Welcome!

@DevOpsSummit Authors: Elizabeth White, Liz McMillan, Dalibor Siroky, Pat Romanski, Stackify Blog

Related Topics: @DevOpsSummit, Linux Containers, Containers Expo Blog

@DevOpsSummit: Blog Feed Post

Three Steps to Painless Compliance | @DevOpsSummit #DevOps #BusinessIntelligence

Documenting processes and changes, ensuring segregation of duties, and so on is tedious and time-consuming

Three Steps to Painless Compliance
By Patrick Bishop

Ask any IT person from the financial sector about SOX requirements and they’ll probably use some colorful language about how much time and money it sucks away. According to the 2016 Sarbanes-Oxley compliance survey by global consultant Protiviti, the average annual internal cost of SOX Compliance Costs is over $1.2 million dollars, with 27% of these firms spending 2 million or more.

Release orchestration eases compliance requirements

Having worked with lots of financial institutions in my time, I’ve seen my fair share of IT people feeling overburdened by the demands of keeping up with regulations. Documenting processes and changes, ensuring segregation of duties, and so on is tedious and time-consuming. To be effective and lighten the compliance load you need automation, yes, but you also need intelligence about what’s happening across your pipeline. Release orchestration gives you both, which means you stay sane and keep the auditors happy.

But before you cross over that rainbow, you need to take some steps to get your house in order.

Step 1. Clean Up Your Software Delivery Pipeline
You can’t begin to automate compliance documentation if you’re pipeline is messy and inefficient. To clean it up, you first need to first find any bottlenecks that are standing in the way of streamlining the pipeline—the whole pipeline. Release orchestration gives you visibility from end to end, all the way from design through to production. Once you figure out exactly where your problems are, you can start to optimize your processes.

Step 2. Ditch the Manual Workflows
Creating deployment workflows
is like using static maps. If you come across road construction for example, you need to look at your map, recalculate your route, and commit it to memory to get to where you’re going. Doing so will probably delay your ETA too. Similarly, if you change any part of your deployment process, you must manually reconfigure steps and any dependencies affected by the change. This can make it time consuming for an enterprise, with its hundreds of applications, to accurate records for compliance.

In contrast, off the shelf release orchestrators are more like a GPS, which track your changes and automatically recalculate the route. All the underlying steps are still there, they’re just handled by the software. If you change some part of the release process, a release orchestrator automatically adjusts every step in your workflow, including all dependencies, approvals, and so on, ensuring up to date and accurate records for compliance.

Step 3. Automate Your Documentation
Cleaning up the pipeline and orchestrating your release process lays the groundwork for automating documentation. Enterprise-grade release orchestration tools capture a full audit trail automatically, which means you can easily show how you’ve supported compliance requirements, track the evolution of releases and demonstrate any deviations from your original plan. Release orchestrators also allow you to standardize release processes and enforce company compliance processes. This allows auditors to certify the release process itself, then simply confirm that all steps have been followed. In effect, the auditor becomes part of the process rather than an afterthought.

By cleaning up your pipeline and automating your workflows and documentation, you and your auditors can enjoy happier, pain-free days ahead.

The post 3 Steps to Painless Compliance appeared first on XebiaLabs.

Read the original blog entry...

More Stories By XebiaLabs Blog

XebiaLabs is the technology leader for automation software for DevOps and Continuous Delivery. It focuses on helping companies accelerate the delivery of new software in the most efficient manner. Its products are simple to use, quick to implement, and provide robust enterprise technology.

@DevOpsSummit Stories
"Storpool does only block-level storage so we do one thing extremely well. The growth in data is what drives the move to software-defined technologies in general and software-defined storage," explained Boyan Ivanov, CEO and co-founder at StorPool, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being software-defined – from our phones and cars through our washing machines to the datacenter. However, there are larger challenges when implementing software defined on a larger scale - when building software defined infrastructure. In his session at 16th Cloud Expo, Boyan Ivanov, CEO of StorPool, provided some practical insights on what, how and why when implementing "software-defined" in the datacenter.
ChatOps is an emerging topic that has led to the wide availability of integrations between group chat and various other tools/platforms. Currently, HipChat is an extremely powerful collaboration platform due to the various ChatOps integrations that are available. However, DevOps automation can involve orchestration and complex workflows. In his session at @DevOpsSummit at 20th Cloud Expo, Himanshu Chhetri, CTO at Addteq, will cover practical examples and use cases such as self-provisioning infrastructure/applications, self-remediation workflows, integrating monitoring and complimenting integrations between Atlassian tools and other top tools in the industry.
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, answered these questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and cost-effective resources on AWS, coupled with the ability to deliver a minimum set of functionalities that cover the majority of needs – without configuration complexity.
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, which can process our conversational commands and orchestrate the outcomes we request across our personal and professional realm of connected devices.