I saw a great presentation from Dunelm, the UK’s leading home furnishings retailer, at GitLab’s DevSecOps world tour event in London recently. The company has clearly successfully retooled for ecommerce – with a builder mentality, and engineering practices that should stand it in good stead. The company is accelerating its transformation – in 2022 it was doing 11 production deployments a day. Now, in 2023, it’s doing 26. One aspect of the talk I appreciated was the focus on DevSecOps – and by that I mean security enabling and helping developers to build secure apps, rather than getting in their way.
Jan Claeyssens, DevSecOps Principal Engineer at Dunelm, explained that his role is to enable and engage with developers and engineering teams:
The development teams are my customers. Security needs to stop saying no but lean in, listen to what they want and try and help them. No one wants more checks after they have finished. Security scanners should not impact the APIs too much.
Claeyssens also pointed out how important education is. You can’t expect developers to use security features if they don’t know they’re there. Platform engineering and security teams need to do a better job of developer education in order to get the results they want. The whole tone from Claeyssens was refreshing from a security perspective.
Serve the user where they live and show them what the features are. Security at Dunelm has to help the business become better.
Talking of amen, I was really pleased to hear the company has adopted Progressive Delivery as an approach. Given I coined the term, it was great to hear concepts read out from an enterprise company. To be fair GitLab has used Progressive Delivery in its marketing so it should not surprise me that a customer would be using the language. But it was still pleasing.
Paul Kerrison, Director of Engineering and Architecture at Dunelm said:
Our engineering work is becoming more experiment driven, we are moving towards progressive delivery, the new kid on the block.”
You get to try more risky things but safely. We can put something in production, test it with one one cohort, then roll it out more broadly.
Cohorts, phased rollouts, reduced risk with more experimentation, testing in production. This is the way.
disclosure: GitLab is a client.