We all know what the different parts of DevSecOps stand for and why there has been a movement to make each of these disparate elements work in tandem to accelerate and improve the application development process. By having the “Sec” and “Ops” parts of application development and delivery contributing early and engaged continuously in the software development lifecycle (SDLC), tricky problems, vulnerabilities, and other roadblocks that slow development can be identified and remedied quickly at a stage in the SDLC when making changes and corrections are less disruptive and costly to the process.
But the desire to shift things left in the development process doesn’t just end with operations and security. In the private sector, enterprises are finding it beneficial to add other seats to the application development table. And those private sector best practices are starting to make their way to the public sector.
One private sector trend that’s becoming increasingly popular is the concept of “FinOps,” which encourages injecting financial discussions and accountability into the SDLC.
Why? Well, with the advent of the cloud and the “pay for what you use” business model, it’s becoming increasingly important to ensure that application development and operations decisions don’t break the bank. FinOps is intended to ensure that development teams don’t procure more than what they need. It also helps developers identify places where they may want to optimize code to decrease costs, keeping project and operational costs from soaring out of control.
This FinOps concept was recently discussed in length when ContinuousX Podcast hosts, Rick Stewart and Mike Fitzurka, sat down with Chris Reynolds, the chief architect at KubeCost. During their podcast discussion, they introduced the concept of FinOps, discussed the benefits it could deliver to the government, and explained why the cloud and other advancements are making it more essential today than ever before.
Click the “PLAY” button below to watch their conversation, or scroll down the page to read the transcript.
Transcript: ContinuousX Podcast (Season 3, Episode 6): FinOps in the Public Sector with KubeCost’s Chris Reynolds
Rick Stewart: Welcome to another episode of our ContinuousX podcast where we try to “Solve for X in the SDLC equation.” I have with me my co-host, Mike Fitzurka. And joining us today is our guest Chris Reynolds, chief architect at KubeCost. Welcome, Chris.
Chris Reynolds: Welcome, thanks for having me.
Rick Stewart: Alright, so we start off with a question for you. The concept of managing financial information is not new, nor are the federal boards which mandates their governance, but FinOps as a concept is relatively new. What does FinOps address beyond normal finance and how does it relate to DevOps?
Chris Reynolds: That’s a great question. You’re right, it is fairly new and it’s fairly new on the commercial side of things not even within the government. And we know that the government is slower to adopt either on the technology side or the methodology side. Things tend to be pretty well fleshed out when they come in.
What we’re starting to see on the government side of things is certain organizations are bringing in these DevOps models in the form of software factories, and these new methodologies are bringing in to deliver their applications in a more mission-focused way.
Ultimately, the FinOps is a cultural practice, that we’re starting to see adoption either on the side with SIs, where they’re bringing it in-house, or they’re bringing it into the actual mission, the applications delivery, themselves. So, it brings together this cross-functional team that is made up of practitioners, different personas, on the FinOps side of things; the financial folks, budget and acquisitions, versus all the way down to the engineering and operations that are creating the application on a daily basis.
And what it does is, it brings us, financial controls, predictability, and this accountability to the model. So traditionally, a budget was set and then they roll out the application and they would have to stay within that budget. If they go over it, then they have to ask for a task order and ask for more money.
This brings into more of a real time… Kind of an inform… bringing this information in to inform, optimize and operate, to where they are getting, with the right tool set, daily ingest of what they’re spending on the cloud side of things to inform them. Well, we know today’s gonna be a slower day, so let’s scale back some of these resources and start saving money that way.
So, it’s a new methodology that brings more seats to the table. It makes it more of a collaboration versus just a mandate and go do.
Michael Fitzurka: Well, I’ve always seen, and I’m not sure that’s fully appreciated is that when a developer is making a decision, they could be greatly affecting the end up finances. Or, I mean, it certainly in an operational sense, you could be creating all sorts of new headaches, but you could also be doing things differently and that there’s different priorities. What might be the technically most sound solution may not be the financially most advantaged one. So I like the concept of this because essentially, if you don’t inform the development or operations team about the ramifications of what they’re choosing, they’re gonna make decisions without it. They’re just gonna make uninformed decisions.
Chris Reynolds: Correct. So, in the old traditional model, you buy a server with say 32 gigs of memory. You pay for that 32 gigs. You gotta write it down in terms of your costs over time. And with this adoption of this cloud model, say a developer request’s a gig. You’re gonna pay for that gig, even if they use 100 megs. You still end up paying for that cost.
That brings in that optimization phase, which rolls into the operational phase of things, where you’re going to start making these daily decisions of, well, we know that this week is going to be a quieter week based upon, if it’s healthcare-related in terms of if its open enrollment, we’re going to need to peak and valley. We’re going to peak more. We’re going to valley more. So, when we start valleying, you recoup those costs. Start making those decisions to be more fiduciary responsible with taxpayer money at the end of the day. But still not getting in the way of the mission. It helps bring in architectural decisions based upon the current climate, not what was in an RFP two years ago.
Rick Stewart: Well, you’ve hit on the one comment that every time I bring one up about fiscal management for taxpayers’ money. So, thank you, Chris, for doing that. I also think Mike and I have experience with creating new projects from scratch.
And it gets you, if you have the right cost model and cost configuration automation set up, it gets you to the point of providing value quicker, because you don’t have to do a lot of estimates, as you said; 32 gigs, 64 gigs, etc. Evaluating all the different hosts that you got to manage that constitute your application. So, I think it allows you to hit the ground running faster.
Chris Reynolds: It does. It’s a crawl … crawling, walking and running thing … this adoption. It’s fairly new, obviously, it’s fairly for government. And the SIs themselves … The SIs are building these practices internally. Everybody is really, at this at this stage, at a crawling pace.
It’s more of a reactive. Ooh! We spiked yesterday and we have a really large bill. We got to figure out how do I account for that overrun for the next day, for the next week, whatever that kind of Sprint cycle is.
So, in that crawling stage, it’s very reactionary versus when you move into running. You’re in a symbiotic relationship of a circle, being informing, optimizing and operating, to where the informing decisions at a daily scrum of costs from the last few days is impacting the architecture going forward. Things today with continuous ATO, you’re never set in stone anymore. You’re always evolving. You’re always changing. So, this model really helps with that, bringing this practice in of staying within your boundaries and your swim lane.
Rick Stewart: Well, terrific. I think you killed that question, Chris. Thanks, Chris, for your input. And thank you for listening. Join us for our next episode with Chris as we further discuss Kubernetes cost management and to avoid cloud and DevSecOps sticker shock in “Solving for X in the SDLC equation.”