Scale and Automation Vital to DevOps Success
April 18, 2024

Mark Troester
Progress

The runaway train of change continues at a relentless pace in the world of IT infrastructure. As computing drives from on-premises to the cloud out to the edge, the proliferation of devices shows no sign of letting up either. In fact, in IoT devices alone, the State of IoT-Spring 2023(link is external) report shows the number of global IoT connections grew by 18% in 2022 to 14.3 billion active endpoints. And analytics experts expect that growth to continue unabated moving forward.

What does this mean for DevOps?

WEBINAR ON-DEMAND: Simplifying Compliance Against CIS Benchmarks
with Progress Chef

Given the array of hardware devices, myriad operating systems and cloud services, DevOps strategies must address scale and automation. Just as DevOps moved beyond the traditional parameters of developer and IT collaboration to include security and compliance (DevSecOps) and business-level practitioners, those responsible for DevOps need to put scalability front and center.

Scalability is Multi-Dimensional

To truly achieve scalability in this environment, DevOps teams must design applications and infrastructure with a multi-dimensional approach to scale, taking into account growing numbers of users, applications, servers and virtual machines. This includes designing for horizontal scalability, where multiple instances of an application can be deployed across multiple servers, and vertical scalability, where additional resources can be added to a single server to handle the increased workload.

There are many factors driving the growth of DevOps. There are the business needs: business agility and delivery speed and the need to accommodate the growth of remote work.

There are also the technology needs: delivery visibility and predictability along with improved quality.

But this ability to scale doesn't mean much if it makes the enterprise more vulnerable. In times of disruptions and complexity, security is paramount. As a result, cyber security teams are increasingly vital to the software development process, charged with securing complex swaths of IT systems, including infrastructure, networks, data processes, SDLC workflows and intellectual property — making sure these assets are always protected.

The Role of Automation

DevOps automation combines software engineering and IT practices designed to enable automation and continuous delivery of software, automating the development, testing, deployment and monitoring stages. These automation tools allow developers to focus on their core tasks, speeding delivery.

DevOps automation is becoming increasingly important as technology and development tools continue to evolve. Developments like containerization, which allows developers to quickly and easily package and deploy applications in a standardized way, and Infrastructure as Code, which enables developers to easily configure and deploy software applications in an automated manner, are making DevOps automation more accessible and powerful.

Policy as Code Drives Automation

Policy as Code brings configuration management and compliance into a single step, eliminating the security silo and moving everyone into a shared pipeline and a shared framework. Policy as Code is a key factor in truly evolving DevOps into DevSecOps and beyond as it essentially is an automated reality that brings together all the critical steps in the development process, allowing organizations to overcome technical skills gaps and scale automation across teams and environments.

Policy as Code extends Infrastructure as Code by enabling four essential actions:

Collaboration: Code is a common language for Developers, Operations and Security teams.

Scalability: Code scales across complexity sprawl.

Shift Left: Test throughout the delivery process, bringing security in as early as possible and allowing developers to test policies directly on their workstations.

Continuous Visibility: Monitor the steps to reduce or eliminate risk and fire drills.

Benefits of Policy as Code

The benefits of Policy as Code are many. It increases accuracy and efficiency over manual system management and promotes collaboration both within teams and cross-functionally. It also promotes transparency, providing a view of what is happening real-time in a system, helping to remediate problems before they can escalate. And when it comes to validation and testing, it helps reduce the risk of bringing errors into production systems.

The End Game: Continuous Compliance

To ensure a truly secure and compliant IT environment, compliance must not be considered as a one-off event, but an ongoing practice that every business has to follow at all times and embrace as a cultural norm. Continuous compliance is achieving compliance with regulatory requirements, industry standards and best practices across your IT environment and then maintaining it on an ongoing basis.
Continuous compliance helps develop and incorporate a strategy in the organization that continually monitors your compliance position. This way, you can stay updated on your compliance requirements, eliminate the pain and delay of manual cyber audits, while easily addressing non-compliance events when they occur. It helps ensure security across the organization by notifying teams of non-compliance issues in real time without the need to wait for periodic audits, eliminating response delays whenever a compliance issue arises.

Conclusion

With the ongoing proliferation of devices and technologies, it is a safe assumption that security and data breaches will proliferate as well. In fact, according to IT Governance, there were 73 major incidents of data breach in August 2023 alone. By implementing a DevOps/DevSecOps strategy that is scalable and embraces automation and continuous compliance, you will not only speed your application development and deployment process but will help reinforce security and compliance that is critical to protecting against vulnerabilities in an ever-changing technology environment.

Mark Troester is VP of Strategy at Progress
Share this

Industry News

April 03, 2025

StackGen has partnered with Google Cloud Platform (GCP) to bring its platform to the Google Cloud Marketplace.

April 03, 2025

Tricentis announced its spring release of new cloud capabilities for the company’s AI-powered, model-based test automation solution, Tricentis Tosca.

April 03, 2025

Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.

April 03, 2025

AutonomyAI announced its launch from stealth with $4 million in pre-seed funding.

April 02, 2025

Kong announced the launch of the latest version of Kong AI Gateway, which introduces new features to provide the AI security and governance guardrails needed to make GenAI and Agentic AI production-ready.

April 02, 2025

Traefik Labs announced significant enhancements to its AI Gateway platform along with new developer tools designed to streamline enterprise AI adoption and API development.

April 02, 2025

Zencoder released its next-generation AI coding and unit testing agents, designed to accelerate software development for professional engineers.

April 02, 2025

Windsurf (formerly Codeium) and Netlify announced a new technology partnership that brings seamless, one-click deployment directly into the developer's integrated development environment (IDE.)

April 02, 2025

Opsera raised $20M in Series B funding.

April 02, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, is making significant updates to its certification offerings.

April 01, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the Golden Kubestronaut program, a distinguished recognition for professionals who have demonstrated the highest level of expertise in Kubernetes, cloud native technologies, and Linux administration.

April 01, 2025

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade internal developer portal based on the Backstage project.

April 01, 2025

Platform9 announced that Private Cloud Director Community Edition is generally available.

March 31, 2025

Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.

March 31, 2025

CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.