2021: DevSecOps Odyssey in Multi-Cloud

Organizations in virtually every industry, both public and private, are using software innovation to differentiate themselves and avoid being outdone. The business is more demanding than ever and the IT area will have to adapt to this “new norm” in a multi-cloud environment with DevSecOps evolution flows. 

We live in a new era of digitization, where speed and agility are the keys to success. It is up to the Infrastructure and Operations (I&O) teams to have the best tools and knowledge to enable their employees and partners to act in an increasingly competitive market.

This means that resource requests must be fulfilled at near instantaneous speeds and in greater volume with each passing day.

The IT area touches almost every department within an organization. As such, there can quickly be some bottleneck as legacy systems approaches give way to new delivery models

IT leaders need to radically improve the speed and efficiency of service delivery. Only in this way will they be able to remain relevant and anticipate the transitions of new technologies, such as the move to Kubernetes, Platform as a Service native from the cloud or acquisition of services and functions.


5 Steps to Entering a Multi-Cloud Journey and DevSecOps

There are 5 critical steps to transforming IT service delivery into a successful multi-cloud and DevSecOps journey.



Step 1: Activate self-service for everyone 

In 2023, 90% of companies will fail the DevSecOps philosophy if self-service platforms are not adopted. Source: How to Scale DevOps by Building Platform Teams - Gartner

The implementation of self-service is therefore essential.


Step 2: Quickly integrate and optimize

Most organizations are now adding at least 3 platforms/clouds with new options, particularly in industries full of mergers and acquisitions. The speed of integration is also important, given the constant change seen in the technological ecosystem.

For this reason, a modern cloud automation platform will be critical in heterogeneous environments.


Step 3: Establish controls and policies 

One of the main reasons cloud cost control has been an issue for organizations is the lack of effective role-based access control (RBAC).

The ability to provide self-service and automation is important, but governance is critical. The various controls must be established in segregated and multi-tenant environments.


Step 4: Provide frictionless delivery 

A recent Gartner study of business organizations showed that accelerating product delivery was the #1 goal for adopting agile methodologies. However, accelerating processes on the software development side without a similar speed in releasing it for production is counterproductive.

This is one of the main forces driving the DevSecOps culture. However, delivery can be more challenging if we are only focused on command and control. In other words, governance is important, but it cannot happen at the expense of speed and innovation.


Step 5: Manage the operation

As an industry and as IT professionals, we spend a lot of time talking about automation and creating new services. However, we must be concerned not only with fast provisioning, but also with complete lifecycle management of application instances.

This cycle goes from its creation to its end, also encompassing the availability of operational integration tools that allow its registration, monitoring and backup.

In 2021, more than 75% of medium and large organizations will have adopted a Multi-Cloud and/or hybrid IT strategy. Source: Increasing Reliance on Cloud Computing Transforms IT and Business Practices - Gartner.

In 2025, 80% of I&O activities will support digital business products (mainly in the form of applications) and not infrastructure delivery. Source: IT Operations Management 2025: Shift to Succeed - Gartner.

There are two major shifts underway in the technology industry that will forever change the way Infrastructure and Operations will fulfill the digital transformation mandate: Cloud Computing and DevSecOps.

As fundamentalists and early adopters are entering their second decade, we are prepared, as an industry, to take more advantage (in 2021 and beyond) as these changes begin to converge and mature.


Cloud Computing: the 3 Rs

Cloud has evolved over the last decade from an industry disruptive trend to a standard mechanism for delivering traditional and next-generation IT services.

In its simplest definition, cloud computing is defined by elastic scale and self-service consumption. There is no doubt that cloud computing has become an integral part of digital transformation initiatives due to its ability to provide greater agility and speed of innovation.

Gartner, AWS, and other experts have shown construction variations of "5 Rs" around switching to a cloud. While the "Retiring" and "Repurchasing" steps are valid phases they are less critical for this discussion, so let's focus on the other three


  • Rehosting

Many early cloud adopters chased the illusion that the public cloud was cheaper, proceeding with a bulk migration of applications.

Most now agree that this was a false belief and that the balance is between private and public deployments.


  • Replatforming

It involves minor updates to some services and processes as part of the move to the cloud. For example, swapping a database tier to move from a legacy RDBMS to a cloud-native PaaS equivalent.


  • Refactoring 

It appears as an opportunity to embrace micro-services and containers, as well as cloud functionality, or even serverless functions. It requires more work, but allows for a greater number of innovations to be delivered to the business.

