Hear an update on DevOps transformation
Charlene O’Hanlon: Hi, again. This is Charlene O’Hanlon, managing editor over DevOps.com. Devopsworld, Jenkins World 2018, San Francisco. I am here with Rutesh Shah, who is CEO and founder of Infostretch. Rutesh, thank you so much for taking the time to speak with me today, appreciate it.
Rutesh Shah: Thanks. Thanks for having me.
Charlene: If you could just start the conversation by telling us a little bit about your company?
Rutesh: Infostretch is now in the business for almost 13 to 14 years. We are digital native firm and we have been responsible for good 50% plus Enterprise 100 companies to help them adopt DevOps and bring automation to life.
Charlene: Wonderful, wonderful. Okay. I know your company focuses a lot on continuous testing, as part of the DevOps cycle. Let’s talk a little bit about that whole continuous economy. Where do you guys see yourselves in the whole ecosystem and where do you see the space going?
Rutesh: I like the term that Cloud B has coined today at this Jenkins World Conference, continuous economy, because the confusion that everybody has today is they add word continuous in front of anything, right? What we as a company we do is in enterprise environment, when they’re trying to transform into digital world, we help them to put their infrastructure at a level that is fully automated or at least to a largest extent automated. One of the things that is lacking in most of these enterprises is their ability to, after they’ve put these automated processes together, is to really put this automated test that runs when the developer checks in the code.
We have actually developed the framework that helps in the DevOps process to bring continuous testing to life. That means once a developer checks in the code, you’re able to run your unit tests, then you are able to intelligently deploy that environment in a QA environment, or staging environment, and then run the test that are more important based on the changes, rather than running every test. That helps with infrastructure optimization, that helps you do find the bugs early, and if you find enough bugs, you can abort the build, right? You can save the cost.
Once we go through that, then we go through the regression. Then, after regression, we focus on security testing which is actually very underrepresented in DevOps world.
Charlene: Right now, the DevOps’ DevSecOps movement’s kind of taking over.
I think I saw in one of the slides somebody presented that if $100 are spent on developers, $10 are spent on operations, and only $1 is spent on security. We are there to help customer understand that they are under-estimating the potential of risk that they are taking with security and lack of automation and help them to put it together.
Charlene: Do you think DevSecOps has become this chicken and egg problem? Should it have been something that- Some might argue, yes, that it should have been there all along, but do you think that it’s just the evolution of the industry has created this need to have security shifting left?
Rutesh Shah: It’s a good question. What was happening earlier, the enterprises were having everything in a closed environment, right? They knew what software they were buying, what software they were using, if at all any open source they were using. With this continuous, the pace at which their ability to control what goes in their software has tremendously changed. Hence, the need for security testing earlier in the life cycle has become paramount and the necessary thing now. Earlier, that was all closed, it was not that rapid, it was not that continuous, and, hence, you could manage it. Now, you’re in continuous development life cycle, continuous deployment life cycle, continuous testing life cycle. You have to have be in a continuous security life cycle also.
We see that it’s an evolution that the continuous economy has brought two enterprises to try understanding the impact of not doing security and really start treating it as it needs to be treated.
Charlene: That makes sense. When we’re talking about the continuous testing space then, today and then maybe a little further down the road, what have you seen changed in the space, say, maybe over the last year or so, or even maybe a little further back? Then, what do you see happening as that next phase of continuous testing?
That’s interesting that you’re asking this question. I get asked this question many times when I’m talking to our customers, like, “Why do we have to do this, we were not doing this earlier.” Right? Continuous testing is actually necessary because you really want to shrink your life cycle from two months, three months, to two weeks, two days, in some cases daily, in some cases every minute. If you don’t have an automated test plugged into your continuous life cycle, you’re not going to get the level of quality and real continuous aspect that you’re looking for. What has changed in the last one year? The organizations that were not adopting that phenomena has accepted that as a basic phenomena. Shift left has become integral part, Agile has become integral part. Now, people are talking Agile 2.0, 3.0, and now even 4.0, right?
What it means is, if you put everything continuous, if you do your testing properly, then, the next big problem that’s going to come up is you’re going to start using enormous amount of infrastructure. Because you can’t be running 30,000 test cases for every build, for a line of code that the developer has changed. You need to get smarter about what you run based on some artificial intelligence that you can use it. What we feel it is, as continuous testing is becoming mainstream in DevOps, continuous testing with some sort of artificial intelligence is going to be a necessity. Otherwise, your infrastructure cost is going to be paramount in your overall cost.
It might look small per build cost but, at the end of months, it’s going to be a big cost. Artificial intelligence in testing is going to be important. The second big thing that we see here is, it’s not about only functional and regression test, but also doing performance load testing upfront, and also doing security test based on the changes that are being made. It’s going to be important. You don’t need to do it blindly. You can do it blindly maybe once a quarter, or whatever is your regression cycle, but on ongoing basis, you need to get smarter.
The good thing is, the open source tools and other commercial tools are actually giving you these capabilities today. It’s that the enterprises haven’t yet really embraced these phenomena. I think as they embrace Cloud, as they embrace Platform as a service, I think they’re going to start accepting these whole phenomena in their life cycle.
Charlene: It makes sense. All right. Great. Well, Rutesh, thank you very much for taking the time. I appreciate it.
Rutesh: Sure. Thank you very much.
Charlene: Great. Thank you.