10 top devops practices no one is talking about

When asked about their top devops practices, IT leaders often cite version control, automating deployments with CI/CD pipelines, and deploying with infrastructure as code. But many other devops practices are worth considering for organizations that want to improve the frequency, reliability, and security of software deployments.

Over time, I have amassed a list of 40 devops practices that encompass the software development lifecycle, spanning from planning through releasing and monitoring. With so many options to choose from, tech leaders must decide whether to continue investing in practices they’ve already developed or extend their capabilities in new areas.

Chris Mahl, CEO of Pryon, says, “Devops practices that actually move the needle aren’t the flashy ones everyone talks about. It’s the unglamorous work, such as standardizing CI/CD pipelines across teams, implementing consistent observability standards, and treating environment alignment as data architecture.”

Organizations developing custom software at scale are likely to adopt advanced CI/CD practices and incorporate observability capabilities to improve application monitoring. But with recent advancements in AI code generators, low-code development, and agentic AI software development, it’s a good time to revisit devops strategies and priorities.

I asked experts for their top devops practices that are frequently overlooked despite being critical for organizational success.

1. Revisit devops culture and collaboration

Devops emerged as a culture that enables development teams to release code into production frequently while supporting IT operational mandates, including reliability, security, and performance. Almost 20 years later, many of the challenges between “dev” and “ops” functions, such as manual deployments and testing, have been addressed through devops practices and solutions. IT leaders should revisit their devops mission and culture to ensure it aligns with current goals and challenges.

“A key, yet overlooked, devops practice is building true shared ownership, which means more than just putting teams in the same chat room,” says Chris Hendrich, associate CTO of AppMod at SADA. “It requires making production reliability and performance a primary success indicator for development, not solely an operational concern. This shared accountability is what builds the organizational competency of creating better, more resilient products.”

An area to focus on is how devops practices help promote the reliable release of AI agents and machine learning models.

“As AI becomes embedded in how businesses build and ship software, the leadership model must evolve,” says Graham McMillan, CTO of Redgate. “Technical leaders need to upskill not just in AI tools, but in how to govern data pipelines responsibly, navigate compliance in a machine-driven environment, and create space for experimentation.”

Recommendation: IT leaders must remember that devops is an investment. Updating a vision statement to reflect the business value and targeted KPIs associated with devops practices is a vital way to establish and maintain priorities.

2. Validate code quality and security proactively

Early devops charters often overlooked security, so many organizations now opt to use devsecops in their charters to ensure a shift-left security mindset. Adding code quality, security, and compliance checks in CI/CD is more important today as organizations rapidly adopt AI code-generation tools.

“Baking an integrated code quality and code security approach into your devops workflow isn’t just good practice, it’s essential and a game-changer,” says Donald Fischer, VP at Sonar. “Tackling security alongside quality from day one isn’t merely about early bug detection; it’s about building fundamentally stronger, more trustworthy, and resilient software that is secure by design.”

Recommendation: Fischer suggests that a proactive approach to code quality and security avoids costly, time-consuming last-minute fixes, ensuring that software delivered in production is not only high-performing but trustworthy and resilient.

3. Automate reviews of the open-source supply chain

Another security practice is to focus on the supply chain of open-source software, ensuring that the benefits of using third-party components aren’t undermined by security and other compliance gaps.

“Open source is a no-brainer for developers, but as the ecosystem grows, so do the risks of malware, unsafe AI models, license issues, outdated packages, poor performance, and missing features,” says Mitchell Johnson, CPDO of Sonatype. “Modern devops teams need visibility into what’s getting pulled in, not just to stay secure and compliant, but to make sure they’re building with high-quality components.”

Recommendation: Johnson recommends employing automation that flags low-quality or risky dependencies before they reach the pipeline, enabling developers to build better applications without tradeoffs.

4. Standardize CI/CD pipelines

Implementing a CI/CD service can accelerate and simplify development cycles, according to Michael Ameling, president of SAP Business Technology Platform and member of the extended board at SAP SE. He says, “Predefined, ready-to-use pipelines help keep the time between commit and production as short as possible for a shorter lead time and low error rate. With managed CI/CD pipelines, teams can automatically test, build, and deploy code changes without worrying about the underlying infrastructure.”

Recommendation: Organizations that once empowered agile teams to develop and support their own CI/CD pipelines have an opportunity to consolidate to standardized patterns, thereby reducing technical debt, maintenance efforts, and risks when select pipelines don’t adhere to standards.

5. Extend devops to database schemas

Many CI/CD and version control practices focus on the application’s code, user interface, and configurations. Graham McMillan, CTO of Redgate, says that’s not good enough and devops teams should apply the same devops standards to their data engineering, data pipelines, and other data management assets.

