.png?width=610&name=J1_ModernCybersecurityBook_Promo%201200x628%20v2@2x%20(1).png)
Adopting DevOps in an organization is about welcoming cultural change. Especially when it comes to a very old and large organization, DevOps transformation is quite difficult. Join Jamal Walsh, senior solution architect and DevOps Institute ambassador from The Very Group, as he walks us through the challenges of adopting a cultural change in an enterprise organization. He discusses how The Very Group adopted the DevOps culture. He also explains the importance of adopting DevOps, as well as the ups and downs of cultural changes.
About The Very Group
Jamal walks us through the history of The Very Group, the UK's largest digital retailer. It was in 1990 when they first started an e-commerce platform. In 2015 they stopped printing physical catalogs and went digital. Then, in 2020, they developed a fulfillment center. Brought online during the global pandemic, the fulfillment center was full of automation and state-of-the-art technologies.
Right now, they have 4 million active customers and generate £2 billion annual revenue. They deal in products like electronics, clothing, and furniture. With around 300 people in tech teams, the company's current aim is to recruit more tech people and put tech and data at the heart of the business in order to move forward.
Scaling DevOps in an Old Enterprise Organization
Jamal shares a quote from Tech Beacon that compares enterprise companies with sleeping giants. They take some time to wake up or adapt to a new culture. But once they do, they unleash an incredible force—or, in business terms, bring in a huge change.
An enterprise organization has a very complex landscape, with different cultures and subcultures. In smaller companies, adopting DevOps is less complex when compared to a large enterprise organization. Because transforming all the existing cultures and subcultures is a complex job.
So, How Did The Very Group Adopt DevOps?
Jamal explains the steps that The Very Group took to adopt DevOps in their organization. Let's find out what changes they brought to the technical and organizational levels.
Changing the Infrastructure
The Very Group started by getting a DevOps-conscious CTO to represent technology at the board level. This is important because investment decisions are made at that level. Having someone who can explain the benefits of adopting a new culture will definitely help.
They started recruiting more new talents in all levels of technology. They brought in permanent employees, as well as experienced external partners to help with the agile and DevOps transformation.
Changing the Team Structures
The next thing they did was move away from contemporary models and stop working in silos. Instead of individual front end, back end, QA, and project managers, they created multi-disciplinary squads focused on deploying small, iterative changes. Each squad had a product head, head of technology, and delivery. Apart from that, they also had a product owner, delivery lead, QA, and BA that were supported by UX researchers, designers, data analysts, and solution architects.
By adopting these changes, they managed to
- break down silos
- adopt a “you build it, you run it” principle
- test, build, deploy, and perform operations more efficiently
But they didn't stop with these two changes.
Changing Development and Tech Strategies
They used a strangulation pattern to gradually migrate from a monolithic architecture to microservices and serverless architectures. A retail-based website must ensure the following:
- Customers can access their websites through any device or browser.
- During flash sales, when traffic increases, the performance of their site must not degrade.
- Accessibility standards now require websites to be easily accessible by all people.
For that, The Very Group developed a fully automated CI/CD pipeline by using Selenium for functional testing. They even started automating API testing, accessibility, performance, and browser compatibility testing.
Changing Security Strategies
They started adopting a shift-left strategy for security. Before the coding phase started, threat models were available. Developers analyzed dependency using the OWASP dependency checker and scanned the CI/CD pipeline to find vulnerabilities in the system.
By bringing in the changes we discussed above, They Very Group
- performs continuous deployment of microservices several times a day
- improved the confidence in their product’s quality and security
- achieved an improved response time to technical and security issues
So, the result? The average time for known vulnerability exploitation by adversaries was reduced from 45 days to 3 days.
Not only that, but they also maintained a balance of delivery and continuous improvement. This is because when you are focused only on faster delivery, you won’t get the chance to innovate and adapt to newer technologies.
Also, they adopted a sharing culture with biweekly Tech Forum meetings and All Tech meetings, where the teams share everything from data, QA, AWS, recruitment, etc.
Wrapping It Up
When the existing processes of an enterprise organization are working fine, it's hard to convince everyone to bring in new changes. But although adoption to the DevOps culture is time consuming, if you have a proper plan and do everything the right way, the end result is worth the effort.
