DevOps Vs DevSecOps Vs SRE

These three buzz words, that we keep hearing a lot now in the agile world of practices .

• What are these technologies / methodologies ?
• Which one should be chosen for our team / organization ?
• Do they coexist or differ or Overlap ?
• Which is better than the other ?
• What differentiates them ?

?

Lot of questions, this blog helps to provide clarity to all these questions - All it takes is only?5 mins of reading.?

?

Preface:

??????????? Traditionally we were using Waterfall Approach for Software Development; process of developing, testing, debugging and later deployment , wherein each stage must be completed before the start of the next stage. This led to creation of silos and had various shortcomings, such as accommodating change requests, no feedback path, overlapping phases, and caused delay in delivering services to its users. These drawbacks led to evolution of Agile Methodology, which focuses more on aligning development with customer needs, its main focus was on getting smaller teams to collaborate with each other. Despite few advantages, Agile still lacked on few fronts, i.e., collaboration with larger teams was ineffective, rolling out new updates, features & bug fixes were slow and caused delays in the delivery process. IT Teams need to minimize the downtime and delay in the delivering IT solutions, these led to the emergence of DevOps, DevSecOps and later on SRE.

?

DevOps

??????????? DevOps is a set of practices that combine software development and IT operations. It’s actually an abbreviation of two words "development" and "operations", representing a new methodology that aims at establishing closer collaboration between these two teams. It aims to shorten the systems development life-cycle and provide continuous delivery with high software quality. The primary goal is to optimize the flow of value from idea to the end-user, obviously, there's a cultural change that must happen for an organization to be successful with DevOps, so?culture?is a big focus, but the DevOps goal is to make the?Value Delivery?more?Efficient?and?Effective. It empowers businesses to push their product to the market at a higher velocity and respond to the market at a faster rate.

?

DevSecOps

??????????? In the waterfall methodology, the development cycles lasted for months or every years, and the software releases / updates were released either once or twice in an year; this gave enough time for security testing teams for their activity. With the advent of DevOps, the development cycles has reduced to weeks / days, the security teams weren't able to keep up pace with this initiatives. This led to the development / evolution of DevSecOps methodology, wherein?development,?operations?and?security?teams work in the same collaborative framework and have a shared end-to-end responsibility for the entire lifecycle. DevSecOps means thinking about application and infrastructure security from the start, it also means automating some security gates to keep the DevOps workflow from slowing down. Selecting the right tools to continuously integrate security can help meet your security goals, but effective DevOps security requires more than new tools — it builds on the cultural changes of DevOps to integrate the work of security teams sooner rather than later. In a nutshell, the simple principle of DevSecOps is that?everyone?in the software development life cycle is?Responsible for Security, in essence bringing operations and development together with security functions. DevSecOps aims to?Embed Security?in every part of the development process, it is about trying to automate core security tasks by embedding security controls and processes early in the DevOps workflow (rather than being bolted on at the end).

?

SRE

??????????? Site Reliability Engineering is a practice popularized by google over the past few years. The primary focus of SRE is system?reliability?and once the system is reliable enough, it shifts towards its efforts towards adding?new updates,?features?and?products. SRE approach?identifies weakness?in the system,?testing production environments?and?solving them?before they become major incidents. SRE helps in?constantly balancing between releasing new features and the reliability of the system. SRE is evolving into a more strategic role, focused on equipping development teams with the tools, data, and capabilities they need to drive modern development and innovation. SRE is also well-positioned to help organizations tackle new challenges, such as the growth of new? technologies, languages, platforms, and tools in cloud-native delivery which have created an explosion of complexity. The availability of?self-service,?observability?and?monitoring-as-code?approaches across the DevSecOps life-cycle is key, allowing development teams to build feedback loops into their applications in just a few clicks. In this way, SREs will lead the charge in going beyond basic automation to?smart orchestration of customer experience and business outcomes, that will empower development teams to drive transformation faster than ever, through?self-healing?cloud / on-Prem?applications that quickly?scale with business needs and are reliable and secure by default.

?

SRE Vs DevOps Vs DevSecOps

Similarity / Differences through various lens

• Blameless Culture

SRE Methodology practices a Blameless Culture (post-mortem) approach, wherein it follows the blameless post-mortem? to find out what caused the issued and how can it be avoided - Post Issue / Incident Occurrence - it also advocates Automation / AIOps to pre-empt and reduce these, but focus is more on post-incident occurrence.

DevOps & DevSecOps also follows a Blameless Culture wherein every issue is a learning opportuning and it concentrates more on Fault-Tolerant approach. They basically deals with pre-incident? / pre-failure situation.

• Manpower

SRE Roles requires some companies to replace their existing IT Operation team to some extent.

DevOps & DevSecOps in most cases doesn’t need any change of role for Developer, IT operations and Security teams.

• Culture

SRE focus on both cultural goals and even though they don't follow any specific script / tool to follow in the Implementation Process, it offers a rigid way of solving the problem.

DevOps & DevSecOps focus more on cultural goals than any implementation process / tools - they don't follow any specific tools or procedures.

• Continuous Integration (CI) / Continuous Development (CD)

SRE focuses more on SLO's, SLI's and SLA's - which is the main driving force for establishing and monitoring service-level metrics. These act as a key tool for Observability of the environment and helps quantify the capabilities of the product / services and gain customer trust, system reliability and performance.

DevOps focuses on Lead Time, Deployment Frequency, MTTR, Change Failure Rate, Customer Ticket Volume. DevSecOps along with DevOps metrics focuses on Time-to-Deploy, Failed Security Tests, Time-to-Remediate, Percentage of Security Audits passed and so on.

• Collaboration

SRE, DevOps and DevSecOps are all about teamwork and relationships; they work together to bridge the gap between development and operation teams to deliver faster service

?

Summary:

• DevOps is a cultural philosophy that supports the agile approach based on the effective collaboration between development and operations teams.
• DevSecOps can be seen as an extension to DevOps wherein Security Objectives are integrated into the approach from start of the Life-cycle.
• SRE Methodology prioritizes Reliability & Resilience taking into consideration the customer experience and business needs / outcomes.

?

All the three methodologies works towards the same goal with almost the same tools but with slightly different Focuses. They should not be considered as competing technologies against each other - they in fact are close methods with overlapping areas.

Implementing one over the other is not the right approach; its journey wherein you need to move from one to another and choose the appropriate one depending on the Organization, its needs, vision, strategy, philosophy and more.

??

Happy Learning !!!