“Version-controlling database schemas and configurations across development, QA, and production is a quietly powerful devops practice,” says McMillan. “It aligns environments, reduces drift, and brings database changes into the same CI/CD rigor as application code.”

Recommendation: Devops teams should script schema changes, data transformations, and other database changes to ensure application and UX deployments are synchronized with their database dependencies.

6. Develop robust continuous testing

Like security, many early devops practices overlooked testing as a fundamental practice, and many IT departments underinvested in quality assurance. Organizations seeking to leverage CI/CD for continuous deployment into production environments soon recognized the importance of implementing continuous testing strategies. But automated tests require maintenance, and flaky tests that produce inconsistent results can frustrate development teams and reduce their productivity.

“Testing is often the most protracted and most expensive part of every build, and without visibility into flaky tests, teams waste developer hours chasing noise and burn compute on failures that don’t matter,” says James Hill, VP of product of the emerging products group at Buildkite. “Being able to detect, mute, and assign flaky tests automatically and surface those insights directly to teams is critical to keeping delivery efficient and feedback loops tight.”

Recommendation: Agile development teams that frequently find themselves researching failed tests should capture a flaky test metric to measure intermittent test failures that occur without code changes.

7. Manage configurations as a high-leverage asset

Like with CI/CD, some organizations have empowered their development teams to build their own configurations and infrastructure as code. This approach might increase adoption, but it can leave large organizations with technical debt, security risks, and higher support costs.

“Treat Kubernetes manifests as versioned control planes, which makes infrastructure upgrades, like adopting newer versions, systematic, testable, and reversible,” says Priya Sawant, VP of platform and infrastructure and GM at ASAPP. “Second, build a config hydration API to abstract and standardize runtime configs across environments to reduce drift, simplify rollbacks, and provide consistency between teams with no manual overhead.”

Recommendation: Avoid specialized and one-off configurations and instead evolve a set of configuration standards and self-service deployment tools.

8. Establish observability as a non-negotiable

Ask any startup CTO about their top pain points, and one likely issue is being paged in the middle of the night to resolve an application outage or performance issue. I have my own stories about chasing hung web servers and stalled data pipelines, which led to my very first blog post over 20 years ago about application logging.

“Set an engineering-wide expectation that everything is built with observability from the ground up, for example, by having a platform engineering team provide OpenTelemetry instrumentation for company-standard libraries and frameworks,” says Greg Leffler, director of developer evangelism at Splunk. “Using observability as code (OaC) and integrating checks for essential observability, such as instrumentation, dashboards, and alerts, into CI/CD pipelines will ensure all applications can be debugged easily and that anyone on the team has an understanding of the service’s health.”

Recommendation: Before pursuing the latest AI capabilities or devops practices, agile teams should prioritize addressing areas of their code with poor observability.

9. Consolidate devops tools

Organizations should take stock of their devops tools, especially CI/CD platforms, monitoring tools, and testing frameworks. Chances are that organizations have accumulated several of these tools due to development team preferences, mergers and acquisitions, or a lack of IT governance. Many IT leaders are reviewing how these tools are being utilized and evaluating the costs, benefits, and risks associated with maintaining versus consolidating them.

“Multicloud showed us that visibility matters more than uniformity, and the same holds true for AI agents,” says Jimmy Mesta, co-founder and CTO of RAD Security. “Vendor lock-in can be a risk or a strategic choice, depending on context. Too many platforms create chaos, while too few can limit innovation, and the right balance comes from understanding behavior and impact, not just architecture.”

Recommendation: When devops tools are utilized by only a few teams and not to their full potential, there may be a strong business case for consolidating based on devops standards.

10. Extend devops to AI agents and models

Devops teams should consider two important trends: First, the priorities established for developing end-user applications and reusable APIs can now be used to develop AI agents that will lead to orchestration, automation, and other agentic AI capabilities. Second, many organizations will look to use SaaS, low-code, and automation platforms to configure AI agents rather than developing proprietary capabilities.

Thus, the scope of devops is expanding to include generative AI capabilities, but many organizations will consider building AI with low-code platforms, many of which come with built-in devops capabilities.

“Many overlook the synergy between devops and emerging tech, and a critical, often-missed practice is seamless AI/MLOps integration and deploying not just code, but also AI agents, workflows, and UIs, concurrently,” says Miguel Baltazar, VP of developer relations at OutSystems. “Low-code platforms are game-changers when they standardize and streamline development, creating unified, consistent pipelines across all environments.”

Recommendation: Devops organizations should focus on AI’s business value and transformation opportunities, while recognizing that the technologies and tools will evolve to efficient and reliable development and deployment capabilities.

The importance of devops practices is even more vital today for organizations recognizing the strategic importance of reliable technology, end-user experience, and AI capabilities. IT should respond proactively by viewing devops as an investment, prioritizing practices based on value, and establishing implementation standards.