Presentation is loading. Please wait.

Presentation is loading. Please wait.

WEBINAR Improving Application Delivery Governance With DevOps

Published byEmily Golden Modified over 6 years ago

Similar presentations

Presentation on theme: "WEBINAR Improving Application Delivery Governance With DevOps"— Presentation transcript:

1

2 WEBINAR Improving Application Delivery Governance With DevOps
Abstract Nearly every organization wants to deliver applications faster, with higher quality and lower cost. DevOps practices enable organizations to do this, but some organizations claim that they can’t use them because they are in regulated industries with stringent governance requirements. The truth is that DevOps practices give organizations the processes and tools they need to not only speed delivery and reduce cost, but to also improve their ability to govern application delivery. This webinar will describe how organizations are delivering faster while also improving their ability to govern. Outline the agenda of your presentation in three or more bullets Manual governance processes are slow, costly, and ineffective Agile practices improve transparency but are not sufficient DevOps practices improve control and consistency 4. What will attendees do differently because of this webinar? What will their key takeaways be? Don’t govern broken processes; fix them first Simpler processes are easier to control and automate Automation improves and enforces consistency Kurt Bittner, Principal Analyst Amy DeMartine, Senior Analyst December 15, Call in at 10:55 a.m. Eastern time

3

4 Regulated industries and safety-critical products have a problem.

5 Image source: Next Big Future (http://nextbigfuture.com/)
Consumers want this.

6 Image source: CNN (http://edition.cnn.com/)
Not this.

7 They want this. Image source: Ally Bank (

8 Not this.

9 That’s where governance comes in . . .
With so much riding on software, lots of people want to make sure nothing goes wrong with it. That’s where governance comes in . . .

10 Governance Compliance Audit (all companies, “control”)
(depends on industry, predefined controls) Audit

11 Prior to DevOps, governance looked like:
Segregation of duties CAB reviews Results of manual testing Image source: PKPolitics ( Manual approvals Code reviews

12 Good governance Inclusive Sustainable Transparent Consistent Constant

13 “We can have software running on 300 turbines, where we can model the wind, can optimize performance on the grid, and increase output by 20%. That’s the industrial Internet.” Image source: Business Insider ( Jeff Immelt, CEO, GE

14 Many organizations think DevOps is fine for web- based shopping, but regulated and safety-critical products require a slower and more careful approach. They’re wrong.

15 Automation and standardization make governance better and easier.
Speed and quality are not inherently opposed. Manual quality processes can be little more than risk management theater. Automation and standardization make governance better and easier. Image source: TripAdvisor (

16 Let’s look at how . . . Image source: TripAdvisor (

17 The application delivery pipeline
Idea proposed Understand needs and invent solutions. Functional testing Deploy solution. Production support Load, performance, security, testing UAT/exploratory testing Release decision. Develop, commit, and build. Image source: BVG8Science ( Provision environments.

18 Control point No. 1: control over work
UAT/Exploratory Testing Work is defined and prioritized only by authorized persons. Full transparency also improves collaboration and communication. Understand Needs and invent solutions Release Decision Develop, commit and& Build. Idea proposed Deploy Solution Production Support Functional Testing Image source: BVG8Science ( Idea Load, Performance, Security, … Testing Backlog Provision Environments

19 Control point No. 2: control over solution
Important characteristics of the solution (technology stack, architecture . . .) is defined and prioritized only by authorized persons. Full transparency also improves collaboration and communication. UAT/Exploratory Testing Understand needs and invent solutions Release Decision Develop, Commit & Build Idea proposed Deploy Solution Production Support Functional Testing Image source: BVG8Science ( Load, Performance, Security, … Testing Backlog Provision Environments

20 Control point No. 3: control over environments
Environment definitions are defined only by authorized persons. Control over who can create environments is also defined only by authorized persons. Idea proposed Understand Needs & Invent Solutions Functional Testing Deploy Solution Production Support Load, Performance, Security, … Testing UAT/Exploratory Testing Release Decision Develop, Commit & Build Image source: BVG8Science ( Provision environments.

21 Control point No. 3: control over environments
Idea proposed Understand Needs & Invent Solutions Functional Testing Deploy Solution Production Support Load, Performance, Security, … Testing UAT/Exploratory Testing Release Decision Environment provisioning automation Develop, Commit & Build Image source: BVG8Science ( Developers EA, testers Ops, and security versioned source repository Code environ configs tests Provision Environments Developers EA, testers Ops, and security

22 Control point No. 4: control over code
Code should be created or modified only by authorized persons. Code should be inspected to ensure that it conforms to standards: Peer review Static code analysis UAT/Exploratory Testing Understand Needs & Invent Solutions Release Decision Develop, commit, and build Idea proposed Deploy Solution Production Support Functional Testing Image source: BVG8Science ( Load, Performance, Security, … Testing Provision Environments

23 Control point No. 4: control over code
UAT/Exploratory Testing CI automation Environment Provisioning automation Understand Needs & Invent Solutions Release Decision Develop, Commit & Build Idea proposed Deploy Solution Production Support Functional Testing Static code analysis Peer code review Image source: BVG8Science ( Load, Performance, Security, … Testing versioned source repository Code environ configs tests Provision Environments Developers EA, testers Ops, and security

24 Control point No. 5: control over the software supply chain
UAT/Exploratory Testing Understand Needs & Invent Solutions Release Decision Develop, commit, and build Idea proposed Deploy Solution Production Support Functional Testing Applying supply chain principles to software gives greater control over the finished products. Choose fewer and better suppliers. Choose the highest quality parts. Track which parts went where. Image source: BVG8Science ( Load, Performance, Security, … Testing Provision Environments

