Why a DevSecOps imperative for companies with mainframes?

By Guilherme Cartier

While organizations continue to pour investments into cloud computing, many of the world’s largest organizations still have decades-old technology as the backbone of their IT ecosystems.

I’m referring to mainframes, of course, which are too often misunderstood as outdated.

Mainframes are extremely sophisticated machines designed for mission-critical applications that still have an important role to serve today. The biggest issue for IT teams is that many of the processes adopted in traditional mainframe application development are manual and error-prone and often lack automated testing, code scanning and documentation. Over time, all these things contribute to the accumulation of technical debt.

Considering that many essential applications and data stores run on mainframe, there is little tolerance for failures.

In the quest to meet market shifts and customer demands, while protecting against new cyber risks daily, organizations are looking for effective ways to optimize their mainframe environments while integrating across multiple hybrid IT platforms.

Our State of Mainframe Modernization research found that 95% of respondents are moving at least some of their workloads to the cloud or distributed platforms. But moving off the mainframe brings with it risks; our study found key concerns included increased security risks (56%), increased costs (49%) and application compatibility (41%).

For many companies, DevSecOps is an effective path forward when modernizing mainframe environments.

The power of mainframe modernization

Modernizing a mainframe environment requires organizations to review their overall strategy, process and tooling being used, and identify what changes are needed to maximize workloads on the mainframe.  

These organizations have several tools and approaches at their disposal to achieve modernization. Our research found that 56% of respondents were modernizing the mainframe environment through DevSecOps integration, second only to optimizing performance and capacity and rationalizing software (67%).

DevSecOps is a set of practices and tools that aim to improve the speed, quality and security of software delivery by integrating development, security and operations teams. In a world focused on modernization, deploying DevSecOps will become a must-do for any organization using mainframes for several key reasons.

How DevSecOps delivers results

Implementing a DevSecOps pipeline for mainframe applications provides benefits for organizations of all sizes:

• Accelerated time to market: DevSecOps enables mainframe teams to automate and streamline their development processes, from coding to testing to deployment. This process optimization reduces the manual effort and human errors that can slow down delivery and introduce defects.
• Enhanced quality: DevSecOps allows mainframe teams to implement quality gates and checkpoints throughout the pipeline, ensuring that code meets standards and requirements before moving to the next stage. This process also facilitates continuous testing and feedback, which helps identify and fix issues early and often.
• Elevated security: DevSecOps incorporates security into every step of the pipeline, rather than treating it as an afterthought. These safeguards mean that mainframe teams can apply security best practices, such as code scanning, vulnerability analysis and compliance checks to prevent and mitigate potential threats.
• Proactive operations: DevSecOps also shifts the operational aspects of mainframe development from reactive to proactive. Instead of waiting for problems to arise and then scrambling to fix them, mainframe teams can monitor and optimize the performance, availability and reliability of their applications throughout the lifecycle. This proactivity enables teams to anticipate and prevent issues before they impact the end users, and continuously improve the quality and efficiency of their operations.
• Connected collaboration: DevSecOps enables mainframe teams to use the same process and tools as other development teams, fostering a culture of collaboration and communication across the organization. This connection helps break down silos and improve alignment and integration among different platforms and applications.

DevSecOps drives value

Our research found that organizations believe modernizing the mainframe environment improves performance, reliability and innovation (43%).

Mainframe modernization also reduces costs, which can lead to a 9–11% increase in profits. There’s a reason why 90% of organizations in our study indicated that mainframes remained essential to their business operations.

It’s important to mention that DevSecOps can also introduce complexity by requiring the integration of security with every stage of the development process. The resulting complexity can initially increase development cycles and require additional resources, putting timelines at risk. It’s vital to have established collaboration between development, operations and security teams and dedicated training to create an effective balance between security and speed. The expectation is that timelines will speed up through practice and execution and the benefits will accrue.

The trusty mainframe combined with DevSecOps can deliver value more efficiently and effectively, while also reducing the risk of technical debt and legacy issues.

DevSecOps is not a magic wand, but it can be a powerful ally in combining tried-and-true legacy technology with the business need for modernization.

Guilherme Cartier is the Associate Director of Infrastructure and Cloud Architecture for Kyndryl.