How AI Is Impacting DevOps

Artificial intelligence can truly enable DevOps teams “to do more with less.”

And that’s just one of the ways it will improve organizations, says Sacha Labourey, cofounder and chief strategy officer of CloudBees, an enterprise software company based in San Jose, California.

But that doesn’t mean there aren’t concerns as well. Labourey spoke with Chief Executive about how IT leaders and their DevOps teams can best leverage the ever-evolving world of AI.

What impact are you seeing in the DevOps industry from AI?

AI will make a significant and positive impact on DevOps and, by extension, on the business by enabling DevOps teams to get software into production faster than ever. AI will perform many of the mundane and repetitive tasks executed today by engineers.

Additionally, AI has the power to bring about the democratization of software development. Junior developers will be able to take on more and more of the low-level development tasks, enabling senior engineers to focus on strategic, high-impact initiatives.

AI lowers the bar for entry into software development and raises the ceiling for the innovation that can be more readily achieved by experienced developers. With the dearth of good development talent available, AI can truly enable DevOps teams to do more with less.

Specific areas where generative AI will make a positive impact for DevOps teams include application code management, release management, testing, cybersecurity, monitoring and improving up-time.

What are the aspects of AI right now that IT leadership needs to be aware of? What are the potential gains in using AI?

The pace at which AI is already being used to write code will obviously create some software development challenges. Much of the code being written by AI is generated by general-purpose large language models, such as the one that drives ChatGPT. These LLMs have been trained using code aggregated from across the web, regardless of its quality.

It should not come as a surprise that the code generated might be flawed or contain vulnerabilities. Therefore, it’s crucial for DevOps teams to continue to review code regardless of whether it was created by a machine or a human. However, LLMs for specific domains that have been trained using curated code will generate higher quality programs, so in the long term, the overall quality of the code generated by machines will improve.

Similarly, LLMs embedded with DevOps platforms will democratize software engineering. Instead of having to, for example, write and test a script, an IT administrator will simply request one via a natural language interface. It’s only a matter of time before LLMs are operationalized across DevOps workflows.

It’s hard to think of any DevOps job that won’t be impacted to varying degrees by AI. Rather than resist those advances, DevOps teams should welcome them. After all, DevOps is foremost a commitment to ruthless automation in the name of increased productivity. AI is simply the latest in a series of advances that have enabled DevOps teams to transform our world.

In fact, rather than fear AI, DevOps teams have a duty to safely operationalize it in ways that ultimately will enable the building and deployment of applications at levels of scale, resiliency and flexibility that would have previously been thought unimaginable.

What impact do you see the ever-increasing number of compliance standards that software teams have to comply with?

The compliance burden is definitely a second major trend. A compliance audit is one of the most stressful events any DevOps team can experience. Organizations spend months preparing to pass an audit that, if failed, can result in considerable fines and penalties being levied or even failure to deploy software.

The more applications an organization has within its portfolio, the bigger the challenge becomes. The number of mandates and regulations that need to be addressed are increasing in volume, with each new successive one becoming that much more stringent.

Many organizations also have applications that need to pass audits for multiple standards. For example, standards such as the payment card industry data security standard, or PCI DSS, and the Health Insurance Portability and Accountability Act, or HIPAA. While many of these mandates have a common core subset of requirements, they also each have their unique wrinkles.

In effect, compliance has become an ongoing series of processes and workflows that never really ends. The burden of proving compliance can really slow down software delivery.

How can organizations pay attention to compliance, but not let it get in the way of delivering software?

Organizations of all sizes are starting to implement best practices that enable them to manage compliance as a continuous process.

Rather than attempting to manage audits as a series of isolated events, organizations are addressing compliance requirements as codified controls that are embedded within a larger DevSecOps workflow. This enables “continuous compliance”—compliance baked into workflows, eliminating all the manual processes and workarounds many teams are dealing with currently.

As DevSecOps workflows evolve and mature, it’s only a matter of time before more organizations embrace continuous compliance. DevOps, at its core, is all about automating manual processes to speed up the rate at which software can be deployed.

As DevOps workflows are extended to address security and compliance requirements, the ultimate goal needs to be to build and deploy secure applications without slowing down the application development that drives the pace of innovation.

Continuous compliance complements DevOps by ensuring that security best practice policies are embedded into the software development and deployment processes. This helps organizations build more secure, compliant and reliable software while maintaining a rapid and iterative development cycle.