Skip to content

August 24, 2021

Three Papers to Boost Audit/Security in DevOps

By IT Revolution

An Unlikely Union: DevOps and Audit

Information Security and Compliance Practices

Many organizations are adopting DevOps patterns and practices, and are enjoying the benefits that come from that adoption: More speed. Higher quality. Better value. However, many organizations often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in organizations which are under SOX or PCI regulations. In this paper, we will provide some high-level guidance on three major concerns about DevOps Practices:

  1. DevOps and Change Control
  2. DevOps and Security
  3. DevOps and Separation of Duties

Download the Full Paper Here

Tactics for Implementing Test Automation for Legacy Code

This paper addresses how to meet and overcome the challenges associated with test automation for legacy code. Below, we look at the type of company that may have a need for test automation, along with the typical organizational structure found there. It walks through an approach for justifying test automation within your organization, providing pillars for that justification, objections that are commonly raised, and tactics for overcoming those objections. 

The intended audience is anyone who wants to apply test automation to their legacy code, but is running into internal roadblocks, such as:

  • Management or company buy-in,
  • Creating space in the schedule, and
  • Budget constraints.

This paper cover the basics you’ll need to start the test automation journey for your legacy code, and help you engage those around you. 

Download the Full Paper Here

DevOps Automated Governance Reference Architecture

Attestation of the Integrity of Assets in the Delivery Pipeline

As organizations adopt DevOps practices, they develop increased productivity within their software development teams, faster releases of digital products, and improved customer experiences. But as the rate of delivery increases, it becomes more difficult for security and compliance to keep up without getting in the way. So, how can you ensure that all aspects of your deployment pipeline are protected as delivery velocity dramatically increases?

The “shift-left” practice in DevOps helps organizations improve quality and security by moving testing earlier in the release process. As more and more DevOps practices are automated, it becomes harder to capture the data required to ensure all security and compliance concerns are met. Organizations need an automated way to track governance throughout the entire software delivery process so they can attest to the integrity of all assets and to the security of all running applications.

This paper is intended to guide organizations on implementing an automated process for tracking governance throughout the deployment pipeline by providing a reference architecture to help guide organizations on how to design and implement automated governance throughout the delivery pipeline. A sample use case is also provided to further enforce these best practices. 

The paper strives to design a model flexible enough that it could easily be extended and adopted by organizations struggling to maintain compliance and audit controls as their software delivery speed increased. It creates a reference architecture that enables an organization to create trust within the process of delivering software and services. As organizations further automate the continuous delivery of software and services, they also need to ensure there are common validations and trust mechanisms throughout the process. 

Ultimately, a DevOps automated governance process can give organizations the assurance that the delivery of their software and services are trusted.

Download the Full Paper Here

 

- About The Authors
Avatar photo

IT Revolution

Trusted by technology leaders worldwide. Since publishing The Phoenix Project in 2013, and launching DevOps Enterprise Summit in 2014, we’ve been assembling guidance from industry experts and top practitioners.

Follow IT Revolution on Social Media

No comments found

Leave a Comment

Your email address will not be published.



Jump to Section

    More Like This

    Attack of the Supply Chains – Investments Unlimited Series: Chapter 9
    By IT Revolution , Helen Beal , Bill Bensing , Jason Cox , Michael Edenzon , Dr. Tapabrata "Topo" Pal , Caleb Queern , John Rzeszotarski , Andres Vega , John Willis

    Welcome to the ninth installment of IT Revolution’s series based on the book Investments…

    Finding Digital Treasure Through the Science of Happy Accidents
    By Summary by IT Revolution

    In a recent talk at DevOps Enterprise Summit 2023, industry veterans Steven Fishman and…

    Lessons from Unexpected Places: How Watching Ted Lasso Makes Us Better at Agile and DevOps
    By Anthony Earl , Jordan Stoner

    It happened to us, and we bet it’s happened to you too—you watch a…

    The Three Lines Model: Investments Unlimited Series: Chapter 8
    By IT Revolution , Helen Beal , Bill Bensing , Jason Cox , Michael Edenzon , Dr. Tapabrata "Topo" Pal , Caleb Queern , John Rzeszotarski , Andres Vega , John Willis

    Welcome to the eighth installment of IT Revolution’s series based on the book Investments…