Don't miss out

Don't miss out

Don't miss out

Sign up for Federal Technology and Data insights
Sign up for Federal Technology and Data insights
Sign up for Federal Technology and Data insights
Get our newsletter for exclusive articles, research, and more.
Get our newsletter for exclusive articles, research, and more.
Get our newsletter for exclusive articles, research, and more.
Subscribe now

The 5 phases of DevOps maturity

The 5 phases of DevOps maturity
Go to ICF
DevOps intro

DevOps is cultural and technical

Software organizations conceived DevOps in reaction to the difficulties and limitations of running software development and IT operations in separate practices. Through DevOps, enterprises break down barriers between technology disciplines to unlock new levels in speed and quality for reliable releases to production.

Even the most advanced organizations continuously improve and redefine their approaches through the DevOps maturity lens. This guide will step you through the 5 key phases of DevOps maturity as they impact 7 different facets of your business: organization, delivery, automation, testing, security, monitoring, and operations.

devops intro

Phase Zero: You haven’t started DevOps

Many pre-DevOps software organizations become so accustomed to the limitations of their technology workflow, they may not even be aware of better ways of working.

organization

Organization

Development, operations, security, product owners, and users are all in separate teams with different incentives and priorities.

delivery devops

Delivery

The waterfall approach defines success by features and timelines rather than business outcomes.

Project-oriented release cycles focus on milestones over user or market changes.

Ideas take months or years to go into production.

Teams direct attention to fighting fires rather than adding value to the product.

automation devops

Automation

Infrastructure is created and updated manually, a slow and error prone process.

Servers are treated like pets instead of cattle, needing lots of individualized attention.

testing devops

Testing

Testers work manually, making quality assurance a bottleneck.

security devops

Security

Security engages only weeks before go-live of a new release, focusing on the minimum security scans needed to meet compliance.

monitoring devops

Monitoring

Teams learn about outages from the user, when they’re already in crisis.

operations devops

Operations

Operations receives releases “over the fence” without the opportunity to plan.

Is there such a thing as a DevOps department? Purists will say creating another department is the antithesis of the DevOps ethos. DevOps is everybody’s job. But don’t let the perfect be the enemy of the good. Some organizations need to stand up temporary working groups or task forces to steer DevOps practices through entrenched silos.

devops phase 1

Phase 1: DevOps in pockets

Small teams are most effective for piloting new DevOps practices. Many enterprises start their DevOps journey by realizing attainable wins before they extend to the broader organization.

organization

Organization

Dev and Ops start working together on select, small-scale strategic projects.

delivery devops

Delivery

Blended teams introduce agile practices, directing their energy at business and user value over project planning.

automation green icon

Automation

Automated deployments reduce the risk and stress of releases.

testing devops

Testing

Testers introduce unit, integration, and end-to-end testing to bring quality assurance earlier into the process.

security devops

Security

Security still operates separately (for now).

monitoring green icon

Monitoring

Basic external site monitoring alerts the team of risks and interruptions as soon as they impact the user.

operations

Operations

Ops team stays ready and aware of forthcoming releases from development.

Team reviews availability and performance alerts for improvement opportunities.

What is DevSecOps and how does it fit? DevSecOps represents a trend, especially with government IT teams, where cybersecurity responsibilities are formally built into the processes. Security has always been a part of the DevOps ethos to ship frequently ship high-quality, reliable, and secure software. But, DevSecOps helps emphasize the need to scan your own custom software, analyze the software dependencies in your supply chain, and build security from the inside out. This focus also helps agencies begin to better structure enterprise organizations and staff projects with the right security capabilities directly on the team.

devops phase 2

Phase 2: Automation

Many find automated processes to be the most natural next step — and a foundational bedrock — for adopting DevOps practices.

organization

Organization

Security staff join meetings well before deployments.

delivery devops

Delivery

Agile practices take deeper root across development, operations, design, and business groups.

automation devops

Automation

Most infrastructure is automated so provisioning is repeatable and reliable, opening up possibilities for more frequent reliable deployments.

testing

Testing

Security scans are integrated into testing protocols throughout the dev process, not just at deployment.

security devops

Security

Security gains a seat at the table for design, architecture, and Ops conversations.

