DevOps Strategies for Enabling Efficient Application Development for Software Companies during COVID-19
The COVID-19 pandemic has been unprecedented, and the entire IT industry has been forced to rethink and innovate practices to ensure continued support for critical operations and delivering quality software. Due to the social distancing norms, the teams are now forced to work remotely either from homes or remote offices, impacting the work habits of millions of IT Professionals in a matter of days.
As we transition to a remote-first world, many are finding a new work rhythm and redefining what it means to maintain a work and life balance without neglecting their family. In this period of crisis, practices like Cloud First, DevOps, Security, DevSecOps, Collaboration and technologies like Azure, GitHub, Azure DevOps, Microsoft Teams, GoToMeeting and others have emerged prominently. Our intent during these times is to share how we have contributed and continue to contribute to easing the technology challenges in our organization as well as for our customers.
Cloud First Initiative
Most of our Infrastructure has moved to Microsoft Cloud i.e. Azure. Be it our Business Executives accessing real-time sales information or our Software Development team releasing customer software or our Management monitoring the organization's health, the required data is securely accessible around the globe. All our applications are hosted on cloud configured to scale based on the usage and always available.
As it is the heart of the software development lifecycle unifying all the roles and people on a single platform. Our Developers, Testers, Build & Release Engineers, IT Operations, Leads and Managers collaborate remotely on the Azure DevOps and GitHub platform. Our teams manage the source code, prioritize development tasks, manage defects and release software using the DevOps platform. Since the DevOps platform automates the software releases, whether the teams are working in the building or at home or in any other remote location becomes inconsequential. The Azure DevOps / GitHub Platform is most suitable for the “on the go/on the move” remote kind of work.
Our teams had been trained to adopt the DevOps practices and the tooling prior to COVID-19. It has helped us to continue managing our projects in an uninterrupted manner and with nearly the same efficiency. The following DevOps practices have been configured for the teams working on both internal and customer projects:
- Version control using Azure Repos and GitHub for code revisions and code integrations with the team members across the globe
- Use of Kanban & Task Boards of Azure DevOps for collaboration, work tracking and real-time project health dashboard
- Team communication using Microsoft Teams integrated with Azure DevOps
- Code Reviews (Pull Request Builds) managed by robust branching policies
- Continuous Integration and Continuous Deployment using Azure Pipelines and GitHub Actions
This has resulted in a great sense of confidence among our customers as there is transparency on the project status and our customers are often briefed about the progress using Azure Boards, Teams, Dashboards etc.
We practice DevSecOps in our application development process to minimize security vulnerabilities in the applications we build. We extensively use quality & security tools like Microsoft Security Code Analysis, Fortify, SonarQube, Code Analysis, Unit Testing, Credential Scanner etc. as part of our CI / CD pipelines to detect and fix security issues during the development process and cement the confidence to our customers on code quality and security.
Another critical aspect is security, especially when teams are working on customer projects. In the world of spamming, phishing and ransomware, it is important to safeguard and control access to all the organization assets. The access to the on-premise assets from the authorized devices are controlled through the Corporate VPN and firewalls. We have enabled Conditional Access for cloud apps including Azure DevOps & GitHub backed by an Azure Active Directory. Multi-Factor Authentication (MFA) has been enabled to ensure conditional access and help protect against the risk of compromised credentials. Any unauthorized access gets duly logged and blocked to ensure the safety of the organization assets.
Lastly, business travel has been curbed and in-person meetings have been cancelled/restricted hindering business communication. We regularly use Microsoft Teams & GoToMeeting for business meetings, requirements elicitation, and customer support. These tools have been quite useful for Collaboration with partners and customers.
We have been able to perform business as usual with the right set of tools and practices in this COVID-19.