profit_image - stock.adobe.com

The evolution of DevOps: Why platform engineering is gaining momentum

Platform teams are extending their responsibilities to security as platform engineering takes DevOps to the next level

Platform engineering, which takes the concepts behind DevOps and applies them at a grander scale, continues to grow its reach, extending into troubleshooting security problems across enterprise application development.

The idea behind DevOps is that it brings together development and IT operations – the Dev and the Ops – to make it easier to create and deploy software. Platform engineering builds on this with a team made up of product managers and engineers, creating and maintaining the shared infrastructure needed by developers.

Tech analyst Gartner predicts that by 2026, 80% of software engineering organisations will establish platform teams as internal providers of reusable services and tools for application delivery.

Research by Puppet by Perforce suggests the roles of this team are growing, adding responsibility for security.

“The biggest takeaway from our survey this year surprised us – not only are platform engineering teams supporting security and compliance efforts, but they are tackling and troubleshooting issues around security in a way that suggests this is going to be a much larger trend,” the report said.

It found that the platform team has become responsible for both “putting out fires in general, and building and enforcing security processes”.

“We also found that security and compliance tends to be within the scope of the platform team overall, as they ensure people are using the right version of software and IT tools and following important benchmarks,” it said.

Championing security internally

The report said that, just as public cloud providers had to boost their security beyond the level companies could achieve in their own datacentres, application teams also expect the platform team to champion security internally. That might mean enforcing software and tool versions, implementing organisational security benchmarks or continuously scanning for vulnerabilities.

Adding security to the platform team lowered risk by ensuring that code was compliant and secure, said 59% of respondents to the survey, while 48% said it reduced time needed by developers to learn security and compliance baselines. “We anticipate that platform engineering will remain at the centre of the security and compliance conversation, as platform engineering’s positive impact on security posture fuels company-wide adoption,” the report said.

Looking more broadly at the results, increasing the speed of product delivery was the top goal of companies adopting platform engineering, followed by improving security and compliance. Nearly half (43%) said their team was between three and five years old; although a quarter said their team was between six and nine years old and 17% said their team was around one-to-two years old.

Half of respondents said increased productivity was the key benefit for developers, followed by better quality software and reduced lead time for deployment. “Imagine working in a constant state of information overload while managing a dozen different tools and processes,” the report said. “For most developers, it’s just another day at work.

“Platform engineering can act as a barrier against the chaos of tools, tasks and information,” it continued. “By standardising tools and processes, it can liberate developers from the burden of becoming tool experts so that they can focus on their core strengths: writing great code.”

Platform Engineering teams often collaborate alongside or within engineering and operations, but their location within an organisation can vary depending on their scope of support. While 23% of respondents said the platform engineering team was a separate team under engineering, 22% said it was in the operations team, and 21% said it was in the engineering team, while 14% said it was in the product team.

Areas covered by platform teams mainly include services that enable app teams to build, deploy and run applications, followed by provisioning and managing infrastructure to support developers. Managing costs was a long way down the list of priorities. “As a platform matures, cost becomes a critical metric to success,” the report said. “We’ve seen this with the high cost of public cloud adoption. If teams aren’t concerned about managing and optimising costs, the very nature of platform engineering creates risk.”

Read more about software development and business apps

Different organisations also vary on the makeup of the platform team. While a successful platform engineering team requires a full-stack DevOps engineer, respondents were less clear about the need for a product manager as well.

While just over half said a product manager was critical to success, 21% described them as a nice to have, 18% said they were important but not critical and 9% said they were not necessary.

And it seems that not everyone is sold on the concept – at least not yet. The survey found that 65% of respondents said the platform engineering team was “important and is receiving continued investment”. But 16% described it as a “passion project” and 12% described it as a “beta test” where future investment would depend on its success or failure.

But as organisations reach more advanced stages in their DevOps journey, the need for a dedicated approach like platform engineering becomes clear, the report said.

“Most organisations understand the impact a platform team can have on their operations,” it explained. “There is power in consistency across teams and how they approach their work. The more consistency you have across teams, tooling and processes, the more secure, efficient, and standardised your infrastructure will be.” Puppet surveyed 500 tech professionals working with or on a platform team.

Margaret Lee, manager of product management at Puppet by Perforce, said platform engineering is a natural evolution, not a replacement. “We are seeing the benefits of automation realised at the organisation level now, with self-service being a key part of it,” she told Computer Weekly. “Previously, automation was at the individual or team level. It has evolved to organisational level where the benefits of standardisation and automation can help reduce cognitive load and increase dev productivity.”

Lee said starting small is key. “Change is hard regardless of what that change is,” she explained. “Start with something that drives a lot of value for your company. What we saw in the data is folks starting with security. It is something that can drive value for both developers and the business.”

Read more on DevOps

Search CIO
Search Security
Search Networking
Search Data Center
Search Data Management
Close