Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Compliance Through DevOps Style Controls

DZone's Guide to

Compliance Through DevOps Style Controls

With continuous delivery and DevOps in general likely to increase the rate of change in production, the risk of change must go down as well.

· DevOps Zone
Free Resource

Download the blueprint that can take a company of any maturity level all the way up to enterprise-scale continuous delivery using a combination of Automic Release Automation, Automic’s 20+ years of business automation experience, and the proven tools and practices the company is already leveraging.

"What about our compliance controls?" For DevOps evangelists, this refrain is a fear we know all too well when people from info-sec or release management first hear of DevOps. This question is a critical one, and part of a larger risk management conversation. With continuous delivery and DevOps in general likely to increase the rate of change in production, the risk of change must go down as well.

Failure to account for these controls is one of the most common causes of failure for developer lead continuous delivery initiatives. On the other hand, in the brief case studies I presented in last week's DevOps Teams webinar it was clear that in successful DevOps adoption efforts, compliance was top of mind. At the health insurer, they made the info-sec guys allies early in their delivery pipeline effort by demonstrating how the existing controls could be easily circumvented by a clever developer and how the pipeline would be more secure. For the tech company, the goal of streamlining compliance processes was explicit in their mandate to boost developer productivity.

The challenge then is to build controls into how you deliver that enable you to go faster while decreasing risk. A control meant to protect quality by requiring sign-off from the head of QA on any release, may turn into a series of automated tests that the head of QA has certified are good enough if they pass. The same protection is in place, but what was once a manual check becomes automatically enforced.

For more on this, check out the recent article "Towards Compliance as Code" by Jim Bird.

Download the ‘Practical Blueprint to Continuous Delivery’ to learn how Automic Release Automation can help you begin or continue your company’s digital transformation.

Topics:
compliance ,devops

Published at DZone with permission of Eric Minick, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}