DEVOPSdigest asked experts from across the IT industry for their opinions on the top tools to support DevSecOps. Part 3 covers security and monitoring ...
You've already recognized that business transformation requires digital transformation. Your organization is staffed with the best and brightest developers ready to implement the innovative, business-differentiating technologies you need to attract, engage, and retain customers. And you've invested in scaling Agile, driving DevOps adoption, automating the Continuous Delivery pipeline, and all the other components involved in moving from ideation to delivery as rapidly as possible. So what could possibly go wrong? Testing.
Perhaps you might think that software testing isn't as exciting as development, where abstract ideas are magically transformed into attractive interfaces you can showcase to customers and staff. However, it can have a tremendous impact on the success of your digital transformation strategy. In fact, testing is often the silent killer of these efforts. Why? Because software testing is still dominated by yesterday's tools and outdated processes — which don't meet the needs of today's accelerated development processes.
What does this disconnect mean for you?
Agile and DevOps initiatives aim to accelerate the process of delivering working software to the end user. However, even organizations who have adopted Agile and DevOps report dismal test automation rates: around 25-30%. This means that after the rest of your software delivery pipeline is automated and optimized, an outdated testing process eventually emerges as the bottleneck. Once it's clear that testing is clogging the delivery pipe, there are three options: accept the throttled speed, release without adequate testing, or transform the testing process.
Risk to Your Brand
Now that software is the primary interface to the business, a software failure is a business failure. Yet, with today's compressed and continuous delivery cycles, it's simply impossible to test everything before every release — even if testing is automated.
To protect your brand while accelerating software delivery, testing must be re-aligned to focus on your top business risks. Traditional testing takes a "bottom-up" approach to validate whether new functionality works as expected. Modern delivery processes require testing to automatically assess the overall impact to the core user experience and instantly determine if the release candidate has an acceptable level of business risk.
There are hard costs associated with trying to retrofit outdated testing processes and tools into modern delivery processes. Many organizations try to bridge the testing gap by throwing an abundance of manual testers at the problem … typically through a global system integrator. By the most recent estimates, this approach consumes approximately 35% of an average IT application development budget — a total of $35 billion per year, globally. A way to help testers achieve high test automation rates would let you reallocate a large portion of that testing spend towards creative tasks which advance competitive differentiators.
The Path Forward: Continuous Testing
Software testing must change. Software testing in the new world of DevOps remains dominated by yesterday's application lifecycle management (ALM) tools and manual testing — and they simply don't meet the needs of today's accelerated development processes.
The fact of the matter is that previous efforts to automate software testing have not yielded the expected results due to:
■ High maintenance: Traditional script-based automated tests need frequent updating to keep pace with highly-dynamic, accelerated release processes. This results in an overwhelming amount of false positives that require burdensome maintenance and/or cause automation efforts to be abandoned.
■ Slow execution time: Traditional tests are time-consuming to execute, so it is not practical to run a meaningful regression test suite on each build. This means the team lacks instant feedback on whether their changes impact the existing user experience — undermining the goals of CI.
■ Frequent failure: With today's complex, interconnected applications, test environment inconsistencies commonly impede test automation efforts and result in false positives. Again, this requires burdensome follow-up and/or causes automation efforts to be abandoned.
Now, the pressure of digital transformation requires a level of test automation that far surpasses the capabilities of legacy testing platforms. Balancing the business's demand for speed with their tolerance for risk requires Continuous Testing, which provides real-time insight into the application's business risk.
Continuous testing is the process of executing automated tests as part of the software delivery pipeline in order to obtain feedback on the business risks associated with a software release candidate as rapidly as possible.
Test automation is designed to produce a set of pass/fail data points correlated to user stories or application requirements. Continuous Testing, on the other hand, focuses on business risk and providing insight on whether the software can be released. To achieve this shift, we need to stop asking "are we done testing" and instead concentrate on "does the release candidate have an acceptable level of business risk?"
It's important to recognize that no tool or technology can instantly "give" you Continuous Testing. Like Agile and DevOps, Continuous Testing requires changes throughout people, processes, and technology. However, trying to initiate the associated change in people and processes when your technology is not up to the task will be an uphill battle from the start … and ultimately a losing one.