There are a number of development and operational practices that are part of DevOps, and not every industry is adopting all of those practices at the same rate. That's one of the key findings in the 2019 State of DevOps: Industry Report Card, released at the end of January by DevOps vendor Puppet.
The 40-page report is based on Puppet's 8th annual State of DevOps survey, which benefits from the input of 3,000 technical professionals. Alanna Brown, senior director of community and developer relations at Puppet, told ITPro Today that the State of DevOps: Industry Report Card slices Puppet's 2019 survey data by industry and grades each industry based on their DevOps practices and security integration. The industries analyzed were financial services, retail, telecom, government and technology.
"As the creator and one of the authors of the State of DevOps Report for the past eight years, and working closely with numerous customers through the various stages of their DevOps evolutionary journeys, the findings were more validating than surprising," Brown said.
The scorecard gave the technology industry an "A" for DevOps adoption and an "A-" for security integration as part of the DevOps development pipeline. Brown noted that it was expected that companies in the technology industry would be leading the pack in terms of security integration because DevOps tends to be part of the DNA of those organizations.
In contrast, the financial services and insurance industry scored only a "B" for DevOps and a "C-" for security integration. Financial services and insurance firms tend to be older, thus having more accumulated technical debt, out-of-date technology, more regulations and functional silos that create barriers to evolution, according to Brown.
While technology vendors scored well, the retail industry has the highest percentage of firms that can and do code deployments on demand — 57% are capable of deploying to production on demand, and 28% say that they actually do deploy on demand.
"We work with a lot of big retailers, so it’s no surprise to us that they are heavily focused on deployment frequency because deploying changes faster gives them a clear competitive edge," Brown said.
One of the surprises for Brown in the report was that government didn't score well for DevOps adoption, only getting a "C" grade. Among the issues that held down the grade is that only 41% of government agencies have the ability to deploy code on demand. Security was also a weak point for the government vertical.
"Out of all industries, government had the lowest percentage of respondents reporting that security tools are integrated into the development ecosystem, and security and development teams collaborate on threat models (9 percent)," the report stated.
Looking forward, Brown is optimistic that DevOps adoption will grow over the course of 2020. She commented that Puppet has seen shifts every year since the company started the State of DevOps Report in 2012.
"We have been working very closely with large enterprises on their DevOps initiatives, and we’ve found that most are stuck in the middle," Brown said. "They’ve adopted some practices and seen success in pockets, but there are still considerable barriers to scaling DevOps."