s interesting because a lot of time was spent before saying let’s spend a lot of time planning, but now it’s just like let’s forget planning and we need Teams now. We’ll worry about the planning and the cleaning up after the fact,” Rackley said.
What do you want to do? The difficulty of adopting these tools largely depends on what kind of functionalities companies expect to use. File sharing and chatting and calls are pretty straightforward, but when users want to start customizing and integrating into other things, while it still might be pretty simple, people might need someone to show them first so that they can do it, Rackley explained. Topcoder’s Messinger added that while collaboration tooling might not be as easy as a one-click deploy to get it done, it can usually be measured in weeks or less. The more important factor in the way tooling is adopted in an enterprise largely depends on the collaboration culture surrounding it. “The tooling may not be as out-ofthe box as being able to do a one-click deploy to get the tooling done, but it’s also not like a three-month drive. If you think of some of the tooling, it’s probably maybe measured in a week or less to set up, but the acceptance, the openness is really a cultural shift. I actually think that’s been a forcing factor from COVID that people have really moved
020-23_SDT043.qxp_Layout 1 12/22/20 2:59 PM Page 23
www.sdtimes.com
January 2021
SD Times
Teams takes off as WFH becomes a new normal Microsoft Teams was already the largest collaboration platform before the pandemic hit, but its usage has skyrocketed since people started immediately working from home. Microsoft recently announced that there are 115 million daily active users in Teams. Many of the features now are aimed at combating meeting fatigue and the fact that people are still feeling alone despite today’s collaboration tools, said Mark Rackley, chief strategy officer at Microsoft technologies consultancy PAIT Group. “It’s now the go to-tool in the Microsoft stack for collaborating remotely and doing calls and meetings and Microsoft has been making a ton of enhancements to Teams with ‘call-together mode,’ which puts people in different scenarios as if you’re in a classroom setting or a coffee shop or updates for coffee shops,” Rackley said. The feature, which came out in June 2020, shifts away from the traditional video-conferencing grid of boxes by bringing people together in a virtual space, creating an environment that users say has a profound impact on the feel of the video conference. “People’s brains are used to being aware of others based on their locations, and the mirror effect makes it harder for the brain to notice eye contact irregularities. Those are some of the qualities that make it easier for everyone to tell how they are
the culture that way,” Messinger said. “If companies had already done their homework and were following a DevOps culture, then it’s tremendously easier to add collaboration, add remote workers, work at home, and use alternative staffing models.” Many web and mobile applications have already been working in this sort of DevOps manner over the last 10 years or so and the difficulty in creating a collaborative environment might come down to the large packaged applications. “This is where managers have to become facilitators and it changes the way they manage. And that’s one of the big challenges for them is they have to create online exactly what they would if they were to create a community in real life, they need to have a safe place where people are willing to share their best ideas, where they feel safe,” IDC’s Kurtzman said. “It really comes down to the culture and the willingness to
responding to each other,” Microsoft wrote in a blog post. “Together mode is built to give people the impression that everyone is looking at the entire group in a big virtual mirror.” Microsoft also recently released Dataverse, which gives users a way to build custom apps, bots, and flows in Microsoft Teams by using Power Apps, Power Virtual Agents, and Power Automate. Also at Ignite this year, Microsoft announced that users can get to their home site from within Teams. The home site app provides organizations the ability to pin company-branded entry points to their intranet as a top-level app in Teams. It provides quick access to company-curated resources, important sites and news similar to those provided by the SharePoint App Bar in the web. “They’ve just rolled out so many features since the pandemic hit, like you can raise your hand and there are meetings where you can see a person actually imposed on top of their screen rather than just sharing your screen to get that more personal feeling. Basically everything that they’re doing right now seems really pushing you to Teams,” Rackley added. “It’s just an explosion of the ability to get into Teams and do everything that you can do from teams. So Teams a is becoming that ‘you’re always in Teams doing everything within Teams’ kind of one-stop shop type thing.” z
employ the creativity in your workforce and your management team.”
