SlideShare ist ein Scribd-Unternehmen logo

Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise DevOps Teams

Als PPTX, PDF herunterladen
XebiaLabs
XebiaLabs

For most of us, compliance audits are painful processes that interfere with our ability to do our job – building and delivering software – and steal time and resources away from that next great innovation. Until now. The XebiaLabs Software Chain of Custody provides everything you need to visualize, monitor, and prove the integrity of your software delivery pipelines on demand. Push the button, get the report. You’re done. No more audit hell. Learn how a Software Chain of Custody helps: DevOps teams focus on doing what they love, rather than wasting valuable time putting together audit reports Executives gain full visibility into release pipelines so they can stop losing sleep over governance and security audits InfoSec teams and auditors instantly get the reports they need so they can quickly approve releases

Technologie
1 von 42
XebiaLabs Webinar Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise DevOps Teams
2 Housekeeping ▪ This webinar is being recorded ▪ Links to the slides and the recording will be made available after the presentation ▪ You can post questions via the GoToWebinar Control Panel
3 Top-ranked by Hundreds of Companies deliver software with XebiaLabs - faster, safer and more customer focused End-to-end Agile + DevOps Platform providing intelligence, automation and control across the entire software lifecycle Agile Planning, Continuous Delivery and DevOps pioneer, authority and technology leader Global Teams in the US, Europe & APAC  Enterprise Agile Planning  Application Release Orchestration  Value Stream Management
4 Meet Your Presenters Andreas PrinsDan Beauregard VP Cloud and DevOps Evangelist XebiaLabs VP Product Strategy XebiaLabs
5 Agenda ▪ Defining Chain of Custody ▪ 3 layers of the Software Chain of Custody ▪ 4 common patterns to avoid ▪ How to get started − Automation and acceleration in the modern era ▪ Q&A A couple of poll questions along the way
What the software development industry can learn from other industries from the Chain of Custody
7 End-to-end traceability, from raw materials to the end user product
8 For consumer products, strong certification is in place, where all stakeholders participate
9 The IT industry is falling behind…
10 If your software assets are the equivalent of the products, how do you take care of this chain? ? ? ?
11 Business Technical Governance 3 layers of the Software Chain of Custody
Building your business chain of custody
13 Understanding the business chain: Focus on relationships, from vision to execution ▪ A business chain often needs to be stretched earlier into the process to gain full visibility on why, and with what purpose, activities are executed ▪ Truly understanding and measuring whether goals are achieved is often hard, but worth it to build a cycle of validation Goal setting DefineIdeate Plan and execute Value validation and measurement
14 Build your own business chain: An exercise to execute within your departments and teams The Value-Stream-Mapping technique from Lean manufacturing is a useful instrument to understand your chain of custody in the first place. 1. Identify the process steps 2. Describe for each step the outcomes (artifacts) 3. List the actors that are involved 4. Identify where 1-2-3 are documented
15 Understand your own business chain: Identify the process steps Goal setting Define Plan and execute Quarterly goal setting and evaluation (Strategic) portfolio investment distribution Customer problem investigation Solution direction definition Quarterly roadmap refinement Quarterly program increment planning Bi-weekly execution through Scrum
16 Understand your own business chain: Describe the outcomes (artifacts) for each step Goal setting Define Plan and execute Quarterly goal setting and evaluation (Strategic) portfolio investment distribution Customer problem investigation Solution direction definition Quarterly Product roadmap refinement Quarterly program increment planning Bi-weekly execution through Scrum > Updated product roadmap > Updated arcitectural runway > Defined (ne) themes and Epics > Product Increment planning (session) > PI Objectives > System Demo(s) > Refined Epics > Defined Features > Refined Features > Refined stories > Sprint Demos > Working software Process > Updated strategic themes > Updated portfolio budgets > Updated Portfolio vision > Updated Program roadmap > Personas > Empathy maps > Problem definition > Journey Maps > Story Maps > Prototype > Designs
17 Understand your own business chain: List the actors that are involved Goal setting Define Plan and execute Quarterly goal setting and evaluation (Strategic) portfolio investment distribution Customer problem investigation Solution direction definition Quarterly Product roadmap refinement Quarterly program increment planning Bi-weekly execution through Scrum > Updated product roadmap > Updated arcitectural runway > Defined (ne) themes and Epics > Product Increment planning (session) > PI Objectives > System Demo(s) > Refined Epics > Defined Features > Refined Features > Refined stories > Sprint Demos > Working software ProcessArtifacts > Updated strategic themes > Updated portfolio budgets > Updated Portfolio vision > Updated Program roadmap > Personas > Empathy maps > Problem definition > Journey Maps > Story Maps > Prototype > Designs > System Arch. > Product Owner > Product Management > Business Owner > Agile Teams > Scrum Master > Producrt Owner > Business Owner > Scrum master > Product Owner > Agile/Dev Team > Management Team > Line Management > Product Team > Line Management > Epic Owners > Enterprise Architect > Business Owners > Product Management > UX Team
18 Understand your own business chain: Identify where everything is documented Goal setting Define Plan and execute Quarterly goal setting and evaluation (Strategic) portfolio investment distribution Customer problem investigation Solution direction definition Quarterly Product roadmap refinement Quarterly program increment planning Bi-weekly execution through Scrum > Updated product roadmap > Updated arcitectural runway > Defined themes and Epics > Product Increment planning (session) > PI Objectives > System Demo(s) > Refined Epics > Defined Features > Refined Features > Refined stories > Sprint Demos > Working software ProcessArtifacts > Updated strategic themes > Updated portfolio budgets > Updated Portfolio vision > Updated Program roadmap > Personas > Empathy maps > Problem definition > Journey Maps > Story Maps > Prototype > Designs > System Arch. > Product Owner > Product Management > Business Owner > Agile Teams > Scrum Master > Producrt Owner > Business Owner > Scrum master > Product Owner > Agile/Dev Team > Management Team > Line Management > Product Team > Line Management > Epic Owners > Enterprise Architect > Business Owners > Product Management > UX Team ActorSystem
19 Poll #1 How mature is your business chain of custody?  Runs like a well-oiled machine - we know all the data points  1/2 automated and 1/2 manual - most data points are known  Lacking data to complete the chain  Don’t even know where to look
Building your technology chain of custody
21 The technology chain has radically transformed in the last few years Automation through CI/CD and Cloud Technologies… ▪ Empowers organizations to delivered software more frequently ▪ Has enabled companies to have a full chain of connected activities ▪ Allows different personas to collaborate at various points in the chain ▪ Creates a lot of data about what happened, when it happened, how it happened Source control repository Build Package Non-prod deployment Prod deployment Dependency management Artifact repository Monitor deployed Source: IT Revolution, DevOps Automated Governance Reference Architecture
22 Asset Integrity depends on both product inspection and process inspection Product inspection Process inspection
23 Automation must also focus on software asset integrity Traceability—Is every software artifact stamped with a unique identifier that can be verified as the artifact moves through environments? Performance—Does the software perform as it should? Can you detect whether performance is degrading over time? Security—Is the software protected from data breaches and other security violations? Can you detect if and when security is compromised? Scalability—Can you increase capacity on the fly by adding physical servers, virtual machines, container instances, or pods?
2424 Product Inspection: Building product inspection into your technology chain Integrate security into all stages of the DevOps toolchain
25 Poll #2 How mature is your technology chain of custody?  Runs like a well-oiled machine - we know all the data points  1/2 automated and 1/2 manual - most data points are known  Lacking data to complete the chain  Don’t even know where to look
Building your governance chain of custody
27 Process Inspection: Build IT auditing into your governance chain Create governance chain that has the following qualities: ▪ Usable by both technical and non-technical users ▪ Each control, actor, and action should be uniquely verifiable ▪ Software should be traceable through all stages without DevOps intervention ▪ The audit log should be immutable Source: IT Revolution, DevOps Automated Governance Reference Architecture
28 Your governance chain can now prove compliance of your software pipelines ▪ Developers can stop wasting up to 20-30% of their valuable time piecing together audit reports so they can focus on doing what they love • Executives can get full visibility into release pipelines so they aren't losing sleep over governing and security audits • InfoSec teams and auditors get the reports they need with complete data Plan Develop Deliver Monitor
29 Poll #3 How mature is your governance chain of custody?  Runs like a well-oiled machine - we know all the data points  1/2 automated and 1/2 manual - most data points are known  Lacking data to complete the chain  Don’t even know where to look
The 4 most common patterns to avoid when building a true chain of custody
31 A million-dollar idea, but no idea about speed of execution and value creation
32 Keeping faith in existing manual practices rather than truly transforming them
33 Disconnected data points, no integral overview
34 Compliance will always stay an “after the fact” activity
Guidance to get started
36 Structure the business flow From having your ▪ ideas in mind, ▪ vision and goals from on paper, ▪ roadmaps in PowerPoint, ▪ planning from Excel ▪ work items in backlogs To everything structured and connected
37 From a fragmented business chain of custody to a connected flow of information Strategy Features Portfolios Epics Work Items Release On- Demand Artifacts Packages Commit Team Planning & Activity Visibility Portfolio Planning & Execution Management Planning & Test Execution Management Quality, Security and Compliance Dashboards Quality, Security, and Compliance Metrics across Value Streams Release Orchestration and Delivery Deployments Value Stream
38 Simplify the IT Control Framework Step 1 - Review audit rules and simplify compliance practices Step 2 - Create a process that is fast and compliant by default Step 3 - Automate the process from end to end
Demo: Push-Button Audit Reporting
40 Business Technical Governance Goal setting DefineIdeate Plan and execute Source control repository Build Package Non-prod deployment Prod deployment Dependency management Artifact repository Value validation and measurement Monitor deployed Get your own Software Chain of Custody right: simplify, structure, shift validation left and automate Plan Develop Deliver Monitor
41 Continuous effort! Continuous Feedback To get the model as simple as possible Continuous Improvement To include and automate more and more controls Continuous Collaboration To make sure all disciplines are involved
42 Thank you for joining The software chain of custody proves what happened, when it happened, where it happened, how it happened, and who made it happen Without this information, it’s impossible to meet compliance and security requirements as you develop and deliver software at scale Through CollabNet/XebiaLabs it is now possible to build a full software chain of custody, and cover your, business, technical and governance chain.

