IDC: Become a Digital Innovation Factory with These 4 Pillars of Modern DevOps

Let’s dive in to review some of IDC’s key insights around DevOps and the future of digital innovation.

IDC: “The gold rush of digital innovation is fully in motion”

Building a digital innovation factory is a must for businesses. Digital-first enterprises deliver 8x the revenue growth and 2x the profit margin compared to other enterprises, and 65% of global GDP will be digitized by the end of 2022, IDC estimates.

With these numbers, it’s no longer a question of whether your organization will be digitally transformed. If it isn’t, it’ll go out of business.

When IDC recently asked enterprises what’s the role of software development and delivery in supporting their business, the top two answers were to increase competitiveness, and to differentiate and innovate their product and services portfolio.

DevOps, put simply, is now the competitive advantage and mode-of-operation for enterprises. Software development is becoming the core, enabling part of the modern business. It is no longer a “nice to have” but rather a strategic, critical element for success.

In fact, when enterprises that have launched a digital transformation initiative were asked to name which C-suite member was involved in green-lighting the project, the top answers included their president, CEO, owner, chairman, CIO, CTO and head of technology. This highlights just how important these digital initiatives are to the current and future survival of the modern business.

The 4 Strategic Pillars to Becoming a Digital Innovation Leader

Here’s how to build your software innovation capacity so you can create and deploy digital products at the speed and scale of a digital-first organization.

---

❶ Planning

The planning stage must go beyond standard project planning, and encompass higher-level elements such as the establishment of a strong collaboration between business and tech leaders, shared KPIs, and making informed decisions around software architectures, languages and frameworks for applications. 

When faced with a decision of whether to build their own business applications or buy them, organizations need to realize that the risk of developing a business application incrementally using DevOps and altering it regularly based upon user feedback is often lower in the long run than buying a commercial, off-the-shelf solution that provides limited opportunities for customization of business logic.

Recommendations

Here are three recommendations from IDC for the planning function:

• Approach planning as an ongoing function, not as something to do once to kick off a project. For example, you should base your decisions on KPIs and continually tweak those KPIs as needed.
• Think about future distribution plans. After building a software-driven product, continuously consider how you could drive new business value from it through new distribution methods to share it more widely, such as via open APIs or edge deployments. 
• Constantly evaluate how new technologies can change your assessment to “build vs buy” your business applications. For example, you’ll need a strong set of DevOps tools to create a streamlined software pipeline and respond quickly to market dynamics.

---

❷ Sourcing

Enterprises should expect their applications to be heterogeneous, written in a variety of languages, and made up of a mixture of open source components, custom code, commercial software, internally re-used code, and more.

People are turning to these different languages, technologies, and open-source packages because they offer flexibility and allow for better and more quickly developed products, but of course there are challenges involved as well.

For example, open source software (OSS) makes up almost half of the code in the applications built by developers surveyed by IDC. 

OSS is popular because it improves time to innovation, lowers costs, improves developer productivity, enables easy customization.

How to take advantage of open source, securely

Given OSS usage, organizations must track and scan OSS packages, because OSS components often have vulnerabilities that can put applications at risk for breaches. Complicating this equation is the fact that OSS components often contain other OSS components, and so on, like a Russian Doll. This hierarchy of embedded OSS components is called a Software Bill of Materials (SBOM).

That’s where a Software Composition Analysis (SCA) tool, such as JFrog Xray, comes in. Equating SCA to COVID-19 contact tracing, IDC sees SCA as providing critical visibility into your SBOMs, detection around vulnerabilities and licensing compliance issues, and more.

In addition to identifying open source security vulnerabilities that could be exploited, an SCA tool also helps organizations understand licensing limitations of embedded components, such as a “copyleft” agreement, which requires that any software product embedding that OSS component — even if it’s just a few lines of code — must make its entire source code available for free, along with the rights to modify and distribute it. That’s not a risk commercial enterprises are willing to take.

Recommendations

IDC recommends these tips to ensure successful sourcing:

• Understand the transitive dependencies of your applications via an SBOM.

• Avoid legal and licensing risk by ensuring there are no OSS licensing violations or restrictive licensing terms, such as “copyleft.”

• Store curated OSS in an internally-managed, version-controlled and curated package repository. This ensures that developers take authorized copies of components, and provides another level of tracking for OSS used in your applications.