More developers are turning to open source to collaborate Before the pandemic, developers were collaborating on open-source projects in GitHub from all places in the world, but this phenomenon has seen a massive boost during the pandemic. GitHub’s State of the Octoverse 2020 report found that developers are sharing and reviewing code faster compared to last year. In May, over 40% more repositories were created compared to last year, and since then, roughly 25% more open-source repositories have been created compared to the same time period last year. GitHub measured the level of collaboration on its platform based on the speed of pull requests. Early in the year, the time to merge pull requests took a few hours longer compared to last year. In March, time to merge began to be
faster, ranging from 45 minutes to almost seven and a half hours faster in comparison to last year, according to GitHub. Across all GitHub repositories, newcomers pushed code and created repositories much more than veterans, while also interacting a bit more than veterans with creating and commenting on issues and creating pull requests. Earlier this year to further collaboration on the platform, GitHub announced Discussions, in which teams can post updates and or have a conversation that spans projects or repositories in a forum. “This provides an opportunity for us to think about different ways for people to engage with open-source communities. Participating in and watching Discussions can be a good way for newcomers to learn community norms and patterns in a safe way that doesn’t overwhelm maintainers,” GitHub wrote in the Octoverse report. “These patterns have applications in enterprise settings too.” z
23
www.sdtimes.com
January 2021
SD Times
25
Buyers Guide
Value stream management will be a driving force behind successful businesses in 2021
I
f 2020 taught businesses anything, it is that they need to be able to adapt at any moment if they want to stay competitive and be successful. But in order to do that, they need actionable insight into what is going on throughout the entire organization and how that is translating into business value. Mik Kersten, CEO and founder Tasktop, says too often when a business takes on a new transformation or reorganization initiative, they end up cutting the wrong people, the wrong services, and making easily avoidable mistakes. “Having a business visible representation of where the value is for the customer, and using that to guide both how you rebalance and how you invest into all of your activities is key,” he explained. That visible representation is now known as value stream management (VSM). It maps people, process, technology and business value to eliminate waste and improve. It’s a new methodol-
BY CHRISTINA CARDOZA ogy that has rapidly been making a name for itself in the software development industry, and that businesses can no longer afford to put off, according to Bob Davis, chief marketing officer for Plutora. “A year ago maybe the question was: is this a good idea? Is this something that I should prioritize? Now, people have to get that if they are going to be successful and competitive in software in their business, they are going to have to get good at software development. In order for them to get good at software development, they are going to have to transform. In order to transform, they are going to have to have visibility. In order to have visibility, they have to have value stream management,” he said. Bryant Schuck, lead product manager for HCL Accelerate, a VSM platform, explained businesses might already be
doing some form of VSM without even knowing it, but 2021 will be the year businesses start taking VSM seriously. “A lot of companies are realizing, especially with how 2020 went, that we need to start looking at our processes,” said Schuck. “The end-to-end picture that VSM can provide is getting much wider. Companies are starting to realize there are bottlenecks outside of development, and are using value stream management beyond the scope of IT or software. It’s an end-to-end methodology that analyzes each facet of the business.”
Where VSM can help your business in 2021 COVID response. As the pandemic continues, organizations are going to need to constantly rebalance and reshift their IT portfolios and reduce or increase budgets to keep up with the changing economy, according to Tasktop’s Kersten. “Organizations realize continued on page 26 >
26
SD Times
January 2021
www.sdtimes.com
< continued from page 25
that in each of those activities, whether they were actually investing more because the pandemic meant that some of their digital offerings were getting picked up more quickly than before, whether they were rebalancing to adjust with what was happening, or to help their staff whether this is from work from home, or whether they’ve actually cut it, they need a disciplined way, measure way to do it,” he said. Improve Agile and DevOps initiatives. According to Gaurav Rewari, CTO and general manager of AI and VSM at Digital.ai, VSM is the next phase in the “logical evolution” of Agile and DevOps. It completes the vision of the methodologies, he explained. “Agile and DevOps are great, and they serve very, very important needs… but they’re not sufficient,” Rewari said. They serve very specific needs, which was to foster collaboration and be able to have self-organizing, cross-functional teams. But Agile and DevOps are missing the business outcomes and the value piece. Value stream management “really allows a mindset change because it’s about being able to prioritize your software investments based on the value being realized. Trying to track the flow of value across the different steps,” Rewari explained. “It goes from building a product, shipping it, and then having customers adopt it. It suddenly becomes the metric by which decisions are made, and it’s really about aligning the work of technology with the needs of the business.” Better infrastructure. According to David Williams, vice president of product strategy at Quali, one of the benefits of DevOps is that it always encouraged teams to use whatever technology they needed in order to meet their delivery objectives. However, the problem with giving teams that freedom is that if it’s not maintained or managed properly, it can actually slow the whole process down. There needs to be a way to capture any changes being made so tools and technology don’t bog down the process.
“I can’t let 700 teams go out there and just use everything they want and not be accountable to the bottom line. You have to have some controls that have been put in place,” said Williams. “Think about it as you are constantly building Legos. You’re adding more Legos, and you’re only using a subset, but the Legos from the previous build are still there.” What that does, Williams explained, is it causes things to slow down and it takes up infrastructure usage. It needs to be removed so there aren’t any unnecessary pieces in the infrastructure that you weren’t aware of or forgot about. Treating infrastructure as a valuable piece of the life cycle can help businesses optimize spend while managing change and enabling everyone to do their job. “You want to make sure that as things move through the life cycle of an infrastructure, that when you plan it, when the developers develop it, when the testers test it, the release people
release it, whatever the practice is, it’s being maintained and managed in context,” said Williams. The adoption of BizOps. In order to help businesses express and implement their goals as well as connect to the development side of things, the BizOps Manifesto was released at the end of 2020. It’s a framework that addresses the needs of the business and IT, and helps enterprises work towards common outcomes. Some of the guiding principles include: Business outcomes are the primary measure of success; and business leaders need to make informed technology investment decisions that drive business growth, improve customer experience and increase profitability. According to Tasktop’s Kersten, this
idea of BizOps will be closely tied to VSM in 2021. “Fundamentally, what knowledge management is about is making the key metrics, the value streams themselves, visible to the business. BizOps is a way of expressing that,” he said. Those goals of BizOps cannot be possible without value stream management. “It’s not enough to do Agile and DevOps to do BizOps, you have to be applying the principles and implementing the infrastructure, tooling and visibility that value management provides,” Kersten added.
