Ben's Book of the Month: Review of "The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations"

Posted on by Ben Rothke

My first reaction when initially learning about quantum physics was like that of many others - it’s a bizarre concept that makes absolutely no sense. After spending some time delving deeper, did it very slowly start to make sense. For many learning about DevOps for the first time, their response is often the same. It’s a concept that promises far too much and is way too radical a model to work in the real world.

DevOps (software DEVelopment/information technology OPerationS) is a broad term which is used to refer to a large set of practices that emphasize the collaboration and communication of software developers and information technology professionals to facilitate the automation of software delivery and infrastructure changes. DevOps attempts to develop a culture and environment where building, testing and releasing software happens rapidly, frequently and more reliably. When correctly implemented in the right organization, it’s a revolutionary method.

In The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations (IT Revolution Press 978-1942788003), authors Gene Kim, Patrick Debois, John Willis and Jez Humble have written a powerful manifesto detailing how DevOps can transform the enterprise IT space. The DevOps approach, which brings together development and operations teams has been gaining significant traction for the last several years.

Many IT people and developers will recoil when reading about DevOps. This is likely due to them spending their careers in the dysfunctional types of organizations that DevOps is meant to fix. The promise of DevOps is quite compelling, but it will only work where it’s fully implemented over time. As powerful a methodology as DevOps is, it is certainly no quick fix. DevOps promises speed and agility, which it indeed can deliver. But like training for a race; getting those high levels of speed and agility can’t be done overnight.

At the start of the book, the authors write of a malady far too common in corporate America. This is IT environments where a culture of fear and lack of trust prevail; where workers who make mistakes are punished, and those who make suggestions or point out problems are viewed as whistle-blowers and troublemakers. By contrast, in the perfect world of DevOps, learning is promoted and the culture is that of a high level of trust.

While the authors are highly evangelical when it comes to DevOps, they also note that it is a huge undertaking. With its own language and culture, DevOps must have the complete and absolute blessing of management to succeed.

According to the authors (ironically in my opinion) security and compliance groups are often the ones the object to the implementation of DevOps. When done correctly, DevOps is a powerful vehicle to integrate information security into enterprise operations. As noted at DevOpsSec, the challenge facing DevOps teams today however is that incorporating security into their day-to-day work is not always easy or intuitive. Security often runs one step behind or out of sync with lean DevOps teams.

While the book does not fully deal with the integrating security into DevOps, the free eBook DevOpsSec: Securing Software through Continuous Delivery is a most helpful resource.

In The DevOps Handbook, the authors provide countless case studies and quotes regarding successes. What the book makes up in breadth, it lacks in detailed and tactical directions on how to put DevOps into full implementation. For that, those considering DevOps need to use the many other books the authors reference, as the topic is far too large to cover in a single work.

With all the success stories and case studies with happy endings; it would have been nice to hear some DevOps failures and horror stories. Understanding failure modes is a powerful learning mechanism. While the authors are quite passionate, the book comes across as overly fervent at times and can be misunderstood that DevOps can’t fail. DevOps means a massive change for most organizations who choose to go down its path, in addition to complete commitment from management and staff. It’s unreasonable to think that every organization that has gone down the DevOps path has found it beneficial.

In the world of IT, there is huge and often intolerable amounts of waste and delay. There are myriad reasons why this is, often since organizations are too large and disparate, and that processes are nowhere near streamlined. For those looking to stop that trend, The DevOps Handbook is an invaluable read.

Even for those organizations that won’t be implementing DevOps in totality, there’s still plenty of good advice to glean from this book. For those that are looking to go down the DevOps path, this is the book you want to start your journey with.

Ben Rothke

Senior Information Security Manager, Tapad


Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community