Empfohlen

From Chaos to Compliance: The New Digital Governance for DevOps
From Chaos to Compliance: The New Digital Governance for DevOpsFrom Chaos to Compliance: The New Digital Governance for DevOps
From Chaos to Compliance: The New Digital Governance for DevOpsXebiaLabs
 
Build a Bridge Between CI/CD and ITSM w/ Quint Technology
Build a Bridge Between CI/CD and ITSM w/ Quint TechnologyBuild a Bridge Between CI/CD and ITSM w/ Quint Technology
Build a Bridge Between CI/CD and ITSM w/ Quint TechnologyXebiaLabs
 
Supercharge Your Digital Transformation by Establishing a DevOps Platform
Supercharge Your Digital Transformation by Establishing a DevOps PlatformSupercharge Your Digital Transformation by Establishing a DevOps Platform
Supercharge Your Digital Transformation by Establishing a DevOps PlatformXebiaLabs
 
XebiaLabs: DevOps 2020 with Gene Kim
XebiaLabs: DevOps 2020 with Gene KimXebiaLabs: DevOps 2020 with Gene Kim
XebiaLabs: DevOps 2020 with Gene KimXebiaLabs
 
Deliver More Customer Value with Value Stream Management
Deliver More Customer Value with Value Stream ManagementDeliver More Customer Value with Value Stream Management
Deliver More Customer Value with Value Stream ManagementXebiaLabs
 
Infrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsInfrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsXebiaLabs
 
Don't Let Technology Slow Down Your Digital Transformation
Don't Let Technology Slow Down Your Digital Transformation Don't Let Technology Slow Down Your Digital Transformation
Don't Let Technology Slow Down Your Digital Transformation XebiaLabs
 
Make Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastMake Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastXebiaLabs
 

Empfohlen

From Chaos to Compliance: The New Digital Governance for DevOps
From Chaos to Compliance: The New Digital Governance for DevOpsFrom Chaos to Compliance: The New Digital Governance for DevOps
From Chaos to Compliance: The New Digital Governance for DevOpsXebiaLabs
 
Build a Bridge Between CI/CD and ITSM w/ Quint Technology
Build a Bridge Between CI/CD and ITSM w/ Quint TechnologyBuild a Bridge Between CI/CD and ITSM w/ Quint Technology
Build a Bridge Between CI/CD and ITSM w/ Quint TechnologyXebiaLabs
 
Supercharge Your Digital Transformation by Establishing a DevOps Platform
Supercharge Your Digital Transformation by Establishing a DevOps PlatformSupercharge Your Digital Transformation by Establishing a DevOps Platform
Supercharge Your Digital Transformation by Establishing a DevOps PlatformXebiaLabs
 
XebiaLabs: DevOps 2020 with Gene Kim
XebiaLabs: DevOps 2020 with Gene KimXebiaLabs: DevOps 2020 with Gene Kim
XebiaLabs: DevOps 2020 with Gene KimXebiaLabs
 