What can you expect to come out of the VSM space in 2021? More education and training. Now that organizations are aware of VSM and all the benefits it can bring, it’s time to fill in some of the missing pieces — mainly education and training, according to Lance Knight, COO for the value stream integration platform ConnectALL. “Everyone is saying ‘I’ve got a tool. I’ve got the tool,’ but nobody says I’ve got the tool services to help you be effective at it,” Knight explained. “We are still trying to figure out what VSM is and how to do it.” Knight looks at 2020 as the year of awareness for value stream management. And now that everyone is realizing they should be doing this, it’s time to think about how to effectively do it. He explained that there is no “VSM for Dummies” book yet, or really any ways to get certified in this area. As more vendors come out releasing new VSM capabilities, businesses need to be educated on what they want to achieve, and how the tool will help them. “You need someone who is going to educate and help you understand it, without charging a large fee,” said Knight. “Value stream management is human….we need to help engineers. The humans need to understand the methods and the processes to remove waste. We all have to understand that we have to train and educate and formalize what it means to be a value stream managecontinued on page 28 >
Tired of virtual status meetings? Stop wasting your time tracking down work item updates. Get accurate, live data from all your software delivery tools with HCL Accelerate, the value stream management platform that makes data-driven DevOps simple.
Explore HCL Accelerate in the interactive, on-demand demo at hclsw.co/demo
28
SD Times
January 2021
www.sdtimes.com
Value stream management platforms vs. value stream delivery platforms
Research firm Gartner splits the value stream management tooling landscape into two areas: value stream management platforms and value stream delivery platforms. According to the research firm, “DevOps value stream management platforms (VSMPs) enable organizations to optimize end-to-end product delivery lead time. These platforms provide greater visibility and traceability into the flow of all product delivery processes, from ideation to release and operation.” While, “DevOps value stream delivery platforms (VSDPs) provide a fully integrated set of capabilities to enable continuous delivery of software. These capabilities may include project or product planning, build automation, continuous integration, test automation, continuous deployment and rollback, release orchestration, and automated security policy enforcement, and may provide visibility to key value stream metrics.” Gartner believes VSMPs should be used: • To get end-to-end visibility and insight into product delivery • Assess the performance, quality and value of products • Evaluate the maturity of existing product delivery capabilities • Identify constraints to flow and gaps in insights
< continued from page 26
ment expert.” It’s like having a great car in the driveway, but if you don’t have a driver’s license what’s the point? Knight explained. “That’s where I see value stream management going… to people getting their VSM driver’s license.” More AI being applied to the space. According to Gartner, predictive analytics are going to be a key capability being offered in value stream management tools as “organizations are increasingly embracing the value of analytics to ensure successful deployments and demonstrate reduced production defects.” Digital.ai is already dedicated to giving its users more AI capabilities in 2021. The company just announced four new patents: automated health assessment and outage prediction; warehousebased reporting and operational reporting integration; input gathering system and method for defining, refining or validated star schema for a source database; and model-driven reporting. “Given today’s volatility, many enter-
• To get customized dashboards and view product delivery • For a consolidated view of governance, security and compliance • And for advanced capabilities such as risk analytics Don’t use a VSMP: until you have proper experience and success with DevOps software delivery, and when you need a platform for the entire organization and its many stakeholders, according to Gartner. Gartner believes VSDPs should be used when • The benefit of a fully integrated platform outweighs the cost and effort to manage a complex toolchain • Specialized VSDP capabilities in one area of the application delivery value stream are essential • The licensing and pricing advantages of VSDPs make it more attractive than stitching together a complex DevOps toolchain through multiple vendor relationships. Users should not use DevOps VSDPs when choice dictates app architecture; VSDPs don’t integrate with essential tools to support missing gaps; and if product teams aren’t ready to replace existing tools, according to Gartner. z
prises have either slowed down or paused updates to their applications. However, their customers are relying on them to innovate more now than ever before. The capabilities represented by these patents enable IT organizations to continue to rapidly drive value for their customers while mitigating risk to the business,” said Rewari. Plutora’s Davis also sees a trend towards predictive analytics. “The good news is you now have all this information. The bad news is, you now have all this information. How do you take that information and make meaningful insights out of it?” asked Davis. He sees more of a move toward capabilities that help users understand their data better and make smarter decisions. Standardization. As more vendors try to come into the space, there needs to be a way to standardize or formalize the capabilities so people don’t get confused, according to Davis. “We have to standardize… integrations can’t be the differentiator,” he said. Everyone should have integrations because they are so critical to connecting the tools
and gaining the awareness of what’s going on. “There is going to be a lot of need to better standardize, better understand the differences between simple field mapping and complicated logic in terms of how these tools are being used,” he said. VSM 2.0. We are still in the early stages or 1.0 phase of value stream management, but HCL’s Schuck sees VSM 2.0 on the horizon. “We are close to crossing the line of value stream management being a nice to have or cool new thing to VSM becoming an essential in your toolbox,” he explained. “VSM 2.0 comes with customer success, customer use cases, and VSM coaches. Right now, we’re in the thought leadership stage with lots of DevOps experts talking about the benefits of VSM and practitioners testing the VSM waters. We’ll see more people diving into value stream management once big companies have well-established VSM programs, broadcast their results from these programs, and start hiring VSM coaches or other VSM-specific roles.” z
Be the catalyst with the Digital.ai Value Stream Platform Transforming your organization, disrupting your industry, and delighting customers with digital products they love and trust is not easy. Automating processes and increasing velocity can help, but itâ&#x20AC;&#x2122;s not going to turn your organization into a high-functioning, digitalfirst company capable of continuous innovation. Agile Planning DevOps Application Security Continuous Testing AI-Powered Analytics
Fortunately, Digital.ai is here. Our intelligent Value Stream Platform helps you plan, build, test, secure, and deliver software at scale. And itâ&#x20AC;&#x2122;s all backed by AI-driven insights that align development efforts with measurable business goals, like increasing user satisfaction, acquisition, retention, and revenue. Be the catalyst for change in your organization. Learn more at https://digital.ai
Optimize Your Value Stream from Development to Production Using CloudShell Colony
CloudShell Colony is a SaaS platform for delivering Infrastructure Automation at Scale for complex application-centric environments on cloud technologies including AWS, Azure, and Kubernetes. IT leaders and DevOps innovators around the world trust Quali
See how we can help
to enable self-service automation and governance to streamline application development, testing, and release to production.
