Breaking Down the DevOps Pulse 2020: Going Cloud-Native

Our annual DevOps Pulse identifies and tracks points of interest and emerging trends throughout the tech industry. The 2020 DevOps Pulse was our biggest ever with over 1,000 respondents. This year, we put an emphasis on cloud-native technology adoption and adaptation to architecture, applications, and observability technologies.

However, we would be remiss not to trail and track how DevOps pros and their teammates are dealing with the other major events of the year.

2020, after all, has been a year to remember (or forget). The DevOps community has not been immune to this past year’s unexpected events.

As we do annually, we track the ebbs and flows of the industry with our annual DevOps Pulse survey and report. Despite an unstable year, the trajectory of trends and technology preferences we noted in last year’s survey has continued into the latter portion of 2020.

As we mentioned before, this year we decided to hone in on cloud-native tech. Our questions were looking for the pain points and prevailing trends in the developer’s realm.

Who Participated?

This was the largest survey ever conducted by Logz.io for DevOps Pulse with 1,058 respondents in a range of roles in their respective companies. Still, it has its limitations. About 86% were male. However, the trend year-to-year shows an increase in people who do not identify as males taking the survey (mostly women), up from 6.6% to 11%. And while this reflects a small sample size, the answers here were interesting when broken down by demographic.

Almost 40% came from large enterprise companies with over 1,000 employees, the bulk of whom are developers or DevOps engineers working on a team of 10 or more people.

Insights from the Survey

Cloud and Monitoring

Unsurprisingly, AWS leads the pack for cloud providers, with Google Cloud (12%) and Azure (11%) neck and neck for 2nd place. Serverless is more common now, as 25% of respondents said they were using it (a jump from 17% in 2019). Similarly, among those using a serverless framework, more than half were using AWS Lambda (75%), but that number dips to 56% when factoring in those not using any serverless framework (25%).

Most respondents said they were using between two and four observability tools (70% of those who answered). For those who are curious, 18 people said they were using 10 or more (~2%).

The most popular monitoring tools were Grafana (404), Prometheus (295), and self-hosted ELK Stack (192). For those currently using tracing, Jaeger is the most popular tool by far (32%), followed by Zipkin (14.5%) and Instana (11%). On security, only 24% of respondents indicated using a SIEM solution, while fewer (10%) said they used a SOAR tool.

Challenges to Observability

Only 56% of survey-takers said they store most infrastructure in the cloud. Perhaps more surprisingly, only half of respondents said they have 50% or more of their applications in containers. However, the 42% store 75% or more of their infrastructure, up from 34% last year.

Some technologies are clearly on the rise, like serverless frameworks. But things like edge computing and service meshes are still lagging behind in adoption. Additionally and unsurprisingly, Kubernetes dominates the modern DevOps workflow. It’s still a big bear to wrestle though. Answers varied as to its most challenging aspect. Security and networking, separately, each represented issues for 34% of answers. But monitoring and troubleshooting was the most difficult problem (44%).

As for main challenges to gaining full observability overall, architecture and microservices (including Kubernetes) presented an issue for about 60% of respondents. This was followed by scaling or open source management (40%) and a lack of knowledge (32%).

Those Who Containerize

We asked surveyees to estimate how much of their applications were containerized. Answers were in quarters — 0-25%, 26-50%, 51-75%, and 76-100%. There were some unsurprising correlations, like being far more likely than others to have more than three quarters of their infrastructure in the cloud (64.65%). Of those who answered 76-100%, they were the most likely to be using a tracing tool (49.76%), and more likely to rank tracing as highly important on a scale of 1-5 to their observability strategy (41.78% answered 4 or 5).

How important is distributed tracing to your strategy?

They were ALSO and most likely to be using open source tools for observability (22.33%, compared to 13.25% among those who had 25% of fewer containerized applications. They were also most likely to spend less than an hour to i.d. and troubleshoot production issues — in fact the more you containerize, the less time you’ll spend on troubleshooting:

How long does it take for your DevOps team to troubleshoot problems?

COVID-19’s Impact

Some stats from the report are unsurprising, such as most people answering nearly 100% of their teams are working from home (rather than 75%, 50% or some lesser percentage). But the proliferation of remote work has resulted in some other things, such as remote hiring. Specifically, more companies are making long-distance hires they wouldn’t otherwise have made had there been no pandemic.

Of those who answered yes, over 50% of respondents said they worked for a company with more than 1,000 employees. But 23.25% worked for companies with between 100 and 999 employees. Some even responded they worked for a company with fewer than 20! Other curiosities were that people making these long-distance hires were working at places more likely to use edge computing (61% to 49%), more likely to invest in distributed tracing (79% to 66%), to rank tracing’s importance 4 or 5 (40% to 33%), and to consider their observability strategies mature (31% to 23%).

The pandemic also forced the reevaluation of security policies, especially working from home and possibly using personal devices. We asked survey-takers what new security protocols took effect once the pandemic sent people to their dens. The biggest one was multifactor authentication (59%). Other tactics included home access to company systems through secure means (40%), required automatic security updates (32%), and firewalls on home networks (32%).

Security policies by company size (DevOps Pulse 2020)

Companies with more than 1,000 employees were more likely to require third-party controls (see above chart). Fully 54% of respondents who said they had new third party control requirements stated they were employed by these sorts of corporations. Additionally, this class of companies more often require automatic security updates (52%) and restrict mobile access to company accounts (52%). On the other hand, smaller companies of 1-20 employees are the most likely to require vetting personal devices at 18% (this might have to do with vetting being more logistically manageable with fewer employees to vet).

Around the World

A plurality of respondents hailed from North America (34%), with Asia Pacific (21%) and Western Europe (20.5%) the next most prevalent. While unclear if statistically significant, a greater percentage of women composed the survey-takers in North America (11%) than other regions (APAC was next at just over 8%).

Latin Americans (42%) were most likely to respond that 75-100% of their tools were open source, and most likely to say all of them were (28%). While every group ranked logs as their most important data source for telemetry, people from APAC (45%) were most likely to respond logs, traces, metrics, and events held equal priority (North Americans were next at 34%).

What percentage of your observability tools are open source? According to region

Additionally, Latin Americans were the least likely to have infrastructure based in the cloud (50% of surveyees said 25% or less was in the ether) while Africans and Middle Easterners (55%) were the most likely to have more than 75% of that infrastructure there.

When it came to COVID-19, workers in Africa and the Middle East were least likely to have about 100% of their employees working from home (only 45%). Curiously, only about 57% of Western Europeans said their teams were almost entirely home-based at this point. All other regions were at least 66% or higher.

North Americans (78%) and APACers (57%) were also the most likely to verify there were new security protocols since the pandemic started. Russians and Eastern Europeans were the least likely (7%).

Getting More Diverse, More Complex

This is only just a selection of insights from the data. We extrapolated a few things in this blog post, but you should read the report to get a deeper understanding of the space. The 2021 DevOps Pulse will certainly be interesting as we anticipate more participation, more specific questions about background and exact profession, plus more comprehensive tracking of trends in the industry.

Do you see information here that you want to know more about? Should we have asked about something else? What should the next survey include?

We look forward to hearing your feedback as we give you more high-level and deep evaluations of the DevOps world.