DevOps Manage Across Clouds vRealize Cloud Management

What Does Shift-Left Really Mean for IT Platform Teams?

Everyone is talking about the need to “shift-left”, but it is not always clear what the implications are for infrastructure platform teams. This post looks at why enabling developers with management and operational capabilities is the next big shift that platform teams should embrace.

There are many stages in the life of an application that are typically disconnected from the rest of the software development lifecycle, a long-accepted fact of IT life that the DevOps movement is helping to address. They can be easily identified; if the application team has to open a service ticket to initiate an operational process it is disconnected, with handoffs that have the potential to add delays, introduce errors, and increase frustration between teams.

Examples that immediately come to mind are the provisioning of infrastructure components (pre-application deployment), the application of security controls (post-application deployment), and the backup or restore of application data (operational). Enter the concept of shift-left.


Like many DevOps principles, shift-left once had specific meaning that has become more generalized over time. Shift-left is commonly associated with application testing – automating application tests and integrating them into earlier phases of the application lifecycle where issues can be identified and remediated earlier (and often more quickly and cheaply).

More recently, shift-left has grown to include management and operational processes; for integration earlier in the application lifecycle, or to move operational capabilities closer to the developer or end user. Either way, the same benefits apply:

  • Identify potential integration issues earlier, where they can be addressed more efficiently
  • Remove the potential for delays, errors, and misconfigurations introduced through handoffs
  • Increase visibility and accountability across the entire application lifecycle, including security and compliance

But isn’t DevOps a loop?

Common Software Development Lifecycle Depictions

Yes, the application lifecycle is commonly depicted as a circle, and DevOps is a loop, but the phases still flow in a particular order. If you visualize an individual cycle where the phases flow from left to right, then the “shift-left” principle is clear, and the phraseology (mostly) works.

What we really mean is “include integration testing and security and operational processes as early as possible in the development cycle, to avoid discovering issues much later when they are harder and more costly to resolve”, but it does not have the same ring to it as “shift-left”.


Shifting responsibilities?

If you recall from my previous post on DevOps personas and perspectives, we mapped DevOps personas to two perspectives – the provider and the consumer (of IT services or resources). These are not roles per se; more a continuum of priorities held by IT personas that change the closer they are to traditional development or operational roles.

And herein lies the rub. Should traditional development personas be accountable for security and critical operations (like resilience and availability) when we know these are not typically their main priorities or concerns? Well, they don’t need to be. When management and operational processes “shift-left”, it is not simply a case of platform and security teams handing over the keys and saying, “good luck”.

dev-ops personas image

Shift-left management means providing curated access to operational capabilities, empowering developers and making operational considerations a key part of application development. Platform teams ensure compliance by building governance and policy into the automated delivery of the service, and developers get exposure to operational implications earlier in the cycle and in the context of their application.

What does it mean for developers?

For developers, this means that operational processes are available for consumption throughout the application lifecycle and not simply bolted on later. Security, for example, can now be everyone’s responsibility, because developers can integrate it in a way that is natural to them. Similarly, infrastructure is provisioned as needed, without gatekeeping or configuration delays.

Of course, developers already access public cloud resources this way. However, there is risk associated with consuming untrusted public cloud configurations. Shift-left moves the management of resources closer to the developer, providing curated templates for deployment to approved public, hybrid, and edge cloud endpoints.

Shift-left management is like providing a self-driving car for developers – they control the destination, climate and music, and the built-in intelligence controls the driving (following pre-programmed or machine-learned processes).

What does it mean for platform teams?

For platform teams, this means allowing access to operational processes, offering those capabilities as services to be consumed on-demand. Governance and policy are built-in, mitigating the risks and concerns of extending operational access to non-platform teams.

Using the same self-driving analogy, the platform teams configure the options for speed, directions, and number of passengers, and the automation determines how and when to safely change lanes or to yield.

How can VMware help?

At VMware, our Cloud Management solutions enable platform teams to deliver private and hybrid resources like a public cloud, and to empower the Cloud Center of Excellence and the lines of business to optimize resources across clouds. Listed below are some examples of common management capabilities that are “shifting-left”, and the VMware Cloud Management solutions that enable them.

Shift left… resource management

Cloud Resource Provisioning

Development Team

Get access to on-demand, curated, secure cloud resources with flexible consumption options

Platform Team

Empower developers but retain control by curating secure resource templates across clouds

Day 2 Management

Development Team

Manage common operational requests directly, without the need to open tickets and wait for a response

Platform Team

Reduce time spent on repeatable processes with entitlements to common Day 2 activities

Deployment Pipeline

Development Team

Utilize deployment pipelines for application deployment with integrated infrastructure testing

Platform Team

Utilize deployment pipelines for infrastructure management like cloud templates, images, and configuration

Delivered by: vRealize Automation – an automation platform designed to deliver self-service clouds, enable multi-cloud automation with governance, and deliver DevOps capabilities.

Shift left… operational visibility and control

Cloud Cost Optimization

Development Team

Get visibility into the cost, operational, and compliance implications of cloud options for your application

Platform Team

Enable the Cloud Center of Excellence and developers to optimize cloud spending and streamline operations

Delivered by: CloudHealth by VMware – an optimization and governance platform that empowers organizations to speed up business transformation by providing insights into cloud costs, utilization and security, and enforce governance through management policies and workflow automation.

Cloud Operations

Development Team

Get visibility into application environments through in-context views and relevant insights

Platform Team

Automate datacenter operations with continuous optimization, intelligent remediation and compliance

Delivered by:vRealize Operations – a self-driving operational management solution for private, hybrid and multi-cloud environments, that enables IT teams to be more proactive and agile through artificial intelligence and predictive analytics.

Shift left… security

Enforce Compliance

Development Team

Deploy applications with confidence, knowing that security and remediation are built into the platform

Platform Team

Enforce continuous compliance with pre-built CIS content

Scan and automatically remediate dangerous OS vulnerabilities

Delivered by: vRealize Automation SaltStack Config and SecOps – flexible, intuitive configuration automation within vRealize Automation available in vRealize Automation, to manage secure software states and enforce them across your entire environment – virtualized, hybrid or public cloud.

Enable Remediation

Development Team

Self-service for developers to monitor and fix violations in their environments

Protection from harmful configuration changes

Platform Team

Enforce continuous compliance with pre-built CIS content

Audit configuration changes and track developer  violation resolution

Delivered by: CloudHealth Secure State – a unified security monitoring approach for AWS, Azure, and Google Clouds to understand how a minor configuration change can elevate risk across all connected objects.


By empowering developers with shift-left management, operational factors (including cost, security, and resource optimization) become key considerations earlier in the software development lifecycle.

Commonly, cost or security implications are only discovered once an application is live or ready to go live. At this late stage it is much harder to efficiently resolve issues such as spiraling costs, or the performance impact of security controls.

Platform teams do not need to relinquish control to be effective, rather they should enable developers with relevant, contextual information to support decision making, and entitlements to critical operational processes that can be embedded throughout the software lifecycle.

Support choice, retain control.

Learn More!

Recommended Reading

Other posts in this series