Welcome!

Linux Containers Authors: Elizabeth White, Liz McMillan, Yeshim Deniz, Pat Romanski, Zakia Bouachraoui

Related Topics: @DevOpsSummit, Linux Containers, Containers Expo Blog

@DevOpsSummit: Blog Feed Post

Three Steps to Painless Compliance | @DevOpsSummit #DevOps #BusinessIntelligence

Documenting processes and changes, ensuring segregation of duties, and so on is tedious and time-consuming

Three Steps to Painless Compliance
By Patrick Bishop

Ask any IT person from the financial sector about SOX requirements and they’ll probably use some colorful language about how much time and money it sucks away. According to the 2016 Sarbanes-Oxley compliance survey by global consultant Protiviti, the average annual internal cost of SOX Compliance Costs is over $1.2 million dollars, with 27% of these firms spending 2 million or more.

Release orchestration eases compliance requirements

Having worked with lots of financial institutions in my time, I’ve seen my fair share of IT people feeling overburdened by the demands of keeping up with regulations. Documenting processes and changes, ensuring segregation of duties, and so on is tedious and time-consuming. To be effective and lighten the compliance load you need automation, yes, but you also need intelligence about what’s happening across your pipeline. Release orchestration gives you both, which means you stay sane and keep the auditors happy.

But before you cross over that rainbow, you need to take some steps to get your house in order.

Step 1. Clean Up Your Software Delivery Pipeline
You can’t begin to automate compliance documentation if you’re pipeline is messy and inefficient. To clean it up, you first need to first find any bottlenecks that are standing in the way of streamlining the pipeline—the whole pipeline. Release orchestration gives you visibility from end to end, all the way from design through to production. Once you figure out exactly where your problems are, you can start to optimize your processes.

Step 2. Ditch the Manual Workflows
Creating deployment workflows
is like using static maps. If you come across road construction for example, you need to look at your map, recalculate your route, and commit it to memory to get to where you’re going. Doing so will probably delay your ETA too. Similarly, if you change any part of your deployment process, you must manually reconfigure steps and any dependencies affected by the change. This can make it time consuming for an enterprise, with its hundreds of applications, to accurate records for compliance.

In contrast, off the shelf release orchestrators are more like a GPS, which track your changes and automatically recalculate the route. All the underlying steps are still there, they’re just handled by the software. If you change some part of the release process, a release orchestrator automatically adjusts every step in your workflow, including all dependencies, approvals, and so on, ensuring up to date and accurate records for compliance.

Step 3. Automate Your Documentation
Cleaning up the pipeline and orchestrating your release process lays the groundwork for automating documentation. Enterprise-grade release orchestration tools capture a full audit trail automatically, which means you can easily show how you’ve supported compliance requirements, track the evolution of releases and demonstrate any deviations from your original plan. Release orchestrators also allow you to standardize release processes and enforce company compliance processes. This allows auditors to certify the release process itself, then simply confirm that all steps have been followed. In effect, the auditor becomes part of the process rather than an afterthought.

By cleaning up your pipeline and automating your workflows and documentation, you and your auditors can enjoy happier, pain-free days ahead.

The post 3 Steps to Painless Compliance appeared first on XebiaLabs.

Read the original blog entry...

More Stories By XebiaLabs Blog

XebiaLabs is the technology leader for automation software for DevOps and Continuous Delivery. It focuses on helping companies accelerate the delivery of new software in the most efficient manner. Its products are simple to use, quick to implement, and provide robust enterprise technology.

IoT & Smart Cities Stories
In this Women in Technology Power Panel at 15th Cloud Expo, moderated by Anne Plese, Senior Consultant, Cloud Product Marketing at Verizon Enterprise, Esmeralda Swartz, CMO at MetraTech; Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems; Seema Jethani, Director of Product Management at Basho Technologies; Victoria Livschitz, CEO of Qubell Inc.; Anne Hungate, Senior Director of Software Quality at DIRECTV, discussed what path they took to find their spot within the tec...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...