Skip to content

August 24, 2021

Three Papers to Boost Audit/Security in DevOps

By IT Revolution

An Unlikely Union: DevOps and Audit

Information Security and Compliance Practices

Many organizations are adopting DevOps patterns and practices, and are enjoying the benefits that come from that adoption: More speed. Higher quality. Better value. However, many organizations often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in organizations which are under SOX or PCI regulations. In this paper, we will provide some high-level guidance on three major concerns about DevOps Practices:

  1. DevOps and Change Control
  2. DevOps and Security
  3. DevOps and Separation of Duties

Download the Full Paper Here

Tactics for Implementing Test Automation for Legacy Code

This paper addresses how to meet and overcome the challenges associated with test automation for legacy code. Below, we look at the type of company that may have a need for test automation, along with the typical organizational structure found there. It walks through an approach for justifying test automation within your organization, providing pillars for that justification, objections that are commonly raised, and tactics for overcoming those objections. 

The intended audience is anyone who wants to apply test automation to their legacy code, but is running into internal roadblocks, such as:

  • Management or company buy-in,
  • Creating space in the schedule, and
  • Budget constraints.

This paper cover the basics you’ll need to start the test automation journey for your legacy code, and help you engage those around you. 

Download the Full Paper Here

DevOps Automated Governance Reference Architecture

Attestation of the Integrity of Assets in the Delivery Pipeline

As organizations adopt DevOps practices, they develop increased productivity within their software development teams, faster releases of digital products, and improved customer experiences. But as the rate of delivery increases, it becomes more difficult for security and compliance to keep up without getting in the way. So, how can you ensure that all aspects of your deployment pipeline are protected as delivery velocity dramatically increases?

The “shift-left” practice in DevOps helps organizations improve quality and security by moving testing earlier in the release process. As more and more DevOps practices are automated, it becomes harder to capture the data required to ensure all security and compliance concerns are met. Organizations need an automated way to track governance throughout the entire software delivery process so they can attest to the integrity of all assets and to the security of all running applications.

This paper is intended to guide organizations on implementing an automated process for tracking governance throughout the deployment pipeline by providing a reference architecture to help guide organizations on how to design and implement automated governance throughout the delivery pipeline. A sample use case is also provided to further enforce these best practices. 

The paper strives to design a model flexible enough that it could easily be extended and adopted by organizations struggling to maintain compliance and audit controls as their software delivery speed increased. It creates a reference architecture that enables an organization to create trust within the process of delivering software and services. As organizations further automate the continuous delivery of software and services, they also need to ensure there are common validations and trust mechanisms throughout the process. 

Ultimately, a DevOps automated governance process can give organizations the assurance that the delivery of their software and services are trusted.

Download the Full Paper Here

 

- About The Authors
Avatar photo

IT Revolution

Trusted by technology leaders worldwide. Since publishing The Phoenix Project in 2013, and launching DevOps Enterprise Summit in 2014, we’ve been assembling guidance from industry experts and top practitioners.

Follow IT on Social Media

No comments found

Leave a Comment

Your email address will not be published.



Jump to Section

    More Like This

    Serverless Myths
    By David Anderson , Michael O’Reilly , Mark McCann

    The term “serverless myths” could also be “modern cloud myths.” The myths highlighted here…

    What is the Modern Cloud/Serverless?
    By David Anderson , Michael O’Reilly , Mark McCann

    What is the Modern Cloud? What is Serverless? This post, adapted from The Value…

    Using Wardley Mapping with the Value Flywheel
    By David Anderson , Michael O’Reilly , Mark McCann

    Now that we have our flywheel turning (see our posts What is the Value…

    12 Key Tenets of the Value Flywheel Effect
    By David Anderson , Michael O’Reilly , Mark McCann

    Now that you've learned about what the Value Flywheel Effect is, let's look at…