If you ask most people to describe the top DevOps trends in 2024, you'll likely hear buzzwords like AI or DevSecOps.
These are definitely trendy topics. But based on my day-to-day work helping companies plan and implement DevOps strategies, I've noticed a different set of notable trends in DevOps. Although a lot is being said about how technologies like AI will impact DevOps, the biggest changes I'm seeing now involve other types of solutions and technologies.
Here are what I consider to be the three most important current DevOps trends, along with details of how DevOps tools and processes are changing.
Policy-based management and IaC drive innovation in security DevOps
Security has always been a priority for DevOps practitioners. But now, I'm seeing DevOps teams adopting new strategies to improve the security of applications and the environments they support.
One widespread change is the greater use of cloud-based policy management to enforce security best practices in cloud environments. Teams configure cloud services and resources using code-based configuration frameworks supported by cloud providers, and then examine the configurations to detect risks.
This approach enables cloud governance to be enforced consistently, centrally, and automatically. Instead of simply writing governance policies and hoping engineers remember to follow them when configuring cloud resources, companies are building automated governance guardrails through policy-based management.
In the same vein, more and more DevOps teams I work with are adopting static code analysis of infrastructure-as-code (IaC) templates as a means of detecting risks. As with policy-based management of cloud resources, an IaC-centric approach to infrastructure provisioning makes it possible to automate infrastructure management and identify security risks early in the development life cycle.
Some teams use cloud policy and IaC code scanning to warn each other about security policy changes that could cause the application or service to crash. They do this by inserting configuration changes into their code using “audit” mode if their configuration framework supports it, or by configuring IaC scanners to report changes if the audit feature is not available. This allows engineers to detect if a change might cause a problem in an existing deployment.
This is important because security and application teams work separately in many organizations. When two groups lack an effective means of communicating changes, they can disrupt each other's operations—a “right-hand, left-hand” problem. Configuration checking provides a systematic way to ensure that every group is on the same page when it comes time to make changes – and the “checking” mode provides a grace period that allows time to react before the change takes effect.
Double your DevOps automation with GitOps
Another overarching trend currently reshaping DevOps is the use of GitOps to make DevOps automation more efficient and consistent.
GitOps is the use of Git (or a similar source control system) to manage automated DevOps workflows. It involves defining configurations using code and applying them through features like GitHub Actions.
When you choose GitOps, you move DevOps automation controls from individual workstations to central source control repositories. The result is the ability to track and manage all automated workflows via a central hub. Doing so increases efficiency and mitigates issues such as different engineers working with different versions of the same automation frameworks on their personal desktops.
In addition, GitOps automatically creates logs of what changed and how, because every action is logged by the source control system. This is not quite documentation in the traditional sense and means that GitOps documents every change comprehensively – which is useful because human engineers don't tend to be comprehensive when documenting their actions.
GitOps is certainly not without its challenges. Implementing GitOps effectively requires additional skills—namely, experience in both IaC frameworks and source control systems—that not all DevOps engineers possess. I've also noticed a tendency on the part of some teams to set up GitOps pipelines but rely on manual approvals rather than automated actions to make changes happen. This approach greatly underestimates the value of automating pipelines in the first place.
However, these are challenges that teams can solve through education and by fully adopting GitOps. Additionally, technologies like automated testing of GitOps configuration code can help build teams' confidence in automation processes and reduce reliance on manual approvals.
Going forward, we expect to see more adoption of GitOps technologies among teams looking to level up their approach to DevOps automation. Automating individual DevOps processes (such as software testing and deployment) will not be enough; Truly effective organizations will turn to GitOps to automate their entire DevOps workflow, from start to finish.
Invest in developer experience
Making software delivery processes more predictable and more efficient is just a step toward the ultimate goal of DevOps, which is to help developers become productive and satisfied with their jobs.
To that end, I'm seeing interest and investment in the developer experience right now. This is done through two interconnected initiatives.
One initiative is platform engineering. It involves creating DevOps teams that specialize in specific functions, such as network administration or security. These teams have been appointed to support those functions across the organization. This approach reduces the cognitive load of developers by freeing them from the need to handle types of work outside their main focus. In other words, instead of forcing developers to be DevOps specialists, cross-platform engineering allows different teams to focus on doing what they know and enjoy best – leading to increased productivity and higher levels of job satisfaction.
Another major developer experience trend that is currently underway is developer self-service. This means developers can get the technology solutions they need on-demand without the need for a complex purchasing process. In most cases, organizations enable self-service by implementing internal development platforms (sometimes called internal developer portals) (IDPs) that host ready-made infrastructure resources and software environments that developers can deploy on a self-service basis.
There are risks inherent in these trends. They require specialized types of skills. When poorly implemented, platform architecture and IDP solutions can create more problems than they solve. However, when you make sure your teams have the required expertise, and you deploy a carefully planned IDP that gives developers access to the resources they need, you're likely to see a significant reduction in friction within your organization and an increase in developer productivity and happiness.
Real world changes, beyond the hype cycle
Admittedly, discussing DevOps trends focused on security, automation, and developer experience may not be as exciting as discussing whether AI will take the jobs of DevOps engineers. But if you want to know what's really changing in the world of DevOps — rather than the more hype-worthy conversations — these are the places to look.
Security, automation, and developer experience are also among the areas of DevOps where there is a great deal of opportunity for innovation — in fact, where adopting new tools and technologies will be critical for organizations that don't want to be left behind as DevOps evolves.