quali.com
What do you need to be successful at value stream management, and how can you help? www.sdtimes.com
Lance Knight, COO for the value stream integration platform ConnectALL The goal is to help you understand software delivery, to look at things through the lens of a value stream, to look for ways to remove dependencies, understand where your bottlenecks are, and do that from a business value mindset. If I can bring in ConnectALL and hook up everything in your value stream to see this information, the analytics, the orchestration that’s great, but you won’t know what to do with it. I think the next phase is actually finding a way to educate people and give them the knowledge not to buy a value stream management solution, but to know how to hold a value stream optimization workshop or how to implement value stream management principles in organization, and nobody’s sat down to define those. We are going to be converting valuestreammanagement.com into just that — into a type of training body where people can get some education and go learn about it. We also have value stream management consultants. We can go look at your end-to-end delivery, look at how information flows, and make recommendations. We are trying to help the market mature, and at the same time the solution will come along for it. If I can educate the world, if I can help put together programs that help everybody understand why this is important, how to hold a value stream management optimization session, which we are doing now, and how to use that information then I can improve flow. Gaurav Rewari, CTO and general manager of AI and VSM at Digital.ai Value stream management (VSM) enables organizations to drive digital transformation by focusing not only on the flow of work, but also the flow of value across the business. With VSM, businesses deliver products and services that achieve strategic goals and provide better customer outcomes. While the idea of a value stream platform gives the impression of a single, unified entity, the reality is that for most organizations
there are typically two separate value stream efforts or approaches that occur: value stream management and value stream delivery. Digital.ai value stream delivery solutions connect strategic agile planning to DevOps software delivery to provide a complete end-to-end process from ideation through production. This approach enables organizations to automate release processes to deliver software faster, more reliably, and with greater visibility. What’s more, by collecting data from across the lifecycle and applying AI-based analytics, Digital.ai enables IT organizations to continuously improve process, tools, and technologies. Digital.ai also provides security, governance, and traceability to ensure compliance and adherence to best practices and standards. Digital.ai value stream management solutions align the software lifecycle with the needs of the business, creating a unified, data-driven view that improves visibility and decision making throughout the organization. Digital.ai value stream management solutions collect data from across the software lifecycle, providing deep insights and enabling AI/ML-powered predictive analytics. These insights enable businesses to prioritize product backlogs based upon the value being delivered, identify and remove bottlenecks, predict and mitigate risk, and so much more.
Bryant Schuck, lead product manager for HCL Accelerate, a VSM platform It all comes down to people. You need buy in at all levels, alignments between teams, and trust in the process.
January 2021
SD Times
With value stream management being so new to the software space, you’re going to get a lot of pushback that the metrics brought forward aren’t what you should be measuring. You have to balance capturing key core metrics with trusting that these new metrics are what the business should care about and what teams should focus on. Overall, you need to shift the conversation toward outcomes rather than outputs. HCL Accelerate was built to automate the delivery and interpretation of data so businesses can make faster, more strategic decisions. Typically, teams within an organization use the tools they prefer, which creates silos, gaps, and tribal knowledge about what processes are in place and how they work. HCL Accelerate combines all the data from all these teams and tools to add that single microlevel traceability on each piece of value to allow businesses to align and govern across many applications and tools to deliver faster with better quality. Instead of reaching out to several people for one piece of information, you can find all the answers to your pipeline questions instantly in HCL Accelerate. HCL Accelerate isn’t just about visibility — yes that’s a great benefit, but what we’re really using all this aggregated information for is to automate governance and streamline processes. Bob Davis, chief marketing officer for the value stream management platform Plutora We see fundamentally three main challenges that organizations struggle with. 1. They don’t have visibility across the pipeline. 2. They don’t have visibility across the portfolio and 3. They aren’t able to connect diverse methodologies. Furthermore, these three challenges conspire against improvement. If you don’t have visibility across your entire portfolio, you can’t manage your strategic outcomes, or understand how your development processes are performing in achieving those outcomes. And all of this visibility and management is needed regardless of the tools being used — they all need continued on page 35 >
