Skip to content

Best Practices for Evolving and Scaling DevOps

Launching a DevOps transformation within your organization takes time, patience, and buy-in from leaders in both software development (Dev) and operations (Ops) teams. The DevOps model promises improved efficiency, agility, and security, but a successful transition won’t happen overnight. Evolving and growing DevOps in your organization will be a gradual, multi-step process.

The 2018 State of DevOps Report, presented by Puppet and Splunk Inc., outlined DevOps as an evolution composed of five stages. The 2019 State of DevOps Report builds on these ideas and emphasizes the importance of making security a shared responsibility across teams. Here are some of the most important takeaways that you can use while scaling your organization’s DevOps:


Stage 1: Normalization

Development teams use version control and a standard set of operating systems

Stage 2: Standardization

Teams deploy on one operating system and build on standard tech tools

Stage 3: Expansion

  • Individuals can do work without approval from outside the team
  • Teams develop reusable deployment patterns

Stage 4: Automate infrastructure delivery

  • System configurations, provisioning, and security configurations are automated
  • Infrastructure teams use version control

Stage 5: Self-service

  • Incident responses are automated
  • Resources are available via self-service
  • Applications are revised depending on business needs
  • Security teams participate in tech design and development

The 2019 report found that organizations that had made the most progress in their DevOps evolution were automating security tasks, such as security policy configurations in Stage 4. This integrated security approach gave teams a strong foundation as they moved into Stage 5. The report noted:

“The highly evolved teams we encountered in last year’s report were not simply shifting security left. They had cultivated a powerful blend of high-trust environments, autonomous teams, and a high degree of automation and crossfunctional collaboration between application teams, operations and security teams.”

The report’s key findings further emphasize the essential connection between DevOps and security considerations:


  1. Good DevOps leads to good security.

When you build a strong DevOps environment, focusing on culture, automation, measurement, and sharing, you also create a foundation for good security outcomes.

  1. Making security an indispensable part of the software delivery lifecycle creates more confidence.

In companies with the highest level of security integration, 82% of respondents said their security policies and practices significantly improve their security posture – compared with 38% of respondents at companies with no security integration.

  1. Integrated security through the delivery lifecycle leads to positive outcomes.

Organizations with a high level of security integration experienced positive outcomes, including an ability to deploy production on demand faster than other companies and more effectively.

As you evolve and scale DevOps in your organization, make sure security integration is one of your top priorities, not an afterthought.

Learn about how York Solutions’ Managed Service Solution (MS3) can benefit your organization.