Security staff support testing team as they integrate scans into regular processes.

monitoring devops

Monitoring

No changes

operations

Operations

Ops team incorporates new automation techniques into their practices.

DevOps, Lean, Agile, Scrum … These concepts are often mentioned together because they are rooted in a shared ethos. All these systems of thought suggest a shift away from measuring internal benchmarks and towards measuring success according to the customer’s experience.

devops-phase-3

Phase 3: Pipeline

A continuous integration pipeline capitalizes on investments in automation while starting to deliver tangible business benefits from DevOps culture.

organization

Organization

Security staff become full-time members of the product team.

delivery devops

Delivery

Product-oriented thinking replaces the Project-oriented approach of older Waterfall methods.

automation devops

Automation

Immutable infrastructure just replaces old servers rather than update them. Servers are treated like cattle, not pets.

Infrastructure and code updates deployed via pipelines.

Security updates are built into the product development workflow.

testing devops

Testing

Performance and load testing make deployments ready for production scale.

security devops

Security

Dependency management identifies 3rd-party vulnerabilities before they cause damage.

Continuous security monitoring distributes security awareness across the team.

monitoring devops

Monitoring

Continuous application monitoring actively tracks the overall health for early detection of problems and incident root cause analysis.

operations devops

Operations

Developers consider operations in their docs, analytics, and standard operating procedure changes.

webhosting maturity model

The web hosting maturity scale

How can organizations stay nimble while making sense of all the latest products, methodologies, and technologies?

devops phase 4

Phase 4: Blended architecture

Breaking down silos start to deliver business results when development and operations no longer work in separate technical environments.

organization

Organization

No change

delivery devops

Delivery

Agile practices mature into Lean practices for even more business-focused workflows.

Complexity and technical debt are managed as investments in the future.

automation green icon

Automation

Self-service environment automation invites engineers to deploy the infrastructure they need when they need it.

testing devops

Testing

No change

security devops

Security

No change

monitoring green icon

Monitoring

No change

operations

Operations

No change

Dueling incentives: Developers are historically rewarded for delivery fast, so they like to use the latest and greatest techniques. Operations staff are rewarded for a safe environment, so they prefer to establish stable baselines, and then change as little as possible. DevOps creates shared objectives in place of these competing interests.

devops phase 5

Phase 5: Continuous deployment

At ICF, we call this DevOps nirvana. While you’re never done improving and learning your DevOps practice, working in a continuous deployment environment fulfills the promise of time and energy serving the business and user needs first.

organization

Organization

Multi-disciplinary organizations replace traditional corporate and government structures.

delivery devops

Delivery

A culture of continuous improvement sustains momentum for ongoing advancement.

Experimentation drives new product direction and process improvements.

Ideas go to production in hours or days.

automation devops

Automation

New code that passes through all pipelines and environments is released into production without human intervention.

testing

Testing

Soak tests anticipate product performance in real world situations before deployment.

security devops

Security

All groups and roles share security responsibilities.

monitoring devops

Monitoring

Observability allows teams to actively analyze and debug production applications as they monitor.

operations

Operations

Developers rotate on support shifts to sustain their understanding of operational and user concerns.

DevOps coursechart

How to chart your DevOps course

No two organizations will experience the same DevOps maturity path. From government to utilities to private companies, the people and culture of a technology organization determines their transformation journey. ICF’s Digital transformation experts evaluate people, organization, and technologies to help enterprises deliver on their promise to users.

Discover how we drive IT modernization for federal agencies.

Your mission, modernized.

Subscribe for insights, research, and more on topics like AI-powered government, unlocking the full potential of your data, improving core business processes, and accelerating mission impact.