Deliver More Customer Value with Value Stream Management
Deliver More Customer Value with Value Stream ManagementDeliver More Customer Value with Value Stream Management
Deliver More Customer Value with Value Stream ManagementXebiaLabs
 
Infrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsInfrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsXebiaLabs
 
Don't Let Technology Slow Down Your Digital Transformation
Don't Let Technology Slow Down Your Digital Transformation Don't Let Technology Slow Down Your Digital Transformation
Don't Let Technology Slow Down Your Digital Transformation XebiaLabs
 
Make Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastMake Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastXebiaLabs
 
Is Your DevOps Ready for the Cloud?
Is Your DevOps Ready for the Cloud?Is Your DevOps Ready for the Cloud?
Is Your DevOps Ready for the Cloud?XebiaLabs
 
Accelerate Your Digital Transformation: How to Achieve Business Agility with ...
Accelerate Your Digital Transformation: How to Achieve Business Agility with ...Accelerate Your Digital Transformation: How to Achieve Business Agility with ...
Accelerate Your Digital Transformation: How to Achieve Business Agility with ...XebiaLabs
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeploySerena Software
 
XL Deploy Demo Slides
XL Deploy Demo SlidesXL Deploy Demo Slides
XL Deploy Demo SlidesXebiaLabs
 
The New Age of Enterprise DevOps
The New Age of Enterprise DevOpsThe New Age of Enterprise DevOps
The New Age of Enterprise DevOpsXebiaLabs
 
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)Serena Software
 
Starting and Scaling DevOps in the Enterprise
Starting and Scaling DevOps in the EnterpriseStarting and Scaling DevOps in the Enterprise
Starting and Scaling DevOps in the EnterpriseXebiaLabs
 
Continuous Delivery and DevOps at Rabobank
Continuous Delivery and DevOps at RabobankContinuous Delivery and DevOps at Rabobank
Continuous Delivery and DevOps at RabobankXebiaLabs
 
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...XebiaLabs
 
The Evolution of Application Release Automation
The Evolution of Application Release AutomationThe Evolution of Application Release Automation
The Evolution of Application Release AutomationXebiaLabs
 
Centralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMCentralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMSerena Software
 
Top 10 Best DevOps tools in 2020
Top 10 Best DevOps tools in 2020Top 10 Best DevOps tools in 2020
Top 10 Best DevOps tools in 2020prafulIQBusiness
 
Enterprise DevOps in the Age of Docker & Microservices
Enterprise DevOps in the Age of Docker & MicroservicesEnterprise DevOps in the Age of Docker & Microservices
Enterprise DevOps in the Age of Docker & MicroservicesXebiaLabs
 
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...Serena Software
 
Accelerate DevOps Transformation with App Migration to the Cloud
Accelerate DevOps Transformation with App Migration to the CloudAccelerate DevOps Transformation with App Migration to the Cloud
Accelerate DevOps Transformation with App Migration to the CloudXebiaLabs
 
Metrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation SuccessMetrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation SuccessXebiaLabs
 
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...XebiaLabs
 
Moving to Continuous Delivery with XebiaLabs XL Release
Moving to Continuous Delivery with XebiaLabs XL ReleaseMoving to Continuous Delivery with XebiaLabs XL Release
Moving to Continuous Delivery with XebiaLabs XL ReleaseXebiaLabs
 
DevOps Hits Adolescence – what’s next?
DevOps Hits Adolescence – what’s next?DevOps Hits Adolescence – what’s next?
DevOps Hits Adolescence – what’s next?XebiaLabs
 
Mendix Accelerates the Software Lifecycle
Mendix Accelerates the Software Lifecycle Mendix Accelerates the Software Lifecycle
Mendix Accelerates the Software Lifecycle Mendix
 
Performance Continuous Integration
Performance Continuous IntegrationPerformance Continuous Integration
Performance Continuous IntegrationAlmudena Vivanco
 
The Need for Speed
The Need for SpeedThe Need for Speed
The Need for SpeedCapgemini
 

Weitere ähnliche Inhalte

Was ist angesagt?

Is Your DevOps Ready for the Cloud?
Is Your DevOps Ready for the Cloud?Is Your DevOps Ready for the Cloud?
Is Your DevOps Ready for the Cloud?XebiaLabs
 
Accelerate Your Digital Transformation: How to Achieve Business Agility with ...
Accelerate Your Digital Transformation: How to Achieve Business Agility with ...Accelerate Your Digital Transformation: How to Achieve Business Agility with ...
Accelerate Your Digital Transformation: How to Achieve Business Agility with ...XebiaLabs
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeploySerena Software
 
XL Deploy Demo Slides
XL Deploy Demo SlidesXL Deploy Demo Slides
XL Deploy Demo SlidesXebiaLabs
 
The New Age of Enterprise DevOps
The New Age of Enterprise DevOpsThe New Age of Enterprise DevOps
The New Age of Enterprise DevOpsXebiaLabs
 
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)Serena Software
 
Starting and Scaling DevOps in the Enterprise
Starting and Scaling DevOps in the EnterpriseStarting and Scaling DevOps in the Enterprise
Starting and Scaling DevOps in the EnterpriseXebiaLabs
 
Continuous Delivery and DevOps at Rabobank
Continuous Delivery and DevOps at RabobankContinuous Delivery and DevOps at Rabobank
Continuous Delivery and DevOps at RabobankXebiaLabs
 
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...XebiaLabs
 
The Evolution of Application Release Automation
The Evolution of Application Release AutomationThe Evolution of Application Release Automation
The Evolution of Application Release AutomationXebiaLabs
 
Centralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMCentralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMSerena Software
 
Top 10 Best DevOps tools in 2020
Top 10 Best DevOps tools in 2020Top 10 Best DevOps tools in 2020
Top 10 Best DevOps tools in 2020prafulIQBusiness
 
Enterprise DevOps in the Age of Docker & Microservices
Enterprise DevOps in the Age of Docker & MicroservicesEnterprise DevOps in the Age of Docker & Microservices
Enterprise DevOps in the Age of Docker & MicroservicesXebiaLabs
 
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...Serena Software
 
Accelerate DevOps Transformation with App Migration to the Cloud
Accelerate DevOps Transformation with App Migration to the CloudAccelerate DevOps Transformation with App Migration to the Cloud
Accelerate DevOps Transformation with App Migration to the CloudXebiaLabs
 
Metrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation SuccessMetrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation SuccessXebiaLabs
 
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...XebiaLabs
 
Moving to Continuous Delivery with XebiaLabs XL Release
Moving to Continuous Delivery with XebiaLabs XL ReleaseMoving to Continuous Delivery with XebiaLabs XL Release
Moving to Continuous Delivery with XebiaLabs XL ReleaseXebiaLabs
 
DevOps Hits Adolescence – what’s next?
DevOps Hits Adolescence – what’s next?DevOps Hits Adolescence – what’s next?
DevOps Hits Adolescence – what’s next?XebiaLabs
 
Mendix Accelerates the Software Lifecycle
Mendix Accelerates the Software Lifecycle Mendix Accelerates the Software Lifecycle
Mendix Accelerates the Software Lifecycle Mendix
 

Was ist angesagt? (20)

Is Your DevOps Ready for the Cloud?
Is Your DevOps Ready for the Cloud?Is Your DevOps Ready for the Cloud?
Is Your DevOps Ready for the Cloud?
 
