Agile 2014 Conference session
Every moment we are learning something new. The greatest challenge is to take advantage of this new information and do something substantial – something real – with it.
As an adventureman in the DevOps / Audit space, I have the privilege of evaluating the opportunities, risks, and future directions for many enterprises. The sophistication of these enterprises spans far and wide – From Fortune 20 companies, 700-person agile teams, to small startups and even smaller teams of five. These companies have one thing in common: a desire to create a business partnership that will accomplish secure, privacy minded, and compliant operations. To put it simply, these companies have the passion and rigor of overcoming a Big 4 audit.
On Wednesday I spoke at the Agile 2014 conference with esteemed author and innovator, Gene Kim. Our session title was, Keeping the Auditor away; DevOps Compliance Case Study. Attendees at this lecture benefited from a 90-person open collaboration and sharing of ideas. A few points resonated with me.
To lead a product development team requires skill beyond balancing the needs and output of the teams; it requires the talent of connecting the development activities to the governance of the business at the highest control level. The ability to serve the customer is only half of the job description. The other half consists of considering internal business stakeholders (internal auditing, marketing, information security, and compliance procedures).
- As soon as a process that is efficient and effective is identified, automate as many things as possible
- Automatically set gates throughout the testing process, against the configurable standards
- Leverage the application gates with configurable standards to conduct repeatable, verifiable, and scalable operational testing
- Operational testing must include complete and inline testing
- Centrally manage versioning of the configurations and deployments
- The testing executed should reflect internal and external requirements, general security, information security, compliance, development, and audit designed safeguards
- The output of this testing and the automated gates should result in hard evidence that can be easily presented during audits (ie: logs)
Startups and enterprises alike have the opportunity to be more secure, deploy better product, and achieve balance across controls to audit safeguards beyond those of traditional brick-and-mortar development shops. The basic attributes of success are highlighted above. Add some extreme talent in development, integration with security, compliance, and marketing and success is easily obtainable!
Thank you to everyone who attended and contributed. It was a truly outstanding experience and I look forward to continuing the collaboration. The slides from our presentation are available here.
To see the shared toolkit that is being developed for DevOps and Auditors – visit our shared public work in progress at http://bit.ly/DevOpsAudit.
A special thank you to Gene Kim and all those in the space who welcome everyone with a passion and desire to be a part of something great.