What is platform engineering and will it see the end of DevSecOps?
Platform engineering is not just the latest industry buzzword but could represent a profound change in how software is developed and governed
Platform engineering has become somewhat of an industry buzzword in recent years as organizations look to rapidly accelerate the delivery of applications and unlock greater business value at scale.
This emerging discipline, as Gartner describes it, helps markedly improve developer experience and productivity by “providing self-service capabilities with automated infrastructure operations”.
Simply put, platform engineering centers around enabling developer teams to focus on building and fine tuning products while rapidly accelerating product teams’ delivery pipeline.
Similarly, it helps solve the age-old issue of fostering closer cooperation between software developers and operators.
By 2026, 80% of software engineering organizations will will establish platform teams, according to Gartner research. This prompts some to question whether platform engineering will render DevOps or DevSecOps obsolete.
Does platform engineering spell the end of DevOps?
This was a question posed to a trio of participants during a roundtable discussion at KubeCon 2023 in April.
The panel, which included GitLab CPO David DeSanto, Sarah Polan, Field CTO EMEA at HashiCorp, and Stu Miniman, director of market insights at Red Hat, explored at length the rise of platform engineering and whether it spells the end of DevOps as we know it.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Trend Micro security predictions for 2023
Learn more about securing environments and systems with a Zero Trust strategy
While all three agreed this emerging trend has gathered, and continues to gather, pace in recent years, it’s more complex than simply heralding a new era in product engineering and development. It’s dependent wholly on the individual needs of the business, and their ability to navigate change.
Platform engineering isn’t for everyone, but it could unlock significant improvements to productivity and application delivery if done currently, according to Stu Miniman.
“When we talk to our developer communities, some of the biggest problems we hear is that there’s cognitive overload and dealing with context switching,” he said.
“It’s a challenge that all of us have, but especially with developers. Platforms are not new, but platform engineering is a thing that’s been growing for about three years now.”
Miniman noted that, fundamentally, platform engineering is about enabling developers to focus on their primary role and delegate certain aspects of platform management and governance to teams specifically catered around that task.
In doing this, platform engineering makes things “a little bit simpler” for developers and removes – to an extent – the cognitive overload that many experience when building and managing platforms.
What problem does platform engineering solve?
For many years, businesses globally have focused significant resources in bringing together the developer, operator, and cyber security elements that all play a key role in delivering software applications rapidly to keep pace with insatiable customer demand.
But asking developers to build then subsequently maintain platforms has placed significant strain on teams, Polan noted. This strain has reared its ugly head frequently, especially with regard to security and risk management.
“The past couple of years, the previous trend was very much DevOps. So we wanted to encourage developers and engineers to build and run their own infrastructure and then we quickly became cognizant, both from a business standpoint but also the technical and developer standpoint, that the developers didn’t actually want to own and run their own infrastructure because there’s a lot that goes into that,” she said.
“Whether it’s risk based, velocity based, or not being able to focus on the business problem.”
Miniman echoed Polan’s comments, noting that this increased strain has frequently been referenced as one of the key hindrances to developer teams in addition to the increased security considerations required when developing at pace.
“DevSecOps is great, but we know one of the impediments to rolling things out faster often are security issues that you need to worry about or getting everyone involved,” he said.
“You’re talking about golden paths and about giving people the guardrails, governance, and control. In certain pieces, we want to take that off the plates of the developers so they can focus on writing code, modernizing things and taking advantage of technologies.
“So, if we can make things a little bit simpler and allow developers to focus on their primary role and the stuff they want to be doing, that makes things easier.”
Platform engineering in an era of heightened risk
Surging security threats in recent years have, in part, led to the growing popularity of platform engineering as a discipline, Polan insisted. By charging responsibility of governance, control, and risk management to developer teams, this can lead to overload and causes vital issues to be missed or overlooked.
Platform engineering helps mitigate this problem by delegating an aspect of this responsibility.
“I think that it [platform engineering] is becoming increasingly important, especially as we start looking toward the Internet of Things (IoT) starting to explode and edge computing, and having to have this modularity but also looking from the security and risk standpoint,” she said. “We need to be able to follow these different patterns.”
Polan cited the SolarWinds and Log4j incidents as a prime example of this lack of clarity about platform risks and transparency of oversight for individual platforms within an organization’s estate.
“I think if we look at SolarWinds, for example, not being able to follow exactly where all of this infrastructure and deployments went affected where the potential threat breach was after the initial supply chain attack.
“So just making sure that we as organizations are in control, but also garnering business value from this by setting guardrails in place and say ‘we want you to be able to do what you want, follow industry standards, use open source’, but also make sure we have adequate control over these things.”
Why DevSecOps is here to stay
All three roundtable participants agreed that platform engineering doesn’t necessarily spell the end for DevSecOps as a discipline. Instead, this forms another part of how organizations build, modernize and manage their platform environments.
Miniman suggested that platform engineering represents an “outgrowth” of DevSecOps, adding that it’s “an extension of what we’re doing - it’s evolutionary, not necessarily revolutionary.”
DeSanto echoed his thoughts, noting that there is room for beneficial coexistence that will ultimately deliver benefits for developer teams and the broader organization.
“I sometimes struggle with why something has to die for something else to exist,” he said. “And so, I don’t know what nerd references are right for the audiences, but maybe it’s the Jedi versus the Sith? That’s what it feels like to me.
“I think there’s a lot more overlap and value to that. In essence, platform engineering is making sure your DevOps or DevSecOps teams are more effective - and they’re more effective because they’re working with the platform team and vice versa.
“One of the things I’ve seen is that the more you go toward infrastructure as code, that could be in the DevOps system, but it’s for the platform team. You end up in this situation where they’re actually related and one is not necessarily killing the other.
Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.
For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.