Simplifying and standardizing software at scale

McDonald’s Enterprise DevSecOps Platform is redefining the way we build, deploy, secure and standardize software applications at scale.

by Zainab Tajmahal, Director, Cloud Enterprise DevSecOps Platform

In the early 2000s, many teams embarked on the DevOps bandwagon and adopted the concept of ‘you build it, you run it.’ While this process was supposed to make things go faster, it ended up slowing down the teams due to added workload, infrastructure stack, application stack, and increased fragmentation.

The need to streamline still exists. Teams are not only managing applications, but they are also managing infrastructure. So, how do we develop and deploy code that effectively solves this persistent problem?

A transformational platform
The Global Technology Infrastructure & Operations team designed and developed the Enterprise DevSecOps Platform to redefine the way McDonald’s software applications are built, deployed, secured, and standardized at scale.

At its core, the Enterprise DevSecOps Platform is a comprehensive solution offering a suite of functionalities that help enhance security, reliability, metrics, and visibility, as well as reduce development costs. The vision driving the platform is to simplify and standardize a self-serve McDonald’s toolkit, improving the foundational DevSecOps experience globally. It also helps facilitate cross-team collaboration on a common framework, reducing variability across environments.

The platform engineering team designs these self-serve templates and builds golden pathways that enable organizations to build, deploy, and manage software applications more quickly and effectively.

Platform capabilities

• Continuous Integration and Continuous Deployment (CI/CD): Streamlining the software development lifecycle from code commit to deployment through automated pipelines.
• Infrastructure as Code (IaC): Enabling the definition and management of infrastructure via pipelines, ensuring repeatability in provisioning, configuration, and deployment.
• Observability: Providing tools for monitoring the health and performance of pipelines and infrastructure, with a focus on identifying and troubleshooting issues.
• Security: Embedding security in CI/CD pipelines with features, like vulnerability scanning, access control, and tools for building and deploying secure applications.
• Collaboration: Fostering collaboration between developers, operations, site reliability engineers, and security teams to enhance the overall developer experience.

Platform benefits

• Improves developer experience: Streamlining processes to reduce cognitive load and lead time for building and deploying applications.
• Increases security: Implementing consistent, centrally managed preventative controls embedded into the platform.
• Improves reliability and resiliency: Enhancing operations and support through automation and improved observability.
• Reduces cost: Achieving efficiencies and economies of scale by minimizing technology duplication.
• Champions DevSecOps culture: Promoting collaboration, ownership, blamelessness, autonomy, and continuous improvement.

Platform team tenants

• Make doing the right thing the easiest thing: Simplify and provide a clear, opinionated approach to achieve an outcome with nonfunctional requirements built in (security, reliability, observability, etc.).
• One size will not fit all: Be flexible. A single pipeline will not fit all app teams in McDonald’s due to their differences in runtime platforms, technologies and CI/CD maturity. Build in modularization, encourage reuse, and enable extensibility to meet teams where they are.
• Connected platform: Integrate with existing internal developer platforms, tools, and processes.
• Be self-service: Reduce siloes and focus on autonomy; platforms and pathways can be discovered, adopted, inspected, and extended without the need to engage or submit a ticket.
• Become transformative and not transformation: Focus on measurable impact over change.
• Data-driven continuous improvement: Observe, measure, report, and iterate through feedback and feed-forward loops to meet developer and platform needs.
• Champion of culture — Enable collaboration, ownership, blamelessness, and autonomy.
• Adopt “you build it to run it” mantra instead of “you build it, you run it”: Encourage developers to develop code, keeping maintainability, security, scalability, and monitoring in mind, leading to a more resilient system with fewer silos.

McDonald’s is shifting focus to feature enhancements from infrastructure and deployment pipelines. The Enterprise DevSecOps Platform enables innovation, simplification, and collaboration within McDonald’s and aligns with a One McDonald’s Way of working. This platform is positioned to enhance the overall DevSecOps experience and drive continuous improvement across the organization.

Interested in reading more from this author? Check out Zainab’s article about proactive monitoring.