What does QA Mean for DevOps?

What does QA Mean for DevOps?

Abstract shapeAbstract shape
Join 27,000+ cybersecurity newsletter subscribers

 What is Quality Assurance? Well in time honoured fashion I shall quote directly from wikipedia:

Quality assurance (QA) refers to the engineering activities implemented in a quality system so that requirements for a product or service will be fulfilled

What does this mean for DevOps though? Well the end product is the software or application being provided so most people focus on its requirements when talking QA and DevOps.

Software development based on TDD/BDD and strict Continuous Integration practices are brought up frequently.

Do these things (TDD/BDD) typically involve both development and operations staff though?

OK. That sounds reasonable. They are certainly things you'd expect to be taking place within an IT team professing to practice DevOps. Do these things typically involve both development and operations staff though? No, they don't. Were they practiced within development teams before DevOps went mainstream? Yes, they often were (perhaps not often enough though).

While these development practices are part of the DevOps puzzle making them your only focus when it comes to QA and DevOps is a massive oversight. As mentioned in the above definition QA is about making sure that requirements (functional and non-functional) for your product or service are met. In the case of testing of code, or the end application, it refers to the requirements of the customer. Crucial, but not the full story.

What does DevOps deal with fundamentally? The relationship between development and operations staff. With this in mind let's consider development to be customers of operations for a moment. The product they require is a stable, efficient infrastructure upon which to build and host their applications. QA in this instance then needs to make sure that the requirements of the developers (and their applications) are being fulfilled.

This is an important thing to understand, and appreciation of it by operations will go a long way to solving the tension between the two teams that the DevOps movement was born to address. You don't need to dig much into the history of a typical IT department to find examples of quality infrastructure (in the eyes of the ops team) not meeting the requirements of the developers and their application. Of course there are frequently good reasons for this (eg: security) but the bottom line is that the degree to which the infrastructure is fit for purpose for the developers and their application directly affects the degree to which the application is fit for purpose for the customer.

...we can automate. That doesn’t ensure quality though, it only ensures consistency.

So how can we ensure quality in infrastructure and configuration? Well we can automate. That doesn't ensure quality though, it only ensures consistency. In the development space BDD is such a powerful thing because it tests based on the requirements of the end user. Saying "I don't need to test my infrastructure or config because it's automated" is like a developer saying they don't need to test their code because it does what it's written to do. The point is that you need outside validation.

QA for DevOps is, and probably always will be, a broad term. If you can't independently and automatically validate your infrastructure and application configuration though then there's a massive gap in your approach.


UpGuard logo in white
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Abstract shapeAbstract shape

Related posts

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan ratingAbstract shape