Accelerate Your Digital Transformation: How to Achieve Business Agility with ...
Accelerate Your Digital Transformation: How to Achieve Business Agility with ...Accelerate Your Digital Transformation: How to Achieve Business Agility with ...
Accelerate Your Digital Transformation: How to Achieve Business Agility with ...
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
 
XL Deploy Demo Slides
XL Deploy Demo SlidesXL Deploy Demo Slides
XL Deploy Demo Slides
 
The New Age of Enterprise DevOps
The New Age of Enterprise DevOpsThe New Age of Enterprise DevOps
The New Age of Enterprise DevOps
 
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
 
Starting and Scaling DevOps in the Enterprise
Starting and Scaling DevOps in the EnterpriseStarting and Scaling DevOps in the Enterprise
Starting and Scaling DevOps in the Enterprise
 
Continuous Delivery and DevOps at Rabobank
Continuous Delivery and DevOps at RabobankContinuous Delivery and DevOps at Rabobank
Continuous Delivery and DevOps at Rabobank
 
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
 
The Evolution of Application Release Automation
The Evolution of Application Release AutomationThe Evolution of Application Release Automation
The Evolution of Application Release Automation
 
Centralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMCentralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CM
 
Top 10 Best DevOps tools in 2020
Top 10 Best DevOps tools in 2020Top 10 Best DevOps tools in 2020
Top 10 Best DevOps tools in 2020
 
Enterprise DevOps in the Age of Docker & Microservices
Enterprise DevOps in the Age of Docker & MicroservicesEnterprise DevOps in the Age of Docker & Microservices
Enterprise DevOps in the Age of Docker & Microservices
 
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
 
Accelerate DevOps Transformation with App Migration to the Cloud
Accelerate DevOps Transformation with App Migration to the CloudAccelerate DevOps Transformation with App Migration to the Cloud
Accelerate DevOps Transformation with App Migration to the Cloud
 
Metrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation SuccessMetrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation Success
 
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
 
Moving to Continuous Delivery with XebiaLabs XL Release
Moving to Continuous Delivery with XebiaLabs XL ReleaseMoving to Continuous Delivery with XebiaLabs XL Release
Moving to Continuous Delivery with XebiaLabs XL Release
 
DevOps Hits Adolescence – what’s next?
DevOps Hits Adolescence – what’s next?DevOps Hits Adolescence – what’s next?
DevOps Hits Adolescence – what’s next?
 
Mendix Accelerates the Software Lifecycle
Mendix Accelerates the Software Lifecycle Mendix Accelerates the Software Lifecycle
Mendix Accelerates the Software Lifecycle
 

Ähnlich wie Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise DevOps Teams

Performance Continuous Integration
Performance Continuous IntegrationPerformance Continuous Integration
Performance Continuous IntegrationAlmudena Vivanco
 
The Need for Speed
The Need for SpeedThe Need for Speed
The Need for SpeedCapgemini
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Simon Storm
 
É possível medir se um gigante é ágil?
É possível medir se um gigante é ágil?É possível medir se um gigante é ágil?
É possível medir se um gigante é ágil?Alan Braz
 
To successfully deliver your IT project: build your team, build your Agile it...
To successfully deliver your IT project: build your team, build your Agile it...To successfully deliver your IT project: build your team, build your Agile it...
To successfully deliver your IT project: build your team, build your Agile it...Jean-François Nguyen
 
How DevOps supports the digital economy
How DevOps supports the digital economyHow DevOps supports the digital economy
How DevOps supports the digital economyNUS-ISS
 
Agile Release Management Best Practices
Agile Release Management Best PracticesAgile Release Management Best Practices
Agile Release Management Best PracticesAnmol Oberoi
 
Leveraging Analytics for DevOps
Leveraging Analytics for DevOpsLeveraging Analytics for DevOps
Leveraging Analytics for DevOpsMichael Floyd
 
Software quality assurance
Software quality assuranceSoftware quality assurance
Software quality assuranceEr. Nancy
 
SCM Migration Webinar - English
SCM Migration Webinar - EnglishSCM Migration Webinar - English
SCM Migration Webinar - EnglishCollabNet
 
Grails & DevOps: continuous integration and delivery in the cloud
Grails & DevOps: continuous integration and delivery in the cloudGrails & DevOps: continuous integration and delivery in the cloud
Grails & DevOps: continuous integration and delivery in the cloudGR8Conf
 
DevOps maturity models Knowit and DASA
DevOps maturity models Knowit and DASADevOps maturity models Knowit and DASA
DevOps maturity models Knowit and DASAKari Kakkonen
 
Measuring DevOps Impact to Boost Effectiveness
Measuring DevOps Impact to Boost EffectivenessMeasuring DevOps Impact to Boost Effectiveness
Measuring DevOps Impact to Boost EffectivenessVMware Tanzu
 
Metodologías agiles de desarrollo de software
Metodologías agiles de desarrollo de softwareMetodologías agiles de desarrollo de software
Metodologías agiles de desarrollo de softwareJuan Gomez
 
Value stream management is essential for dev ops v4
Value stream management is essential for dev ops v4Value stream management is essential for dev ops v4
Value stream management is essential for dev ops v4DevOps.com
 

Ähnlich wie Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise DevOps Teams (20)

Performance Continuous Integration
Performance Continuous IntegrationPerformance Continuous Integration
Performance Continuous Integration
 
The Need for Speed
The Need for SpeedThe Need for Speed
The Need for Speed
 
Key items for a digital enterprise
Key items for a digital enterpriseKey items for a digital enterprise
Key items for a digital enterprise
 
Agile at scale
Agile at scaleAgile at scale
Agile at scale
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
 
É possível medir se um gigante é ágil?
É possível medir se um gigante é ágil?É possível medir se um gigante é ágil?
É possível medir se um gigante é ágil?
 
