Since 2010, Puppet’s annual State of DevOps Report has tracked trends in IT, including security and, more recently, the growth of platform engineering. 2024’s edition, which includes the results of a survey of over 600 IT professionals worldwide, shows that security and platform engineering are now closely intertwined, with platform engineering teams now taking on more responsibility for security. Plus, the results show that these teams are making a tangible difference.
Before diving into more details, it is crucial to understand what platform engineering provides. Platforms aim to give end users — especially software developers within organizations — fast and simplified self-service access to the technologies they need to do their jobs. These platforms are managed by platform engineering teams, who provision and manage all workflows, tools, and platforms involved. Platform engineers typically come under operations or engineering as part of teams or separate ones. They could even be part of product teams. Their area of focus is ensuring that their primary customer, the developers, get what they need to deliver at speed on the organizational needs.
Platform engineering is not just some fad. Gartner has predicted that 80% of global organizations plan to have a team dedicated to platform engineering by 2026. The State of DevOps Report found that 43% of respondents have had a platform team for at least three years and a quarter for six to nine years. 65% said that platform engineering teams will receive continued investment.
Platform engineering offers multiple benefits to businesses and their employees. First, it reduces the volume of support requests to IT operations teams, allowing them to focus on tasks other than firefighting. Second, developers can concentrate on their core work, knowing that what they need is being provided without the need to search for it or verify its accuracy.
The value of all this cannot be underestimated, given the growing complexity and scale of many software development environments today. Software development is the point at which vulnerabilities can occur, leaving the door open for future exploitation. Think of platform engineering teams as the protective barrier between developers and potential chaos.
And it is working. When asked about the benefits of platform engineering, 31% of respondents in the State of DevOps survey reported a reduced risk of security breaches. Improved compliance and security was also the third-highest use case (49%), surpassed only by improved productivity and automated, standardized processes.
This demonstrates a significant shift in DevOps: security is being integrated up-front and considered right at the start of platform strategies. 70% claim that security was built into their platforms from the beginning. A further 60% cite security and compliance as the leading benefit of platform engineers. This is a sea change. Previously, while security may have been acknowledged as necessary, implementation was typically left to individual teams to implement.
With platform engineering, security management can become controlled and consistent across organizations. In addition, they are increasingly likely to have a platform dedicated to security (and other platforms for other functions). Having specialized platforms allows teams to focus on the excellence of what they do rather than over-centralizing and forcing people to potentially use tools and take on responsibilities they don’t want or need. The survey found that 56% have five or more platforms, with almost 10% reporting they have at least 10.
Platform engineering has evolved significantly in just a few years, and its value is now well understood by many organizations. We see it as a crucial stepping stone in creating more governed DevOps. Embracing platform engineering’s contributions to better security and compliance is important, as is managing an estate that is continuously patched to ensure uptime. The trend of delivering patches to the estate automatically, rather than through manual patch management, is growing and is expected to continue throughout 2024 and beyond.
About the Author
Kapil Tandon is the VP of product management for Perforce Software. He has more than 25 years of experience in product roles within tech, and has previously served as the VP of product growth for Tricentis and as a principal PM lead for Microsoft. Tandon holds a master’s in marketing from Pace University. Kapil Tandon can be reached online at ([email protected], https://x.com/kapilt, https://www.linkedin.com/in/kapilt/).