According to 451 Research, the biggest benefits of DevOps are the flexibility to quickly respond to changes, followed by faster software releases, and more efficient use of personnel. Ideally, DevOps practices should mean organizations are also better prepared for an audit. That begs the question: why do some global, regulated organizations need more than 100 IT staff assigned to auditing duties?
Jay Lyman, 451 Research senior research analyst, cloud native and DevOps, and Anders Wallgren, vice president of technology strategy at CloudBees, got together recently to discuss the challenges and trends in auditing the software delivery process in the age of DevOps. They covered topics such as the need for value stream management, and orchestration, the importance of watching for vulnerabilities and knowing what’s in production and the value of culture.
Lyman noted his research on audits shows a few significant shifts in thinking recently: The first being the change in attitude towards value stream management and its role in auditing. Second, he also comments that the old belief about “security slows you down” is starting to fade away (And not a moment too soon, in our view). While they were talking about culture, Anders noted that companies that put security in terms of quality rather than vulnerabilities had articulated the need for it in terms that made more sense to developers.
Wallgren of CloudBees noted. “Automation is auditing,” because automation collects data you need to prove “you did what you said would do.”
A number of polls were asked of attendees of the webianr, with one showing that the biggest barrier to auditing was data availability.
Watch the webinar on-demand to learn about:
Highlights from the Voice of the Enterprise report, and future trends to watch
Key areas of focus to unleash innovation in an audit-friendly way
How audit-ready pipelines make speed and compliance possible and without pain