To successfully deliver your IT project: build your team, build your Agile it...
To successfully deliver your IT project: build your team, build your Agile it...To successfully deliver your IT project: build your team, build your Agile it...
To successfully deliver your IT project: build your team, build your Agile it...
 
How DevOps supports the digital economy
How DevOps supports the digital economyHow DevOps supports the digital economy
How DevOps supports the digital economy
 
Journey to the center of DevOps - v6
Journey to the center of DevOps - v6Journey to the center of DevOps - v6
Journey to the center of DevOps - v6
 
Agile Release Management Best Practices
Agile Release Management Best PracticesAgile Release Management Best Practices
Agile Release Management Best Practices
 
Leveraging Analytics for DevOps
Leveraging Analytics for DevOpsLeveraging Analytics for DevOps
Leveraging Analytics for DevOps
 
Software quality assurance
Software quality assuranceSoftware quality assurance
Software quality assurance
 
Forward5 Auxis VMware
Forward5 Auxis VMwareForward5 Auxis VMware
Forward5 Auxis VMware
 
SCM Migration Webinar - English
SCM Migration Webinar - EnglishSCM Migration Webinar - English
SCM Migration Webinar - English
 
Dev ops lpi-701
Dev ops lpi-701Dev ops lpi-701
Dev ops lpi-701
 
Grails & DevOps: continuous integration and delivery in the cloud
Grails & DevOps: continuous integration and delivery in the cloudGrails & DevOps: continuous integration and delivery in the cloud
Grails & DevOps: continuous integration and delivery in the cloud
 
DevOps maturity models Knowit and DASA
DevOps maturity models Knowit and DASADevOps maturity models Knowit and DASA
DevOps maturity models Knowit and DASA
 
Measuring DevOps Impact to Boost Effectiveness
Measuring DevOps Impact to Boost EffectivenessMeasuring DevOps Impact to Boost Effectiveness
Measuring DevOps Impact to Boost Effectiveness
 
Metodologías agiles de desarrollo de software
Metodologías agiles de desarrollo de softwareMetodologías agiles de desarrollo de software
Metodologías agiles de desarrollo de software
 
Value stream management is essential for dev ops v4
Value stream management is essential for dev ops v4Value stream management is essential for dev ops v4
Value stream management is essential for dev ops v4
 

Mehr von XebiaLabs

Compliance und Sicherheit im Rahmen von Software-Deployments
Compliance und Sicherheit im Rahmen von Software-DeploymentsCompliance und Sicherheit im Rahmen von Software-Deployments
Compliance und Sicherheit im Rahmen von Software-DeploymentsXebiaLabs
 
All Roads Lead to DevOps
All Roads Lead to DevOpsAll Roads Lead to DevOps
All Roads Lead to DevOpsXebiaLabs
 
Reaching Cloud Utopia: How to Create a Single Pipeline for Hybrid Deployments
Reaching Cloud Utopia: How to Create a Single Pipeline for Hybrid DeploymentsReaching Cloud Utopia: How to Create a Single Pipeline for Hybrid Deployments
Reaching Cloud Utopia: How to Create a Single Pipeline for Hybrid DeploymentsXebiaLabs
 
Avoid Troubled Waters: Building a Bridge Between ServiceNow and CI/CD
Avoid Troubled Waters: Building a Bridge Between ServiceNow and CI/CDAvoid Troubled Waters: Building a Bridge Between ServiceNow and CI/CD
Avoid Troubled Waters: Building a Bridge Between ServiceNow and CI/CDXebiaLabs
 
Shift Left and Automate: How to Bake Compliance and Security into Your Softwa...
Shift Left and Automate: How to Bake Compliance and Security into Your Softwa...Shift Left and Automate: How to Bake Compliance and Security into Your Softwa...
Shift Left and Automate: How to Bake Compliance and Security into Your Softwa...XebiaLabs
 
2019 DevOps Predictions
2019 DevOps Predictions2019 DevOps Predictions
2019 DevOps PredictionsXebiaLabs
 
Building a Bridge Between CI/CD and ITSM
Building a Bridge Between CI/CD and ITSMBuilding a Bridge Between CI/CD and ITSM
Building a Bridge Between CI/CD and ITSMXebiaLabs
 
The Accelerate State of DevOps Report
The Accelerate State of DevOps ReportThe Accelerate State of DevOps Report
The Accelerate State of DevOps ReportXebiaLabs
 
Container Shangri-La Attaining the Promise of Container Paradise
Container Shangri-La Attaining the Promise of Container ParadiseContainer Shangri-La Attaining the Promise of Container Paradise
Container Shangri-La Attaining the Promise of Container ParadiseXebiaLabs
 
Winning at Culture
Winning at CultureWinning at Culture
Winning at CultureXebiaLabs
 
On the Road to Shangri-La: Scaling CD from Teams to the Enterprise
On the Road to Shangri-La: Scaling CD from Teams to the EnterpriseOn the Road to Shangri-La: Scaling CD from Teams to the Enterprise
On the Road to Shangri-La: Scaling CD from Teams to the EnterpriseXebiaLabs
 
DevOps Shangri-La: Mystical Claims of Paradise
DevOps Shangri-La: Mystical Claims of ParadiseDevOps Shangri-La: Mystical Claims of Paradise
DevOps Shangri-La: Mystical Claims of ParadiseXebiaLabs
 
Measuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionMeasuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionXebiaLabs
 
Measuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionMeasuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionXebiaLabs
 
Measure Your DevOps Success: Using Goal-based KPIs to Drive Results and Demon...
Measure Your DevOps Success: Using Goal-based KPIs to Drive Results and Demon...Measure Your DevOps Success: Using Goal-based KPIs to Drive Results and Demon...
Measure Your DevOps Success: Using Goal-based KPIs to Drive Results and Demon...XebiaLabs
 
Scaling DevOps - delivering on the promise of business velocity and quality
Scaling DevOps - delivering on the promise of business velocity and qualityScaling DevOps - delivering on the promise of business velocity and quality
Scaling DevOps - delivering on the promise of business velocity and qualityXebiaLabs
 
Five Ways Automation Has Increased Application Deployment and Changed Culture
Five Ways Automation Has Increased Application Deployment and Changed CultureFive Ways Automation Has Increased Application Deployment and Changed Culture
Five Ways Automation Has Increased Application Deployment and Changed CultureXebiaLabs
 

Mehr von XebiaLabs (17)

Compliance und Sicherheit im Rahmen von Software-Deployments
Compliance und Sicherheit im Rahmen von Software-DeploymentsCompliance und Sicherheit im Rahmen von Software-Deployments
Compliance und Sicherheit im Rahmen von Software-Deployments
 