31
32
SD Times
January 2021
www.sdtimes.com
A guide to value stream management solutions n
FEATURED PROVIDERS n
n ConnectALL is a value stream management company dedicated to helping customers achieve higher levels of agility, traceability, predictability and velocity. We do this by connecting people, processes and technology across the software development and delivery value stream, enabling companies to align digital initiatives to business outcomes and improve the speed at which they deliver software. ConnectALL’s value stream management solutions and services allow companies to see, measure and automate their software delivery value streams. n Digital.ai value stream management and value stream delivery solutions optimize and align the software and delivery lifecycle with the needs of the business, improving visibility and decision making throughout the organization. Its offerings provide global enterprises and government industry leaders a cohesive, data-driven approach to ideate, create and orchestrate the flow of value with measurable business outcomes. Learn more at www.digital.ai/value-stream n HCL Accelerate is a data-driven value stream management platform that provides next-level visibility and governance to your DevOps strategy. By integrating with the tools you’re already using, HCL Accelerate aggregates data from across your DevOps pipeline to give you actionable insights so you can get the most out of your DevOps investments. HCL Accelerate is part of HCL Software DevOps, a comprehensive DevOps product suite comprised of powerful, industry-proven software solutions. n Plutora provides value stream management solutions for enterprise IT, improving the transparency, speed and quality of software development and delivery by correlating data from across the toolchains and analyzing critical indicators of every aspect of the delivery process. Acting as the “catwalk above the factory floor,” Plutora ensures organizational alignment between software development with business strategy and provides visibility, analytics and insights into the entire value stream. This approach guides continuous improvement and digital transformation progress through the measured outcomes of each effort. Plutora ensures governance and management across the entire portfolio by orchestrating release pipelines, managing hybrid test environments, and orchestrating complex application deployments — all independent of methodology, team structure, technology, and level of automation. n Tasktop transforms traditional businesses into high-performing tech companies by instantly providing an outside lens for accelerating software delivery. Many organizations are flying blind when it comes to digital transformations because the tools used to do the work provide limited views and proxy metrics. Tasktop’s Value Stream Management platform sits above the entire toolchain, integrating all the underlying tools and objectively measuring flow. Within days, Tasktop customers are able to understand the way they are delivering value and where to implement changes that reduce time-to-market. n Quali CloudShell Colony is a SaaS platform for delivering Infrastructure Automation at Scale for complex application-centric environments on cloud technologies including AWS, Azure, and Kubernetes. IT leaders and DevOps innovators around the world trust Quali to enable self-service automation and governance to streamline application development, testing, and release to production. z
n Atlassian offers Jira Software, the #1 software development tool used by agile teams. As an agile project management tool, it helps teams plan, track and move work forward. Atlassian’s Jira Align extends the power of teams working in Jira by connecting business strategy to technical execution while providing realtime visibility at enterprise scale. It allows enterprises to aggregate team-level data and makes all work visible across the organization in real-time. n Blueprint accelerates agile transformation and drives real business value through value stream mapping. It can map, visualize, measure and govern the flow of business value from ideation to delivery. Its governance and compliance capabilities not only supports regulatory processes by mapping requirements, but provides traceability and impact analytics. n CloudBees CD brings order and scale to enterprise software delivery with release orchestration, deployment automation, and pipeline and environment management all in a single, flexible solution. By taking the manual effort and risk out of releasing software, CloudBees CD gives developers the analytics to measure, audit and improve results. Organizations with highly regulated and complex environments can safely and predictably release new applications and adapt to change at any speed demanded by the business. CloudBees CD also includes a robust set of audit-ready pipeline capabilities so customers can easily perform software delivery audits based on evidence links, approvals and pipeline duration. n IBM UrbanCode Velocity provides value stream management, pipeline orchestration and real-time analytic capabilities. It is designed to help development teams, DevOps teams and business leaders visualize work and create value from idea to customer. n Intland: codeBeamer ALM is a holistically integrated Application Lifecycle Management tool that facilitates collaboration, increases transparency, and helps align software development processes continued on page 35 >
The Proven Platform for Accelerating Software Delivery.
