Skip to content

DevOps Automated Governance Reference Architecture

By Michael Nygard, Stephen Magill, Sam Guckenheimer, John Willis

Attestation of the Integrity of Assets in the Delivery Pipeline

EBook Available Now On:

As more and more DevOps practices are automated, it becomes harder to capture the data required to ensure all security and compliance concerns are met.

Organizations need an automated way to track governance throughout the entire software delivery process so they can attest to the integrity of all assets and to the security of all running applications.

This paper is intended to guide organizations on implementing an automated process for tracking governance throughout the deployment pipeline by providing a reference architecture to help guide organizations on how to design and implement automated governance throughout the delivery pipeline.

A sample use case is also provided to further enforce these best practices.

  • Publication Date 2018
  • Pages 43

Features

  • Speed and Quality

    This paper debunks the myth that to gain speed in software delivery you must sacrifice quality and compliance.

  • Expert Authors

    This paper is written by experienced practitioners and leaders from the audit, security, and compliance world across industries.

  • Clear Guidance

    Provides a clear architecture for enterprise organizations to develop their own automated systems of audit, compliance, security, and governance.

  • Evidence-Based

    This paper provides clear evidence via case studies from across industries that have successfully implemented automated governance systems.

About the Resource

As more and more DevOps practices are automated, it becomes harder to capture the data required to ensure all security and compliance concerns are met.

Organizations need an automated way to track governance throughout the entire software delivery process so they can attest to the integrity of all assets and to the security of all running applications.

This paper is intended to guide organizations on implementing an automated process for tracking governance throughout the deployment pipeline by providing a reference architecture to help guide organizations on how to design and implement automated governance throughout the delivery pipeline.

A sample use case is also provided to further enforce these best practices.

Michael Nygard
Stephen Magill
Sam Guckenheimer
John Willis
Michael Nygard

Michael Nygard

Innovative technology leader

To Author Archive
Stephen Magill

Stephen Magill

Vice President, Product Innovation at Sonatype

To Author Archive
Sam Guckenheimer

Sam Guckenheimer

Retired at Self Employed

To Author Archive
John Willis

John Willis

John Willis has worked in the IT management industry for more than 35 years and is a prolific author, including "Deming's Journey to Profound Knowledge" and "The DevOps Handbook." He is researching DevOps, DevSecOps, IT risk, modern governance, and audit compliance. Previously he was an Evangelist at Docker Inc., VP of Solutions for Socketplane (sold to Docker) and Enstratius (sold to Dell), and VP of Training & Services at Opscode where he formalized the training, evangelism, and professional services functions at the firm. Willis also founded Gulf Breeze Software, an award winning IBM business partner, which specializes in deploying Tivoli technology for the enterprise. Willis has authored six IBM Redbooks for IBM on enterprise systems management and was the founder and chief architect at Chain Bridge Systems.

To Author Archive

Similar Resources