All Roads Lead to DevOps
All Roads Lead to DevOpsAll Roads Lead to DevOps
All Roads Lead to DevOps
 
Reaching Cloud Utopia: How to Create a Single Pipeline for Hybrid Deployments
Reaching Cloud Utopia: How to Create a Single Pipeline for Hybrid DeploymentsReaching Cloud Utopia: How to Create a Single Pipeline for Hybrid Deployments
Reaching Cloud Utopia: How to Create a Single Pipeline for Hybrid Deployments
 
Avoid Troubled Waters: Building a Bridge Between ServiceNow and CI/CD
Avoid Troubled Waters: Building a Bridge Between ServiceNow and CI/CDAvoid Troubled Waters: Building a Bridge Between ServiceNow and CI/CD
Avoid Troubled Waters: Building a Bridge Between ServiceNow and CI/CD
 
Shift Left and Automate: How to Bake Compliance and Security into Your Softwa...
Shift Left and Automate: How to Bake Compliance and Security into Your Softwa...Shift Left and Automate: How to Bake Compliance and Security into Your Softwa...
Shift Left and Automate: How to Bake Compliance and Security into Your Softwa...
 
2019 DevOps Predictions
2019 DevOps Predictions2019 DevOps Predictions
2019 DevOps Predictions
 
Building a Bridge Between CI/CD and ITSM
Building a Bridge Between CI/CD and ITSMBuilding a Bridge Between CI/CD and ITSM
Building a Bridge Between CI/CD and ITSM
 
The Accelerate State of DevOps Report
The Accelerate State of DevOps ReportThe Accelerate State of DevOps Report
The Accelerate State of DevOps Report
 
Container Shangri-La Attaining the Promise of Container Paradise
Container Shangri-La Attaining the Promise of Container ParadiseContainer Shangri-La Attaining the Promise of Container Paradise
Container Shangri-La Attaining the Promise of Container Paradise
 
Winning at Culture
Winning at CultureWinning at Culture
Winning at Culture
 
On the Road to Shangri-La: Scaling CD from Teams to the Enterprise
On the Road to Shangri-La: Scaling CD from Teams to the EnterpriseOn the Road to Shangri-La: Scaling CD from Teams to the Enterprise
On the Road to Shangri-La: Scaling CD from Teams to the Enterprise
 
DevOps Shangri-La: Mystical Claims of Paradise
DevOps Shangri-La: Mystical Claims of ParadiseDevOps Shangri-La: Mystical Claims of Paradise
DevOps Shangri-La: Mystical Claims of Paradise
 
Measuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionMeasuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in Action
 
Measuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionMeasuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in Action
 
Measure Your DevOps Success: Using Goal-based KPIs to Drive Results and Demon...
Measure Your DevOps Success: Using Goal-based KPIs to Drive Results and Demon...Measure Your DevOps Success: Using Goal-based KPIs to Drive Results and Demon...
Measure Your DevOps Success: Using Goal-based KPIs to Drive Results and Demon...
 
Scaling DevOps - delivering on the promise of business velocity and quality
Scaling DevOps - delivering on the promise of business velocity and qualityScaling DevOps - delivering on the promise of business velocity and quality
Scaling DevOps - delivering on the promise of business velocity and quality
 
Five Ways Automation Has Increased Application Deployment and Changed Culture
Five Ways Automation Has Increased Application Deployment and Changed CultureFive Ways Automation Has Increased Application Deployment and Changed Culture
Five Ways Automation Has Increased Application Deployment and Changed Culture
 