Unplanned work
Context switching
Too much WIP Conflicting priorities
Invisible dependencies
Align with business goals and communicate with metrics understood organization wide. Tasktop is the only value stream management platform that transforms traditional businesses into high-performing tech companies with an outside lens for accelerating software delivery at scale. Fortune 500 companies rely on Tasktop to quickly understand the way they are delivering value and where to implement changes that reduce time-to-market. Named a leader in Value Stream Management solutions in the Forrester Wave: Value Stream Management Solutions, Q3 2020 and the GigaOm 2020 Radar Report on VSM
Master Software at Scale
www.sdtimes.com
< continued from page 31 to be integrated into the value stream management platform. Plutora provides deep tool integration that populates our rich common data model and is the backbone of our platform. The resulting converged toolchain operates as one, with critical information and actions orchestrated across the different tool sets and methodologies. It supports a complete set of dashboards and analytics. But we don’t stop there. With what we call our action layer, we help customers orchestrate and manage release pipelines. We help them with the governance and compliance that is so often required. We help them manage their pre-production test environments. We help them incorporate requirements that are outside of the toolchain itself, such as security or architectural reviews, that come up along the way, and in doing so, help accelerate and improve software delivery. David Williams, vice president of product strategy at Quali, a infrastructure automation company To be successful, IT infrastructure cannot be assumed, you have to make sure it is enabled to ensure the delivery of the business’ outcome objectives. The infrastructure supports all DevOps practices, and as such must be accountable to delivering value to different individuals, teams, functions and types of DevOps practices. For example, small DevOps teams will need IT infrastructure automation tools that allow them to do a broad range of things, no matter how complex the infrastructure stack becomes. This means providing capabilities that enable them to do everything like providing technology with guardrails, guidance, automation, and intelligence to optimize the skills within each team. For DevOps teams that are larger with more focused skills, you must be able to build the capabilities and the technology that enable them to go deep, but also extract it up to be shared across different teams. Success is based upon using the technology that meets the requirements of the organization you currently have. And then using the value you get from that and expanding to the left and the right throughout the continual DevOps process. You should provide a capability that will grow as you grow your DevOps matu-
rity. It should bring your teams together and enable you to get control. It’s tactical. It’s about scalability. It’s the ability to be able to say no matter where you are in the maturity of your organization, you have the technology that can help you. Quali provides a modern infrastructure automation platform with all the guardrails allowing DevOps teams to execute more efficiently without taking away the control they need. That’s what we do at Quali. We look at the infrastructure requirements and decisions being made today, evaluate the impact of near- and longer-term infrastructure change and deliver the platform to allow organizations to leverage what they use now while ensuring the management of the IT infrastructure immediately adapts and delivers on future market, organizational, and strategic business needs. Dr. Mik Kersten, CEO and founder of value stream management solution provider Tasktop The best practice we’re seeing is just to start measuring. Basically, find whatever the key metric is that is the most important thing to you as a business. Find that North Star for yourself. For some companies, that might be bringing more features and innovations to market faster or making customers happier and more engaged with their products and services. Find that identifier, and then use the Flow Metrics to tie it into everything that you’re doing, and just start measuring. For example, where speed to business value is most important, that’s going to be measured with Flow Time. The entire goal for you, for your technical teams and for your leadership teams is just shortening that Flow Time — and to do it in a measured way. Ask if you got the impediments out of the way of the development team, of the operations team, of the testing team, of the product managers or business analysts. Everything becomes centered around that one key result you are after — reducing the Flow Time from, let’s say four months to four days, so you can innovate at the pace of a tech giant or startup. That’s exactly where we’re focusing all of our efforts at Tasktop: making sure that the journey is measurable, fast and measuring the rate of improvement. It’s all about data-driven continuous improvement. The key is to start your journey and to start measuring it. z
January 2021
SD Times
< continued from page 32 with your strategic business objectives. n Kovair with its tools provides a complete Value Stream Management Platform to organizations enabling them to reap every benefit of Value Stream Management and ensure customer satisfaction. Starting from capturing the voice of the customer and defining what is of value for them, Kovair’s VSMP provides a structured visualization of the key steps and corresponding data needed to understand and intelligently make improvements that optimize the entire process. n Plandek’s unique capabilities enable it to integrate with multiple Value Stream Delivery tools-sets (e.g. Jira, Git, Jenkins, Azure DevOps) and mine the data-footprint of software delivery teams in order to surface meaningful end-to-end delivery metrics used to improve software delivery efficiency, quality, velocity and predictability. n Planview ensures teams are doing their best to deliver on strategy. The company offers portfolio and work management solutions to transform and drive strategic initiatives. Its portfolio includes Spigit for culture innovation and employee engagement; Enterprise One for enterprise-wide portfolio planning and delivery; PPM Pro for work management; LeanKit for enterprise Kanban for IT and business teams; and Projectplace for project-centric collaboration. n The Scaled Agile Framework (SAFe) is the leading framework for scaling Agile across the enterprise. It is designed to help businesses deliver value on a regular and predictable schedule. It includes a knowledge base of proven principles and practices for supporting enterprise agility. n ServiceNow’s approach to Value Stream Management leverages key capabilities, from ServiceNow DevOps and IT Business Management, and the Now Platform, working seamlessly with IT Service Management, IT Operations Management and Governance, Risk and Compliance. n Targetprocess: To connect portfolio, products and teams, Targetprocess offers a visual platform to help you adopt and scale Agile across your enterprise. Use SAFe, LeSS or implement your own framework to achieve business agility and see the value flow through the entire organization. z
35
036_SDT043.qxp_Layout 1 12/22/20 11:37 AM Page 36
36
SD Times
January 2021
www.sdtimes.com
Guest View BY ANTHONY MORRIS
Breaking the low-code barrier Anthony Morris is a selftrained technologist with a passion for great software products that have the capability to transform business.
C
an you scale an entire enterprise software architecture with zero code? Probably not. Can a low-code platform singlehandedly create and expose compelling infrastructure? Maybe. Can the new generation of low-code tools conquer their predecessor’s limitations to deliver fast, efficient and extendable technology for the modern business? Enterprise low-code platforms provide a more robust and disciplined method to application development than earlier versions of low-code by providing the capabilities to build enterprise software, not just simple apps.
The modern CIO: Pace beats framework As technology becomes increasingly important, an organization’s success depends on whether the CIO can balance the demands of managing traditional IT operations and driving strategic initiatives, with transformational change high on the list. To do so, the modern CIO is on the road to digital disruption and is on the lookout to automate manual and repetitive business processes to save time and improve efficiencies. They are increasingly turning to tools designed to create applications quickly, without the sweat of writing and debugging lines of code.