---

❸ Develop

Developers are adopting new technologies, practices and approaches to increase their agility and accelerate their application development processes, and their ability to respond to feedback from end users.  Important tools and approaches include microservices-based architectures, automation, cloud-native technologies, DevSecOps, and more.

Move Fast with Containers

Cloud native and containers are becoming mainstream. As DevOps teams look to improve velocity and accelerate application development, these technologies are proving vital towards providing the agility required by digital innovators, to speed up app releases of  massively-distributed modern applications in a reliable way. 

Mitigate Risk with DevSecOps

Alongside cloud native and containers adoption, the importance of securing your software pipeline has become evident, driving the adoption of DevSecOps processes and tools to automate detecting and fixing vulnerabilities and other security gaps early and often in the SDLC — the “shift left” approach.

As the application landscape continues to increase, bad actors are increasingly attacking the applications looking for insecure code and known vulnerabilities. This means that digital innovators must adopt DevSecOps.

Recommendations

IDC recommends these best practices for development investments:

• Adopt modern cloud native application architectures and DevOps methodologies to improve agility and velocity.

• Leverage DevSecOps to shift security to the left and catch vulnerabilities prior to production.

• Utilize the ephemeral nature of containers and a full-featured container registry to speed up application delivery and deployment 

---

❹ Distribute

Software distribution is an area that holds great potential for generating business value for organizations’ digital efforts but that’s currently still undeveloped in many organizations. Beyond the traditional placement of applications on an app store, there are many other new ways that software can be distributed that may drive new value for the business or for your customers.

For example, enterprises can open source some of the software they’ve developed, and that way build a community that helps extend their offering. Or they can provide API access to their software for partners or external developers, which can be a new revenue stream.

Other software distribution opportunities include pushing software out to edge deployments to improve the user experience; building a portal to engage with developers; striking up new partnerships and creating new marketplaces.

Distribute to the External Developer Ecosystem

IDC data shows that organizations plan to significantly increase the amount of internally-developed software they share externally over the next two years. More than 60% of Global 2000 companies engage with the external developer ecosystem across various developer portals, API access, external repositories, and more. In fact, the biggest, most advanced companies are engaging with developers — with the Global 100 companies having the highest engagement rate.

Distribution to Edge Infrastructure and IoT Devices

Edge deployments in particular are increasing, as DevOps teams get tasked with distributing software to non-traditional locations, such as IoT devices, wearables, autonomous vehicles, consumer electronics, air-gapped systems, drones, and more — many of which are behind slow or unreliable networks.

We’re not in on-prem, reliable data centers anymore. It’s a whole new paradigm of trusted software distribution (see the IDC infographic here to learn more). Traditional deployment and repository management were not designed to handle these types of challenges. How can we verify that all of the software got to where it’s supposed to be, successfully and securely, and how do we do it at scale?

Recommendations

To jumpstart software distribution opportunities, IDC recommends that digital innovators:

• Run applications closer to the customer — the edge — to deliver an optimal digital experience. 

• Securely and reliably distribute software components — artifacts — to all internal and external stakeholders. When distributing to the edge in particular, digital innovators must ensure that artifacts were delivered securely, and validate that they were received and deployed correctly.

• Look for solutions that eliminate distribution bandwidth bottlenecks throughout the lifecycle for complex and widely distributed applications and artifacts, as well as for cloud-native or embedded compounded assets.

These are new challenges with large-scale modern delivery that we really haven’t experienced before. With massively distributed architectures and high software velocity, it becomes critical to deliver across hybrid infrastructure footprint and massive edge/IoT devices reliably, and at scale.

Since these software distribution options are new, IDC recommends organizations get acquainted with emerging solutions so that they can future-proof their efforts, accelerate software distribution and improve network utilization as an integral part of their DevOps processes, with CI/CD automation, security, and compliance.

See all of this in action with JFrog

So how do digital innovation factories look in the real world? In addition to the right culture, Agile methodologies, and processes — you also need the right tooling in place.

The JFrog DevOps Platform offers an end-to-end, hybrid, central solution covering the key critical pillars for digital innovation factories. What’s more, it is the only solution designed to address the next evolution in DevOps and the emerging challenges and opportunities around modern software distribution, at scale.

Watch the replay of the webinar for additional insights and best practices around the four strategic pillars for establishing a digital innovation factory, and to see a demo of how the JFrog Platform and how it enables these DevOps practices.

Other great resources that might interest you are “Leapfrog to the Future of DevOps” eBook and the DevSecOps Best Practices Webinar with JFrog Xray.