Kürzlich hochgeladen

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

Kürzlich hochgeladen (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 

Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise DevOps Teams

  • 1. XebiaLabs Webinar Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise DevOps Teams
  • 2. 2 Housekeeping ▪ This webinar is being recorded ▪ Links to the slides and the recording will be made available after the presentation ▪ You can post questions via the GoToWebinar Control Panel
  • 3. 3 Top-ranked by Hundreds of Companies deliver software with XebiaLabs - faster, safer and more customer focused End-to-end Agile + DevOps Platform providing intelligence, automation and control across the entire software lifecycle Agile Planning, Continuous Delivery and DevOps pioneer, authority and technology leader Global Teams in the US, Europe & APAC  Enterprise Agile Planning  Application Release Orchestration  Value Stream Management
  • 4. 4 Meet Your Presenters Andreas PrinsDan Beauregard VP Cloud and DevOps Evangelist XebiaLabs VP Product Strategy XebiaLabs
  • 5. 5 Agenda ▪ Defining Chain of Custody ▪ 3 layers of the Software Chain of Custody ▪ 4 common patterns to avoid ▪ How to get started − Automation and acceleration in the modern era ▪ Q&A A couple of poll questions along the way
  • 6. What the software development industry can learn from other industries from the Chain of Custody
  • 7. 7 End-to-end traceability, from raw materials to the end user product
  • 8. 8 For consumer products, strong certification is in place, where all stakeholders participate
  • 9. 9 The IT industry is falling behind…
  • 10. 10 If your software assets are the equivalent of the products, how do you take care of this chain? ? ? ?
  • 11. 11 Business Technical Governance 3 layers of the Software Chain of Custody
  • 12. Building your business chain of custody
  • 13. 13 Understanding the business chain: Focus on relationships, from vision to execution ▪ A business chain often needs to be stretched earlier into the process to gain full visibility on why, and with what purpose, activities are executed ▪ Truly understanding and measuring whether goals are achieved is often hard, but worth it to build a cycle of validation Goal setting DefineIdeate Plan and execute Value validation and measurement
  • 14. 14 Build your own business chain: An exercise to execute within your departments and teams The Value-Stream-Mapping technique from Lean manufacturing is a useful instrument to understand your chain of custody in the first place. 1. Identify the process steps 2. Describe for each step the outcomes (artifacts) 3. List the actors that are involved 4. Identify where 1-2-3 are documented
  • 15. 15 Understand your own business chain: Identify the process steps Goal setting Define Plan and execute Quarterly goal setting and evaluation (Strategic) portfolio investment distribution Customer problem investigation Solution direction definition Quarterly roadmap refinement Quarterly program increment planning Bi-weekly execution through Scrum
  • 16. 16 Understand your own business chain: Describe the outcomes (artifacts) for each step Goal setting Define Plan and execute Quarterly goal setting and evaluation (Strategic) portfolio investment distribution Customer problem investigation Solution direction definition Quarterly Product roadmap refinement Quarterly program increment planning Bi-weekly execution through Scrum > Updated product roadmap > Updated arcitectural runway > Defined (ne) themes and Epics > Product Increment planning (session) > PI Objectives > System Demo(s) > Refined Epics > Defined Features > Refined Features > Refined stories > Sprint Demos > Working software Process > Updated strategic themes > Updated portfolio budgets > Updated Portfolio vision > Updated Program roadmap > Personas > Empathy maps > Problem definition > Journey Maps > Story Maps > Prototype > Designs
  • 17. 17 Understand your own business chain: List the actors that are involved Goal setting Define Plan and execute Quarterly goal setting and evaluation (Strategic) portfolio investment distribution Customer problem investigation Solution direction definition Quarterly Product roadmap refinement Quarterly program increment planning Bi-weekly execution through Scrum > Updated product roadmap > Updated arcitectural runway > Defined (ne) themes and Epics > Product Increment planning (session) > PI Objectives > System Demo(s) > Refined Epics > Defined Features > Refined Features > Refined stories > Sprint Demos > Working software ProcessArtifacts > Updated strategic themes > Updated portfolio budgets > Updated Portfolio vision > Updated Program roadmap > Personas > Empathy maps > Problem definition > Journey Maps > Story Maps > Prototype > Designs > System Arch. > Product Owner > Product Management > Business Owner > Agile Teams > Scrum Master > Producrt Owner > Business Owner > Scrum master > Product Owner > Agile/Dev Team > Management Team > Line Management > Product Team > Line Management > Epic Owners > Enterprise Architect > Business Owners > Product Management > UX Team
  • 18. 18 Understand your own business chain: Identify where everything is documented Goal setting Define Plan and execute Quarterly goal setting and evaluation (Strategic) portfolio investment distribution Customer problem investigation Solution direction definition Quarterly Product roadmap refinement Quarterly program increment planning Bi-weekly execution through Scrum > Updated product roadmap > Updated arcitectural runway > Defined themes and Epics > Product Increment planning (session) > PI Objectives > System Demo(s) > Refined Epics > Defined Features > Refined Features > Refined stories > Sprint Demos > Working software ProcessArtifacts > Updated strategic themes > Updated portfolio budgets > Updated Portfolio vision > Updated Program roadmap > Personas > Empathy maps > Problem definition > Journey Maps > Story Maps > Prototype > Designs > System Arch. > Product Owner > Product Management > Business Owner > Agile Teams > Scrum Master > Producrt Owner > Business Owner > Scrum master > Product Owner > Agile/Dev Team > Management Team > Line Management > Product Team > Line Management > Epic Owners > Enterprise Architect > Business Owners > Product Management > UX Team ActorSystem
  • 19. 19 Poll #1 How mature is your business chain of custody?  Runs like a well-oiled machine - we know all the data points  1/2 automated and 1/2 manual - most data points are known  Lacking data to complete the chain  Don’t even know where to look
  • 20. Building your technology chain of custody
  • 21. 21 The technology chain has radically transformed in the last few years Automation through CI/CD and Cloud Technologies… ▪ Empowers organizations to delivered software more frequently ▪ Has enabled companies to have a full chain of connected activities ▪ Allows different personas to collaborate at various points in the chain ▪ Creates a lot of data about what happened, when it happened, how it happened Source control repository Build Package Non-prod deployment Prod deployment Dependency management Artifact repository Monitor deployed Source: IT Revolution, DevOps Automated Governance Reference Architecture
  • 22. 22 Asset Integrity depends on both product inspection and process inspection Product inspection Process inspection
  • 23. 23 Automation must also focus on software asset integrity Traceability—Is every software artifact stamped with a unique identifier that can be verified as the artifact moves through environments? Performance—Does the software perform as it should? Can you detect whether performance is degrading over time? Security—Is the software protected from data breaches and other security violations? Can you detect if and when security is compromised? Scalability—Can you increase capacity on the fly by adding physical servers, virtual machines, container instances, or pods?
  • 24. 2424 Product Inspection: Building product inspection into your technology chain Integrate security into all stages of the DevOps toolchain
  • 25. 25 Poll #2 How mature is your technology chain of custody?  Runs like a well-oiled machine - we know all the data points  1/2 automated and 1/2 manual - most data points are known  Lacking data to complete the chain  Don’t even know where to look
  • 26. Building your governance chain of custody
  • 27. 27 Process Inspection: Build IT auditing into your governance chain Create governance chain that has the following qualities: ▪ Usable by both technical and non-technical users ▪ Each control, actor, and action should be uniquely verifiable ▪ Software should be traceable through all stages without DevOps intervention ▪ The audit log should be immutable Source: IT Revolution, DevOps Automated Governance Reference Architecture
  • 28. 28 Your governance chain can now prove compliance of your software pipelines ▪ Developers can stop wasting up to 20-30% of their valuable time piecing together audit reports so they can focus on doing what they love • Executives can get full visibility into release pipelines so they aren't losing sleep over governing and security audits • InfoSec teams and auditors get the reports they need with complete data Plan Develop Deliver Monitor
  • 29. 29 Poll #3 How mature is your governance chain of custody?  Runs like a well-oiled machine - we know all the data points  1/2 automated and 1/2 manual - most data points are known  Lacking data to complete the chain  Don’t even know where to look
  • 30. The 4 most common patterns to avoid when building a true chain of custody
  • 31. 31 A million-dollar idea, but no idea about speed of execution and value creation
  • 32. 32 Keeping faith in existing manual practices rather than truly transforming them
  • 33. 33 Disconnected data points, no integral overview
  • 34. 34 Compliance will always stay an “after the fact” activity
  • 35. Guidance to get started
  • 36. 36 Structure the business flow From having your ▪ ideas in mind, ▪ vision and goals from on paper, ▪ roadmaps in PowerPoint, ▪ planning from Excel ▪ work items in backlogs To everything structured and connected
  • 37. 37 From a fragmented business chain of custody to a connected flow of information Strategy Features Portfolios Epics Work Items Release On- Demand Artifacts Packages Commit Team Planning & Activity Visibility Portfolio Planning & Execution Management Planning & Test Execution Management Quality, Security and Compliance Dashboards Quality, Security, and Compliance Metrics across Value Streams Release Orchestration and Delivery Deployments Value Stream
  • 38. 38 Simplify the IT Control Framework Step 1 - Review audit rules and simplify compliance practices Step 2 - Create a process that is fast and compliant by default Step 3 - Automate the process from end to end
  • 40. 40 Business Technical Governance Goal setting DefineIdeate Plan and execute Source control repository Build Package Non-prod deployment Prod deployment Dependency management Artifact repository Value validation and measurement Monitor deployed Get your own Software Chain of Custody right: simplify, structure, shift validation left and automate Plan Develop Deliver Monitor
  • 41. 41 Continuous effort! Continuous Feedback To get the model as simple as possible Continuous Improvement To include and automate more and more controls Continuous Collaboration To make sure all disciplines are involved
  • 42. 42 Thank you for joining The software chain of custody proves what happened, when it happened, where it happened, how it happened, and who made it happen Without this information, it’s impossible to meet compliance and security requirements as you develop and deliver software at scale Through CollabNet/XebiaLabs it is now possible to build a full software chain of custody, and cover your, business, technical and governance chain.

