Driving Organizational Success with the State of DevOps 2022 Report

“Boat this!”

We have just completed the research and analysis for the 2022 Accelerate the state of DevOps Report (SODR) and oh boy, do we have any interesting things to share! First, let me take a step back for those of you who may be new to DevOps Research and Assessment (DORA) and our annual report, SODR. DORA is an academically rigorous research program that seeks to answer the questions: “What practices enable teams to be successful software teams?” And how do these practices impact organizational performance? »

Since 2014, we’ve surveyed 33,000 practitioners worldwide across all major industries. The project is intentionally and resolutely independent of tools and platforms. Research builds on itself, and each year we seek both to evaluate previous findings and to expand in other directions or areas of research. It’s important to note this because many of the key findings, such as “software delivery performance drives organizational performance,” have been validated year after year. I encourage you to go back and Lily everything the reports For years past.

Security

This year, we’ve doubled down on our 2021 software supply chain security research by looking at technical practices that improve software supply chain security and non-technical practices that impact the ability to an organization to excel in securing its software supply chains. We leveraged two frameworks to focus our research: supply chain tiers for software artifacts (SLSA) and the NIST Secure Software Development Framework (SSDF). Below is a summary of some of our key findings in this area:

  • Shift left on Security is a widely adopted practice. Our research shows that two-thirds of respondents are actively pursuing software supply chain security by integrating security seamlessly into the development process.
  • Culture is the main driver for the adoption of security practices. You would expect technology to be the main driver, but our research showed that a generative organizational Culture (e.g., performance-driven, highly cooperative, risk-sharing) leads to healthier software practices.
  • Technical Practices Around CI/CD Predict Security Success. Companies that use source control, continuous integration (CI), and continuous delivery (CD) have more established SLSA practices. These practices transfer security to developers and ensure consistent security analysis.
  • Cloud allow secured Software practices. The five characteristics of cloud computing as defined by NIST enable the successful adoption of software supply chain security which, in turn, predicts better organizational performance.

Our research has shown that companies that prioritize and excel at securing the software supply chain experience fewer service disruptions, anticipate fewer security breaches, and show high levels of software delivery performance and performance. organizational. Data has shown that through the use of modern practices such as continuous integration, teams can improve their security posture and even amplify the positive impact of these security practices on software delivery metrics (MTTR, deployment frequency, service restoration time) and overall. organizational performance.

Culture

We saw above that the greatest predictor of an organization’s application development security practices was the presence of a generative organizational culture based on risk and information sharing. We also find that elements of these types of cultures also lead to higher overall organizational performance. Our research has shown that high organizational performance can be achieved by fostering environments that are:

  • Support : Teams that felt supported and had management buy-in (e.g. more financial support, more resource allocation, sponsorships, etc.) were associated with high performing organizations.
  • Stable: Teams that didn’t see much change in their workforce over the past 12 months were more likely to be in high-performing organizations.
  • Flexible: Organizations with higher levels of work flexibility around where work was performed – remotely, in-person or hybrid – performed better overall.

We also looked again at burnout this year and expanded the scope to understand which elements of culture contributed to lower levels of burnout. We found that generative culture, team stability, and work flexibility all contributed to reduced employee burnout.

Reliability

In previous years, our research has told us that those who excel in technical practices also excel in organizational performance. This year, we have more nuanced data on this topic. This year, we found that software delivery does not predict strong business outcomes unless these practices are associated with reliability. Think about it: will a customer be happy with the new features if the service is not stable? What’s the benefit of quickly pushing code into a fragile environment? Reliability is a critical element in driving organizational performance through software delivery performance.

We also find that the impact of site reliability engineering (SRE) on organizational performance is not linear; Reliability engineering practices often do not result in additional reliability or organizational performance until a certain maturity is reached. It is important that teams know this and approach their SRE practice as an investment. They probably won’t be sparkly ponies and unicorns at first as you build the reliability muscle, but as you progress high performance and success are likely.

Cloud

Public cloud usage is up 36% from 2021, while companies reporting no cloud usage are down 50%. Hybrid cloud usage is up 25%. Not surprisingly, the use of cloud computing was associated with better organizational performance. Over the past few years, we’ve found that it’s not “cloud usage” per se that drives organizational performance, but rather achieving the five essential characteristics of cloud computing–self-service on demand, broad access to the network, pooling of resources, rapid elasticity and measured service. This year, we’ve seen cloud computing enable things like reliability, continuous delivery, and improved supply chain security that drive organizational success.

More than 50% of people who responded to our survey said they used multiple cloud providers. We asked respondents what benefits they derive from using multiple cloud providers. Here are the first three:

  1. Availablity
  2. Leverage the unique benefits of each vendor
  3. Trust is spread over many suppliers

Given that reliability seemed to be the key to a successful software delivery store as well as a thriving organization, it’s no surprise to see uptime listed by nearly 63% of respondents as a benefit stemming from using multiple clouds.

Summary

Our research continues to progress and we continue to dig deeper and deeper into the capabilities and practices that impact your business. We are seeing broad adoption of the themes of security and reliability, both of which are strongly embedded in the culture. A good culture leads to success. Period. There’s no magic crop button and it takes some work, but it’s very doable. Start by setting organization-wide or line-of-business goals, then just start improving continuously. Don’t worry about creating a three-year improvement plan; create a one-month plan and just get to work instead. At the end of this month, evaluate your learning, refine your concentration and get back to work. With a commitment to hard work and continuous improvement, your investments should start paying off and, as a bonus, you’ll have a better culture.

We hope you enjoyed these juicy finds as much as we did and we encourage you to read the entire 2022 State of DevOps Report.

Also, join us on dora.community to continue the discussion of these findings and to share and discuss your experiences on your journey to great software delivery and operations.

Aubrey L. Morgan