[Tools] are concentrated on providing a platform for skilled developers (not citizens!) to work smarter and quicker.
Trapped by design? But they worry too. They worry because, despite the apparent benefits of faster development, there have been several issues across the industry that have continuously frustrated and tormented users over the years. The biggest of these — and in any application development environment, no matter the technology — is the dreaded “ty’s” — complexity and extensibility. They worry that they will move fast at first but encounter platform limitations later in the development process that will prevent them from extending their applications. They worry about how best to integrate with the myriad of systems and databases that exist in their environment. They fear that applications built with no-code tools are usually challenging to customize and have no unique functionality — which can be troublesome if you need to address challenges. They worry about vendor
lock-ins. About architectural considerations. About hosting. Sound familiar?
The new generation of low-code That was then. The now is a new generation of application development platforms emerging that don't quite fit the boundaries of ‘traditional’ lowcode development. These tools are more mature, more robust and quickly address and eliminate the valid concerns of the first-generation tools.They are focused on delivering faster solutions, greater granular control and a myriad of newer features for the modern IT environment. They are concentrated on providing a platform for skilled developers (not citizens!) to work smarter and quicker. They still eliminate repetitive coding, but additionally offer the ability to implement customization unique to the business, from design, through to development and architecture. Being a professional software developer today is not about writing within a programming language, and writing code is not the most crucial part of the job. Software development is mostly about the stack, the platforms, data sources, databases, network layers, APIs, security mechanisms and procedures that you use to build software solutions. These new low-code platforms offer a modern software experience that aligns with today’s changing user demands. They provide scalable architectures, the ability to extend platform capabilities with open APIs for reusability, and more flexibility when it comes to cloud and on-premises deployment. They are also ideal for highly scalable applications that support complex logic—the kind of custom applications that support digital transformation of your business. The requirements may have changed — you do need IT knowledge to gain the benefits — but it has made it easier to build robust, unique, and intricate applications more quickly than with conventional development tools. In this way, the new generation of low-code tools are dramatically abstracted from standard software development. Vendors such as Siemen’s Mendix, Amazon’s Honeycode, Google’s AppSheet, Microsoft’s Power App and independent players such as Linx and OutSystems, will reduce cycle times and improve agility by delivering applications at the pace of business. z
037_SDT043.qxp_Layout 1 12/22/20 11:37 AM Page 37
www.sdtimes.com
January 2021
SD Times
Analyst View BY MICHAEL HORVATH
AppSec that doesnâ&#x20AC;&#x2122;t break the bank S
ecurity testing is an essential part of application development. Yet, it can be expensive, and security leaders often find it difficult to justify its cost. Senior management may feel they are spending money to fix issues developers caused, or at least should have caught. In contrast to common perception, application security testing doesnâ&#x20AC;&#x2122;t always have to be a heavy investment. Here are seven tips that security leaders can consider to create an effective and efficient security testing program without breaking the bank. Include security experts at the start of development. Early testing minimizes the cost of fixing software defects. Organizations can avoid remodeling and remediation efforts if threats are mitigated at the very beginning of development. Threat modeling is an expensive exercise, but in many cases it can be done internally with free downloadable software. Especially when existing software is being repurposed or exposed as web services, a structured assessment of the risks and scenarios where an application can be attacked offers the opportunity to create test cases. Select affordable testing options. In scenarios where budget constraints are a big hurdle to security testing, teams can benefit from affordable and open-source options. While these alternatives are often incomplete in terms of language, framework and vulnerability coverage and functionality, with the appropriate customization and plug-ins, they can enable an effective application security program with minimal resources. Use security testing services for a jumpstart. Application security testing services and penetration testing can seem expensive. When considering an investment in these services, present the costs not simply as a service, but as a source of security expertise. The more application security knowledge you can transfer into your development teams, the more likely these teams are to produce higher-quality code. Assign one of your developers to shadow the pentester or application security testing service, or have your developer manage the program. Gartner research suggests that developers in this kind of program are prone to make significantly fewer security errors. These developers can also act as subject matter experts or security champions.
Reevaluate security techniques on a periodic basis. As the program matures and as new styles of coding and new technologies are introduced, vulnerabilities evolve. Plan for this by scheduling periodic evaluations of security techniques in practice. For example, if you have an application that is mostly in maintenance mode and requires mostly cosmetic changes, move resources from code scanning into pentest. Semiannual or quarterly reevaluation of priorities can optimize resources and ensure that development and security teams are familiar with all of the tools. Rotate testers and apply time limits. Gartner research suggests that the number of threats found by a security tester reduces gradually over a period of five weeks and significantly declines after eight weeks of running code. This doesnâ&#x20AC;&#x2122;t mean that threats have been reduced. Because the tester is viewing the code multiple times, fatigue sets in. Rotate testers and apply time limits to prevent overfamiliarity and burnout. Introducing code testing to a fresh set of eyes can help identify vulnerabilities that someone who has been working on the software for too long may have overlooked. Avoid wasting paid testing hours. Underpreparedness is not new to the testing environment. Often when consultants arrive to begin testing, they are not fully briefed or prepared for the kinds of tests that have been requested. This causes delays in testing, less accurate results, and lower productivity for development teams and pentesters. Prepare for testing ahead of time by meeting with vendors and discussing the types and scale of testing you want to conduct, and preselect areas of code, infrastructure and processes that are identified as gaps in overall testing coverage. Be flexible when scheduling opportunities for testing. Rolling out testing changes to a small population is a common practice within DevOps organizations. As these tests are performed in a controlled environment, it reduces the risks of exposing the entire organization to threats. Consider planning for canary or A/B testing during breaks in normal business hours. z
Mark Horvath is a Senior Research Director at Gartner.
