As we conclude in this three-part blog series, outlining three key pillars for devops success that are essential to any devops discussion in 2018, it would be remiss not to address the compliance and regulatory needs that software companies must satisfy.
In Part 1, we discussed value stream management—a way of looking at the software development lifecycle that measures true value and success of processes and tools. In Part 2, I covered the how-to and talked about visibility and context as essentials for building and delivering software that meets customer needs.
Visibility and measurement are the building blocks needed to meet compliance, governance and security obligations. Whether you’re a bank, an automobile manufacturer, a healthcare organization or even a government agency, your company has allocated people and resources to deliver software that may be a product, a service, or a component. But beyond just providing a positive customer experience, there is a particularly pressing need for Value Stream Management — enabled by visibility and context — for software delivery in industries with regulatory constraints.
Companies in the financial sector or in healthcare industries, for example, have governance, audit and risk obligations that set them apart from other industries. These organizations may be spending a great deal attempting to improve the way they deliver value to customers through software, but many of them don’t have a way of clearly showing the value of their efforts or an efficient way to show that they are meeting their regulatory requirements.
The higher profile, the easier it is to trace all aspects of a software service back to its corresponding code and responsible team members. This is essential for compliance. Organizations need to be able to trace every commit, every artifact and need a comprehensive view of the software development lifecycle to do this.
And while we are discussing governance and compliance, let’s not forget about security. Measurement and metrics are security’s best friends. The more fine-grained the context, the higher the security measures can be employed and the easier it will be to bake security into the early stage of the SDLC.
I was recently quoted in an article in the SD Times by Christina Cardoza where I talk about investing in security by bringing professionals into the team who are security-minded. But it’s more than just a mind-set and a pair of eyes looking out for red flags. Monitoring the lifecycle and running audits helps break down a large process into manageable parts, with adequate feedback at each stage.
To keep your company out of the headlines for a data breach, your teams need to start thinking about security from day one — in the software planning processes.
These three success factors for devops in 2018:
- Value streams
- Visibility and context
- Governance, compliance and security
will be focal points for all prominent discussions. Expect to see analyst research addressing these themes, presentations at events and articles and blogs.
It’s interesting to reflect on the changes I’ve observed in the software development industry over the last few years since joining CollabNet. In some ways, everything has changed — technology advances every day. In other respects, I see how the needs of enterprises really haven’t changed all that much. I talk to CTOs, CIOs, engineers and project managers every week who are all still just trying to figure out how to get development processes unified and aligned. They are searching for ways to view all people, processes and tools in a centralized way to deploy faster and with greater confidence.
Those challenges mentioned above are why CollabNet exists. We haven’t had to worry about whether our solutions were relevant or not — there’s no doubt about it.
Thanks for tuning in to this three-part series. Here’s to a new year of advancing the software delivery industry together. I can’t wait to see what innovations our customers unveil this year, and am honored by the role CollabNet plays in each one.
Cheers! Happy New Year!
This article is published as part of the IDG Contributor Network. Want to Join?