DevOps and related trends (cloud-native, digital transformation, etc.) are unquestionably mainstream, but they still come with difficulties. Many organizations are struggling with outdated governance models that slow down digital innovation, while not effectively reducing risk. Plan/build/run, stage-gated checklists, and approval boards are losing favor, but what will replace them? Risk management is still critical.
Special guest Charles Betz, Forrester Principal Analyst, joined Dan Beauregard, VP, Cloud & DevOps Evangelist at XebiaLabs, to discuss:
• The role of an integrated, end-to-end release pipeline in ensuring auditability and standards compliance
• The evolution and automation of change and release management and the decline of the Change Approval Board
• Chaos and resilience engineering as the basis for a new governance model
What's New in Teams Calling, Meetings and Devices March 2024
From Chaos to Compliance: The New Digital Governance for DevOps
1.
2. Housekeeping
• This webinar is being recorded
• Links to the slides and the recording will be
made available after the presentation
• You can post questions via the GoToWebinar
Control Panel
3. Hundreds of Companies
deliver software with
XebiaLabs
XebiaLabs DevOps Platform
providing intelligence, automation and control
across the entire software delivery process
Shift to
the Cloud
Migrate to
Containers
Connect all
Pipelines
Connect
CI/CD &
ITSM
Improve
Governance
& Security
SCALE DEVOPS ACROSS THE ENTERPRISE
4. 4
Dan Beauregard
VP, Cloud & DevOps Evangelist,
XebiaLabs
Guest Speaker: Charles Betz
Principal Analyst,
Forrester
Presenters
5. Agenda
Challenges with outdated governance models
What will the new governance model look like?
Role of the integrated, end-to-end release pipeline
Conclusions
13. 13
Governance
and Policy
. . . the Change Advisory Board shall
meet biweekly . . .
. . . Security engineers shall review all
release packages and complete the
signoff checklist prior to production
release . . .
. . . Infrastructure engineering shall
approve all general and detailed technical
architecture designs prior to
commencement of development . . .
27. 27
The Automated Governance Model
• Involve all stakeholders
from the beginning
• Review and simplify
process
• Remove unnecessary
controls
• Incorporate controls into
pipeline
• Codify and automate as
much as possible
• Continuous
Improvement
• Compliance data
available when you need
it
• Connect and orchestrate
across the entire
DevOps Toolchain
• Automate each step,
collecting data across all
tools
• Create software chain of
custody
Automated
Governance
Model
28. Role of the Integrated, End-to-end
Release Pipeline
36. …formal change management processes that require
the approval of an external body such as a change
advisory board (CAB) or a senior manager for significant
changes have a negative impact on software delivery
performance.
Survey respondents were 2.6 times more likely to be
low performers if their organization had this kind of
formal approval process in place.
DORA State of DevOps Report 2019
42. 42
ITSM vs CDRA Change Risk Assessment
ITSM CDRA
• User scoring (subjective)
• Inferred from configuration item (e.g. high value
service dependency)
• Track record of similar changes
• Track record of team
• Stability/history of service
• Commit history
• Build history
• Deploy history (e.g. in lower environments)
• Retries
• Static analysis
• Dependency analysis
• Schedule adherence
Both markets increasingly applying AI.
Forrester recommends strong integration of these capabilities.
45. 45
Software Chain of Custody
Like a legal case, software chain of custody tracks everything in your
software delivery pipeline
Know the who, what, where, and when of each change
Push-button audit reporting
• Automatically produce audit reports
• Remove the pain, improve the
completeness