Organizations can avoid remodeling and remediation efforts if threats are mitigated at the very beginning of development.
37
038_SDT043.qxp_Layout 1 12/23/20 1:29 PM Page 38
38
SD Times
January 2021
www.sdtimes.com
Industry Watch BY DAVID RUBINSTEIN
Assessing a developer’s work, and worth David Rubinstein is editor-in-chief of SD Times.
I
t’s a new year, and organizations around the world are giving developers goals for the new year and reviewing their past year’s efforts. A question I often hear is, ‘How do you assess a developer’s work, and his/her worth to the organization?’ Some organizations still cling to the metric of lines of code produced by a developer, which — given the extra responsibilities of testing, ensuring security, adhering to policies and regulations, and more — might not be a fair valuation in today’s complex world. This method is entrenched in the finger-pointing of the past, which modern development organizations have largely eschewed as they look to create a blameless culture. Forward-thinking companies will look at the role of the team around development, assembled with software engineers, testers, security experts and people from the business side, and look holistically at how that team performs. “Line counts is a terrible metric, and I think we all agree on that,” said Chris Downard, vice president of engineering at Gigsmart, a website for hiring gig workers. “There are times … when it could be useful as an additional data point, but not necessarily for information.” When you’re managing humans, he said, reducing every action to data points is not good. Time must be spent building context, as data can often misrepresent things. At Gigsmart, Downard said they don’t use sprints, instead taking what he called “an ongoing, non-stop kind of combat approach.” But they do use sprint reports, from metrics captured every two weeks, to communicate what happened in that time period. He pointed out he knew what his team was doing between the sprint reports — they were working hard, pairing up, and he saw the number of merge requests going up. “But one of the normal indicators of productivity is, ‘Are we moving things across the line to delivered,’ as points completed,” he said, and that number was going down. But based on their knowledge of the team and of the context of everything else going on, they discounted the number, knowing the team’s productivity
When you’re managing humans, reducing every action to data points is not good.
was very, very high. “It’s just the way the ticketing shook out, producing a data point that was not necessarily indicative of what was accurate,” he noted. As an organizational leader, Downard said, you need to think about the things you want the organization to produce, and then think about the measurements that will indicate that you’re having success or struggling. Different teams, of course, have different goals. “If you’re running a DevOps team, you might care about time to resolution, and if you’re tracking the development portion of an IT department, it might be turnaround time for customizing reports and data stuff. You need to track the things that matter to your organization’s success. So for us, I track merge request counts for a week. And we don’t necessarily do anything with that data. It’s not like a it’s not a carrot and stick thing. Kind of like a doctor would be diagnosing a patient.” But data points often don’t align with assessing developer productivity because while much programming involves the logical reasoning side of the brain, it also involves the creative side. So for Downard, raw data points are “typically terrible. But what we do get is a lot of soft indicators. You get information out of standup updates of people communicating how they feel about what they’re doing. You get hard data points in the sense that you can see their commit activity, but you have to keep context.” As a leader, he said, you have to advocate for developers and translate what they’re running into, to every other organization around development. Downard said Gigsmart uses Bushido, the samurai code of conduct that defines the values of how you should act and conduct yourself as an individual, as its organizational ethos. “Jason Waldrip, our CTO and I sat down and crafted it into a set of ideals to drive the organization, and I use that as the core for everything we do. So if I’m going to start tracking something, it has to map to some sort of value from there, because if I try to track things that don’t map well to those values, I can’t advocate for those values with the team. It’s not gonna stick, it’s going to become hollow.” Data points, he said, are nothing more than signals to go look into something and start asking questions. “And it should always be exploratory, not accusatory. That’s important to us.” z
Collaborative Modeling
Keeping People Connected ®
®
®
®
®
Application Lifecycle Management | Jazz | Jira | Confluence | Team Foundation Server | Wrike | ServiceNow ®
Autodesk | Bugzilla
sparxsystems.com
SDTimes-PCS-Nov-2020.indd 1
TM
®
®
®
| Salesforce | SharePoint | Polarion | Dropbox
TM
®
| *Other Enterprise Architect Models
Modeling and Design Tools for Changing Worlds
17/11/20 12:55 pm
Full Page Ads_SDT016.qxp_Layout 1 9/21/18 4:14 PM Page 28
SD T Times imes News on Mond day The latest news, news analysis and commentary delivvered to your inbox!
• Reports on the newest technologies affecting enterprise deve developers elopers • Insights into the e practices and innovations reshaping softw ware development • News from softtware providers, industry consortia, open n source projects and more m
Read SD Times Ne ews On Monday to o keep up with everything happening in the software devvelopment industrry. SUB BSCRIBE TODA AY! Y!