Regardless of where they are on the "R-Curve", organizations are developing long-term relationships with hyperscale cloud vendors such as AWS, Azure and Google.

They are looking for continuous access to innovations, but at the same time they need to control vendor lock-in through the adoption of open standards and integration technologies.


This presents a unique challenge for I&O organizations that are already struggling to keep up with the speed of evolution. The demands of working with aging infrastructures and a huge skills gap will only get worse as overburdened teams try to keep up with a myriad of interfaces on the cloud..


The Evolution of DevOps to DevSecOps

Over the past 10 to 15 years, the adoption of Agile Software Development has led to widespread awareness and recognition of the changing IT culture known as DevSecOps.

Organizations have sought the nirvana of agile methodologies, popularized in works such as The Phoenix Project, with collaborative feedback loops and fully automated workflows.

This is much easier said than done, however, many have found that people and processes are often a more difficult problem to solve than tools and technology. Still, continuous flow improvement, removing constraints and providing more value, is an objective that persists.

Embracing a DevSecOps culture, tools, and systems helps every organization realize the value of IT investments that go far beyond delivering faster, higher-quality software. All of this translates into greater market differentiation and business value.

There are several maturity stages and practices associated with the evolution of organizations:


  • Standardize technological resourcess 

This is achieved through version control and the use of consistent technological resources across operating environments to reduce variability.


  • Expand DevSecOps practices and automate delivery

This phase is marked by accountability and elimination of manual approvals. It also involves configuration and automation to improve the flow, incorporating security practices, controls and methodologies intrinsic to the development.


  • Provide shared self-service platforms to optimize efforts 

This phase, with greater maturity, is marked by self-service for continuous deliveries and cross-functional teams to manage feedback cycles.

One of the challenges many face on their DevSecOps journey has been finding tools and technologies that meet the needs of all stakeholders.

Development teams have gravitated to agile frameworks, using open source tools, programming frameworks and infrastructure as code. Operations professionals, on the other hand, tend to rely on familiar graphics environments, trusted vendor relationships, and service-level agreements.

Bridging on-prem + public cloud, along with Dev + Sec + Ops, requires a different kind of tools and a different kind of IT leader..


Multi-Cloud and DevOps - Convergence in 2021

Although Cloud Computing and DevOps have been around for over 10 years, it is clear that most organizations have a long way to go.

Developers still take weeks to get what they need from IT delivery, and operations teams still face concerns about security and service levels. In addition to the technological trends already discussed, there is a growing appetite for adopting methodologies emerging from infrastructures as code and a heightened awareness of threats to cybersecurity. 

These factors will only exacerbate the problem unless IT adapts quickly, but it's not all bad news. More organizations than ever before have dedicated budgets, highlighting people and programs for cloud management and automation.

Advanced organizations are rethinking how Cloud Computing and DevSecOps maturity curves must converge to accelerate business results.




From Virtual Machines and Kubernetes to what will come next

In 2015, most companies had little understanding of containers, but today it is becoming a central part of application modernization strategies. By 2023, kubernetes will be deployed in more than 80% of all private cloud environments, requiring Infrastructure and Operations to acquire operational competencies.

Gartner research indicates that 20% of global companies are now managing containers in production. While programmers fully embraced the platform, I&O leaders found containerized environments difficult to install, operate and maintain.

The same IT teams trying to manage on-premises VMware and the public cloud are now being tasked with kubernetes projects which, in turn, expose large skills and resource gaps.


Become a lead actor on the DevSecOp journey in  Multi-Cloud

Wherever your organization finds itself on its multi-cloud automation journey and DevSecOps and whatever your role, you should look for a platform to go further and faster.

By bringing together all the tools and technologies in a way that recognizes people and handles the challenges of modernization, you can improve control and agility at the same time.

Nexllence has extensive experience in multi-cloud management and in secure development flows through to operation. We have partners who are market leaders in these areas and who can help with automation and agnostic orchestration to give you the freedom to adapt more quickly to an ever-changing environment



About the Author

Luís César Correia

Luís César Correia

Unit Manager - Datacenter and Cloud Management

Music lover, your goal is to be the conductor of his life, always keeping it in tune. Consolidated experience with more than 20 years, in IT areas for various sectors, focus on IT Infrastructures & Cloud, pre-sales and sales management, team leadership, project management, P&L management.