25 Control point No. 5: control over the software supply chain
UAT/Exploratory Testing CI automation Understand Needs & Invent Solutions Release Decision Develop, Commit & Build Idea proposed Deploy Solution Production Support Functional Testing Image source: BVG8Science ( Load, Performance, Security, … Testing Artifact repository “Built” artifacts Open source Provision Environments EA, developers, Ops, QA, and security Vendors

26 Control point No. 6: control over the release process
UAT/exploratory testing Standardizing release processes improves consistency and auditability. Code should only be released to authorized environments by authorized persons or processes. Understand Needs & Invent Solutions Release decision. Develop, Commit & Build Idea proposed Deploy solution. Production Support Functional testing Image source: BVG8Science ( Load, performance, security, testing Provision Environments

27 Control point No. 6: control over the release process
The same release automation processes are used for deploying to test and prod environments. The only difference is the “decision to release” process. UAT/Exploratory Testing CI or pipeline automation Test environment provisioning automation Understand Needs & Invent Solutions Release Decision Develop, Commit & Build Idea proposed Deploy Solution Production Support Functional Testing Image source: BVG8Science ( Load, Performance, Security, … Testing versioned source repository Code environ configs tests Application release automation Provision Environments Developers EA, testers Ops, and security

28 Control point No. 7: control over quality assessment
UAT/exploratory testing Test automation can verify many/most/all compliance concerns, including security and safety-critical issues. Understand Needs & Invent Solutions Release decision. Develop, Commit & Build Idea proposed Production Support Functional testing Image source: BVG8Science ( Load, performance, security, testing Provision Environments

29 Control point No. 7: control over quality assessment
Release decision. UAT/Exploratory Testing CI or pipeline automation Test automation (Functional, load, scalability, security, reliability. . .) Understand Needs & Invent Solutions Release Decision Develop, Commit & Build Idea proposed Deploy Solution Production Support Functional Testing Image source: BVG8Science ( Load, Performance, Security, … Testing versioned source repository Code environ configs tests Provision Environments Developers EA, testers Ops, and security

30 Recommendations Gradually replace manual governance with automation.
Automate compliance reports using ALM/pipeline tools. Refocus specialists on automating compliance. DevOps tool support: Create and support “pipeline-as-a-service.” Security: Build secure frameworks and components. EA: Create and support platforms, certify components. Ops: Create and maintain standard configurations. Audit: Automate compliance tests in pipeline. Continuously improve. Image source: Next Big Future (

31 Kurt Bittner, Principal Analyst
@ksbittner Amy DeMartine, Senior Analyst @AmyDeMartine

Download ppt "WEBINAR Improving Application Delivery Governance With DevOps"

Similar presentations

Test Automation Success: Choosing the Right People & Process

Test Automation Success: Choosing the Right People & Process
HP Quality Center Overview.

HP Quality Center Overview.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
High-performing organizations are deploying code 30 times more frequently, with 50 percent fewer failures than their lower-performing counterparts. 1 1.

High-performing organizations are deploying code 30 times more frequently, with 50 percent fewer failures than their lower-performing counterparts. 1 1.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director

Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director
© copyright 2014 BMC Software, Inc. DevOps consultant Niek Bartholomeus Going DevOps with BMC.

© copyright 2014 BMC Software, Inc. DevOps consultant Niek Bartholomeus Going DevOps with BMC.
| Basel Verwalten von Deployments und Release Management – mit dem TFS 2013 ganz einfach! Hansjörg Scherer ALM Spezialist Microsoft

| Basel Verwalten von Deployments und Release Management – mit dem TFS 2013 ganz einfach! Hansjörg Scherer ALM Spezialist Microsoft
Enterprise Architecture

Enterprise Architecture
Know More. Do More. Spend Less. January 24, 2006 Monica Loomis, Senior Sales Consultant Oracle Contract Management.

Know More. Do More. Spend Less. January 24, 2006 Monica Loomis, Senior Sales Consultant Oracle Contract Management.
Seattle Area Software Quality Assurance Group Release and Configuration Management, The Acceleration of Change and Its Contribution To Software Quality.

Seattle Area Software Quality Assurance Group Release and Configuration Management, The Acceleration of Change and Its Contribution To Software Quality.
1 © Quality House QUALITY HOUSE The best testing partner in Bulgaria.

1 © Quality House QUALITY HOUSE The best testing partner in Bulgaria.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Improving Agility in Product Development and Pricing to Gain a Competitive Edge.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Improving Agility in Product Development and Pricing to Gain a Competitive Edge.
& Dev Ops. Sherwin-Williams & DevOps Introduction to Sherwin-Williams.

& Dev Ops. Sherwin-Williams & DevOps Introduction to Sherwin-Williams.
Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 What is Solution Assessment & Validation?

Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 What is Solution Assessment & Validation?
“How to Measure the Impact of Specific Development Practices on Fielded Defect Density” by Ann Marie Neufelder Presented by: Feride Padgett.

“How to Measure the Impact of Specific Development Practices on Fielded Defect Density” by Ann Marie Neufelder Presented by: Feride Padgett.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Phoenix Scrum User Group Simplifying Scrum Online May 21 st 2009.

Phoenix Scrum User Group Simplifying Scrum Online May 21 st 2009.
A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.

A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.
The Next Level Of Agile: DevOps and CD אוקטובר 2015.

The Next Level Of Agile: DevOps and CD אוקטובר 2015.

Similar presentations

Ads by Google