1 Introduction
2 Related Work
2.1 DevOps Concept
2.2 DevOps Implementation and Benefit
2.3 DevOps Risks and Risk Mitigation
2.4 Research Questions
-
RQ1: What are the risks associated with DevOps practices in organizations?
-
RQ2: What strategies are used by professionals for risk mitigation?
3 Research Approach
3.1 Data Collection
List of codes | Description of codes | Quotes from Professionals |
---|---|---|
Lack of tacit knowledge | The knowledge base for the system is not strong (tacit knowledge), a knowledgeable person left might impact the company negatively. Losing one key person may ruin the whole process | “In our team different skillset people are working. When someone goes they also take the expertise and knowledge with them, which creates difficulties in teamwork.” |
Miscommunication between clients and developers | communication between the clients and developer makes the project run smoothly or otherwise creates miscommunication and unclear perception | “Miscommunication is a drawback for DevOps practices when there is a communication gap that leads to a project failure and makes the project risky to execute.” |
Security in the DevOps environment | DevOps security is a set of practices, tools, and cultural approaches that bring together software development, software operations, and security all together to make the process faster and more secure | “To make a project successful it is important to maintain the security from the very beginning of the development process” |
Human error on DevOps risks | Human errors are one of the most unpredictable situations for any DevOps team which might create several risks for DevOps environment. | “Human error is difficult to eliminate but if teams maintain some steps then there will be less human error ” |
Handling ethical issues while working in teams | DevOps team members need to have the appropriate knowledge and training to understand and address ethical issues that may arise in operations | “It is essential to have proper training and knowledge while working in DevOps teams. The companies have training for team members so that they know how to handle difficult situations” |
3.2 Data Analysis
4 Results
4.1 Organizational Risks
“In our teams, there are sometimes miscommunications, and due to that DevOps practices get hampered (Development and Operations) and lack of collaboration between clients and developer teams make the process risky, improper communication creates difficulties for better outcomes”.
Quality assurance acts as a bridge between development and operations teams and supports developers by testing new iterations in real-time with continuous quality checks to keep the testing cycle running smoothly.“Risk mitigation through automated testing and quality assurance is essential for the development process. If automated tests are in place, a developer can immediately get feedback about their newly written programs/features. Then the process becomes less risky”.
“Balancing security and risk management for the DevOps process is crucial. For good balancing the team needs to make sure that they do not release anything if not properly tested”.
4.2 Social and Cultural Risks
“When a team has skilled and knowledgable people with a diversified culture that helps the team to progress better. A sudden change like someone leaving the team might slow down the process as DevOps teams are connected with each other and that’s the way the team progress”.
“Lack of collaboration and organizational culture does not help for better building products for clients. The company culture should be collaborative, flexible, and supportive. To make it secured from the beginning DevSecOps should be a part of the process”.
4.3 Technical Risks
According to our findings, the professionals stated that security vulnerabilities in DevOps pipelines are risky for the companies. Security vulnerabilities include missing data inscription, missing authentication for critical functions, and buffer overflows with insecure interactions between software companies. Whatever the developer has done and if the test is an improper code review, it is the number one risk for the process.“Uh, of the project experiences within the company they at first understand the requirements and set up the tools which are actually secured. So the important thing is that selection of the tools that make a secured environment for the development process”.
Human errors are one of the most unpredictable situations for any DevOps team which might create several risks for the DevOps environment. There are many steps as a part of DevOps work. People may forget to test certain codes or follow best practices. Maybe one port remains open by mistake, Data Storage is open to public access, Databases does not have IP restrictions, forgets to stop an expensive during holiday/weekend, no cost tracking of the cloud services. These errors could impact the development process hugely.“For maintaining security vulnerabilities, developers need to check if the web service is running and the Azure function can send requests and get the response back each hour. There should be access restrictions so only certain IPs are allowed if that is required”.
4.4 Ethics and Security Breach in DevOps Environment
“DevOps practices align with our organization’s values and ethical principles and require timely release features, Deployment frequencies, Time to recover in case of any issues, data protection, and scalability. ”.
“For ethical considerations, a company should take into account where, and how to collect, store, and analyze data in our DevOps operations”.
“Involve users and other stakeholders in ethical decision-making processes related to our DevOps operations is essential. A good communication can solve most of the issues. ”
4.5 Risk Mitigation Strategies by Professionals
5 Discussion
5.1 Key Findings
DevOps risk | Risk mitigation strategies |
---|---|
Lack of idea about the project | Make the process visible and transparent so that people can relate with the work |
Tacit knowledge is not strong | Giving priorities to the resources so that key personas feel valued, if they are working for other systems the company should find someone so that the extra load is relieved, and they can concentrate fully on their project |
Sudden change in team culture | By using change management, it is possible to eliminate the work impact, Teams need to have acceptable, and some resources might not work efficiently. Teams need to cope with the existing situation |
The Budget allocation for toolsets is important because wrong choices create risks for the project | Experts should be involved who are good at tool agnostics and experienced in shortlisting what could work for the environment |
Lack of Communication with Developers and the clients | Better management strategies required so that everyone has a clear idea about the process |
Improper code review by team members | This code review should be effective and it should be associated with the proper test |
5.2 Research Limitations
5.3 Future Research
-
Performing a comparative study In the future, we will perform a comparative study that covers different IT organizations using DevOps practices. As we know different organizations have different DevOps practices and the challenge and risk mitigation factors might not be the same for all organizations. The implementation and adoption of DevOps might vary for various organizations.
-
Conducting longitudinal research DevOps collaboration culture is one of the core concepts for DevOps practices. We could try to focus on a longitudinal research study by observing for an extended period of time. Thus, we can get better insights and overviews of DevOps collaboration culture in organizations.
-
Research model for identifying risks and mitigation strategies for success factors We propose the development of a novel model that addresses DevOps challenges and incorporates critical success factors. Such a model would serve as a valuable framework for identifying and mitigating various risks within the organization. By leveraging this model, we can establish a comprehensive understanding of the factors that contribute to success in this domain and develop effective strategies for addressing any challenges that arise.
-
Combining DevOps and MLOPs for better performance The incorporation of artificial intelligence (AI) within DevOps presents a promising opportunity to elevate performance to new heights. By leveraging AI in the software development life cycle, DevOps can streamline operations, resulting in more expedient development and improved operational cycle performance. This translates to a more positive user experience, as new AI features are implemented within DevOps. Moreover, the utilization of machine learning algorithms enables the collection of data from a multitude of sources, further enhancing the potential of AI and DevOps. This research area holds much promise, as it opens up new avenues for developing a diverse range of AI models within DevOps.
-
Developing scales for conducting survey Developing scales for measuring success and risk factors could be a great approach for doing future research. We observed that there were few studies that focused on scale development. These scales could be a great tool for quantitative surveys to collect data from professionals.