From new and changing data protection laws to the widespread occurrence of data breaches, consumers are more aware than ever of how their data is being used and when their privacy is compromised. Companies must commit to an intentional, strategic approach for ensuring compliance across their infrastructure, throughout the software development and delivery lifecycles, and within the very fabric of their DevOps culture.
This Refcard covers the fundamental components of DevOps compliance as well as key steps for organizations to take in order to meet regulatory and security requirements, improve operational efficiency, and adapt as policies inevitably change.
Traditionally, deployment artifacts were types of archives that were transferred to the target environment and installed there. They could be simple .zip archives with binaries, Java's .jar or .war files, or simply .exe executables, among others. It is worth saying that this approach implied preliminary preparation, like installing and configuring all software dependencies.
The situation changed when Docker appeared. Moreover, the principle changed: now we operate Docker images like some self-sufficient sealed units containing everything the app needs to work. But we have to admit that both principle and technology are relatively new to the industry. Many companies still rely on a VM-based approach and classic deployment artifacts. And it's quite clear why they do this: infrastructure is already bought; Ops teams are trained on how to deploy, manage and monitor applications; and so forth. In two words, this journey seems to be very long and tough. To mitigate this, we can use the well-known step-by-step method with gradual adjustments to the existing delivery pipeline.
Objective data to measure software development is here, and it’s here to stay.
For a long time, the notion of using such data was thought to not really be possible. Thought leaders like Martin Fowler and Joel Spolsky basically said it couldn’t be done. Clearly, it’s a challenging task that frustrated software development managers everywhere. Shoot, I wrote an article way back when basically arguing that it is impossible to do.
Well, I’d continue to argue that it was impossible to do. But now, with the rise of tooling like git, Jira, and other project management tools, it started becoming clear that the data is there to enable us to get a closer, more data-driven look at what is going on inside software development projects. That data just had to be revealed.
When it comes to CI/CD tools, we’re all too familiar with Jenkins. It has been a popular choice among Java developers for continuous integration and continuous development approach. It is a super-effective tool to build and test projects, thereby making easy integration possible continuously. Also, it is an open-source tool that provides multiple plugins.
However, Jenkins isn’t the only CI/CD tool out there. You can pick a Jenkins alternative as you’ve got a lot of options!
It seems that nowadays, DevOps can mean many different things. As a DevOps expert at OutSystems, whenever I’m asked what this practice is all about, I like to say that it’s a way to deliver value faster to your end-users. More than a skill, a job role, or a tool, DevOps is a culture-shifting paradigm.
It’s about speeding up the flow of delivering software changes to your production environments and amplifying the feedback loops in your delivery pipeline so that you can catch problems early on during your development stage and act upon them quickly. This is why you always see practices like CI/CD and test automation closely associated with DevOps.
What Is SSH?
SSH is a network protocol that allows a secure connection between different computers. SSH protocol also referred to as Secure Shell, provides many functionalities like,
- Strong connection and security
- Strong authentication
- Maintains connection integrity
- Strong encryption.
In general, there are different ways of logging in to a remote machine,
Incident response found its way into our technological vernacular back in 1988 when the first internet worm — dubbed “The Morris Worm” — was released. In response, the Computer Emergency Response Team/ Coordination Center (CERT/CC) by DARPA was formed.
The goal of this nascent organization was to provide a central hub for communicating and coordinating a response to security incidents. In a nutshell, the goal of incident response is to quickly contain and mitigate an incident, with an impetus to limit damage while reducing recovery time and costs.
“It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change” – Charles Darwin
Software development is constantly changing. Teams need to be responsive to survive. DevOps was created to help organizations deal with constant change by responding quickly. This movement is designed to bring development and operations closer together so that they may collaborate and communicate more effectively.
Don't push me 'cause I'm close to the edge.
The state of software development is evolving rapidly as software developers and testers have started moving to DevOps. In the beginning, organizations used to have a simple process for development and operations, but now users demand a more enhanced and improved experience with every product, which requires proper testing, security, data, AI, and more.
When teams adopting DevOps ask me, “What should we measure to know that we’re improving?” I have reflexively rattled off the metrics from Accelerate.
- Throughput
- Deployment frequency (frequency an app is released)
- Lead Time (time from code commit to working in prod)
- Stability
- Change failure rate (changes requiring a subsequent fix or causing outage)
- Time to restore (typical restoration time when an outage occurs)
These broadly make sense and point to a high degree of automated deployment, testing, and robust monitoring. These tenants of DevOps have been helpful. The State of DevOps Report shows that strong performers in these areas outperform their competition in the market. The reality of that is something I have wagered on and won.
Collaboration for Incident Management
It is not true that ITIL disallows innovation and that DevOps and IT Service Management (ITSM) and the IT Infrastructure Library (ITIL) are like oil and water. ITIL is a framework from which you can take or leave portions you like and, in fact, this framework provides many useful paradigms for DevOps implementations.
There’s actually lots in common between ITIL and DevOps. ITIL is a set of detailed practices which provides a set of process frameworks. DevOps is primarily a culture of collaboration so there is no reason you cannot have a process framework integrate very well with a culture of collaboration.
Overview
DevOps, by design, works quickly and accomplishes deadline-driven projects rapidly. With this high amount of project turnover, visibility into key operational data is easy to mismanage and can lead to simple mistakes, lack of optimization, and organizational misalignment. To examine the effect of DevOps Visibility, SmartDraw commissioned the 2019 DevOps Visibility Report. The results were decisive: each company surveyed is seeking ways to better DevOps visibility, and 84% of respondents list it as somewhat to extremely important to their organization. But achieving DevOps visibility is not always simple.
Roadblocks to Achieving DevOps Visibility
Respondents identified that visibility reports take skilled workers away from their other priorities. In a small, fast-moving, lean team, removing a skilled worker from a key deadline-driven task can cause performance and timeliness to suffer.
"A good start is half the battle."
We can’t agree more. But with DevOps, a good start remains impossible for most of the organizations.
Earlier in 2018, Compuware CEO Chris O’Malley spoke with Jeff Dalton, host of the AgileCxO “Agile Leadership Podcast,” about Compuware’s Agile transformation from a company “dominated by maintenance…Waterfall thinking” to a DevOps-enabled enterprise delivering innovation every 90 days.
“We embarked on an aggressive journey to remake ourselves first, adopt things like Agile and DevOps, and then become an innovative force in remaking the mainframe. And the fate of the company has changed as a result of it,” Chris said.
