Making the Move to Consolidation: Reducing Sprawl in 2023
Note: This blog post was previously published on InfoWorld
For DevOps, 2023 is the year to reduce tool sprawl and start tool consolidation efforts. Sprawl is often seen as a natural result of the flexibility and empowerment of dev teams to choose their own tools, but organizations now understand the need for a single, streamlined system. While flexibility to choose the right tool for the job has enabled teams to move quickly, the result is a complex web of systems and processes to deliver software.
There are three main reasons you should consider tool consolidation in 2023:
- A recession that has every organization re-examining budgets
- Heightened focus on security and the impact sprawl has on securing software supply chains and IT systems
- Improved efficiency and developer experience, which is driving the recent interest in “Platform Engineering.” Consolidating toolchains directly impacts all three of these areas.
If you’re a DevOps expert considering a tool consolidation journey, here are three areas ripe for consolidation.
Application Security Tooling
A recent survey by Gartner found that organizations are making a shift towards consolidating their security vendors, with the number rising from 29% in 2020 to 75% in 2022. “Security and risk management leaders are increasingly dissatisfied with the operational inefficiencies and the lack of integration of a heterogenous security stack,” said John Watts, VP Analyst at Gartner. “As a result, they are consolidating the number of security vendors they use.”
Between Static Application Security Testing (SAST), DAST, Software Composition Analysis (SCA), and the multiple other types of application security solutions available today, it’s possible for organizations to have a dozen different tools in place to ensure their released software applications are free from exploitable vulnerabilities.
Onboarding more point solutions, however, don’t guarantee a comprehensive approach to application security. Each tool represents an additional point of complexity in your security workflow, negatively impacting developer velocity and adding security risk. Ultimately, security and DevOps teams have to use different applications and policies to attempt to keep security consistent across their component ecosystem.
Package (Artifact) Related Solutions and Storage
Teams developing new products often have to use free or low-cost solutions. As software engineering and development teams grow, they naturally adopt additional tooling and technologies. Over time, this increases the number of places development teams store their artifacts, creating sprawl, impeding automation, hindering security, and requiring manual efforts to build and release software updates.
It’s not uncommon for organizations to get to a point where they’re storing software artifacts in any number of the following locations:
- Dependencies fetched from multiple package managers such as Maven, PyPI, and NPM
- DockerHub or other container registries
- GitHub or other Git/VCS solutions
- General purpose storage such as S3 buckets, Google Drive, local share drives
Storing and managing artifacts in multiple locations is great for small development projects, but when teams need to speed up releases, share components across teams (e.g., microservice architectures), or work across geographical boundaries, the ad-hoc web of storage solutions falls flat.
Consolidating onto a single system for all dependencies, build artifacts, and their metadata allows for enhanced automation and a single place to apply your application security efforts.
Systems and Data Monitoring
The Moogsoft State of Availability Report indicated that, on average, engineers are in charge of overseeing 16 monitoring tools. This number could go up to 40 when Service Level Agreements (SLAs) become more stringent. Having such a broad selection of tools can be chaotic and the costs associated with licensing, managing and maintaining them are high. Generally speaking, the more visibility you have over your processes, infrastructure, and application, the better. But, too many monitoring and logging tools generate data silos, keeping you from accessing and exploring your data when you need it.
Creating a single-pane-of-glass view across your entire tech stack can allow for cross-functional insights, and enhance the value of all those logs your various tools are generating.
If you’ve already addressed consolidating these areas, here are a few more to consider:
- CI and CD tooling
- Distribution and caching
- Source and VCS tools
When thinking about consolidating, you can’t consolidate everything. There may be important features or capabilities that you must maintain in your existing toolsets. If you’re serious about consolidation, consider the role a single platform can play in not only reducing the number of tools you leverage but connecting and integrating the solutions in your newly consolidated tech stack.
If you’re interested in exploring tips to go about tool consolidation at your organization, check out our recent webinar on consolidating DevOps tooling.