Hinweis der Redaktion

  1. Before we begin, a few housekeeping notes. This webinar is being recorded, and links to the recording and to these slides will be shared after the webinar is over. If you have questions, please share them in the GoToWebinar control panel, and we’ll address them near the end of the webinar.
  2. A quick introduction, for those of you who may not be familiar with XebiaLabs: we’ve been part of the DevOps movement since the very early days. We’re solely focused on DevOps and Continuous Delivery and we’ve been repeatedly recognized as a leader by the top analysts in this space. You can find our customers across many of the best known and best run companies around the world. They’re in all types of industries from financial services, to retail, to manufacturing... all the way to the public sector and government agencies. We just recently announced that we will be merging with CollabNet VersionOne to create a new company which unites CollabNet VersionOne’s up-stream Agile planning functionality with XebiaLabs downstream release orchestration and deployment automation capabilities. Together, we will provide enterprises with and end-to-end agile + devops platform that can deliver unprecedented visibility and value across the software development and delivery lifecycle. If you are a XebiaLabs or CollabNet VersionOne customer, rest assured, non of your great capabilities are going away or will you forced to make any unwanted changes. Overtime, you will see great additions that will make your platforms even stronger and more valuable to your organization.
  3. Thanks everyone for joining us today. We are exciting to discuss how a Software Chain of Custody can help your organization, especially around compliance and audit times. Some of you may have viewed a previous webinar of ours on making Audit Nightmares a thing of the Past. Don’t worry, that is not a pre-requisite for today’s discussion. And if you did join, I think you will find today’s discussion will complement that one by focusing on the creation of the software chain and immediate benefits you can achieve. Todays agenda: First: Provide a much wider view of a software chain of custody, why it is crucial and how it will strengthen you company We will then introduce the 3 layer that make up the chain of custody We will look at some patterns you should avoid Give practical guidance on where to start and how to achieve real benefits from your software chain. We will also sprinkle in a couple poll questions along the way…
  4. Andreas makes statement… Dan: With the enhancements gained from implementing DevOps practices, along with an abundance of new modern tools and automation, we have seen significant increases in the speed of delivering software. But what has become obvious is speed alone is not enough. We have started to lose visibility across our pipelines. The amount of data that is being generated by all of these tools can become overbearing. Furthermore, the ability to gain contextual data that spans a devops toolchain that consist of 15 to 25 or more tools is becoming almost impossible. We must find a way to automate this process. Just as automation with testing, deployment and security tools reduced variation and manual error within the pipelines, we need to automate the collection and unification of data across the pipelines to create a traceable record from ideation to production. Andreas, yes, the industry is behind. There is a strong need to rectify this problem. What I do find encouraging is that connecting and unifying data across the pipeline from planning through production will have significant other benefits for organizations as well. Value mapping and advanced analytics certainly come to mind…
  5. Andreas
  6. Use a whiteboard to start clearing Investigate the business layer: Quarterly planning cycle, the involvement of everyone to be aligned with the goal Identify all the bookkeeping that is taking place. Bookkeeping has never been more important, tickets, planning, vision, budgeting, setting the right connections etc. List underlying development and delivery cycle, use Value Stream Mapping to create the flow from code to finish. Business outcomes vs business objectives Define where everything is stored
  7. Explain we take the business chain as example, but don’t go in detail for the technical chain. This is also more easy to do since systems are often already connected.
  8. Building, visualizing and getting ready for inspecting…
  9. The technology chain has evolved immensely over the last quite a few years. I have provided an example of a technology chain here which was taken from the “Automated Governance Reference Architecture” from IT Revolution. I had the opportunity to co-author this paper with some great minds in the DevOps space. The paper is closely aligned with what Andreas and I are discussing today, so encourage anyone to reference this report if they are interested in additional information. As we discussed earlier, the advancement in DevOps practices and automation along with the technology advances, such as cloud, containers and serverless, has enabled organizations to build faster and more efficient pipelines. These advances has certainly had some pretty positive outcomes… 1) Organizations are empowered to deliver code faster, more efficiently and more reliably 2) Integration and automation has enable more tightly connected pipelines 3) Has allowed for better collaboration across different personas and groups 4) And improved visibility into data that describes what happened, when it happened and by who
  10. Speed, automation and loosely coupled data are great, but we still need more. It’s widely accepted that every business is a software business, which means that every large enterprise that builds, buys, or runs software—from leading retailers, to financial service providers, to insurance companies, and more— must be concerned with the integrity of its software assets. Software asset integrity is inexorably linked to the credibility of your corporate brand, meaning any negative publicity or event tied to your applications can lead to lost business income, operational shutdown, or breach of contract. Software asset integrity is everyone’s responsibility: from C-level executives to product owners, release managers, auditors, and DevOps team members. All stakeholders need visibility into all phase of software delivery from planning, design, build, test, release, and monitoring processes, so they can prove that the software running in their environments is truly what it claims to be. Just like in manufacturing, there are two areas that we need to be concerned about. Product inspection and process inspection…. As you build your technology pipelines, you must not only protect the quality of your asset, but the process in which the asset flows from planning all the way to production.
  11. With our extreme focus on speed and automation, we have lost some other important qualities of asset integrity that are related to both Product Inspection and Process Inspection… Traceability: Can you trace with certainly, you asset through the pipeline? Critical that the asset is immutable from stage to stage. Performance: Are you able to detect performance issues at peak times, or degradation over time? Scalability: Can you increase or decrease capacity of your system simply by adding or removing nodes? Security: And how protected are you against data breaches or other security violations?
  12. Just as we looked at the IT Revolution technology chain earlier, let’s now walk-through Gartner’s DevOps Toolchain with integrated security. All of these examples are types of Product Inspection techniques that prove the integrity of your artifacts. Create/Development stage: To deliver on the “shift-left” approach, companies should utilize tools that integrate directly into the dev’s CI/CD environment Verify/Build stage: Additional security test should be run including SAST, DAST and SCA (Software Composition Analyses for Opensource software) Preprod: Organizations should evaluate application security testing solutions that identify how product code reacts to both known attacks and nondeterministic tests. Introducing chaos testing during pre-production is starting to become more popular. Release: Validating time stamp signatures prior to release… which really should happen before all pre-prod stages as well. Detect/Respond: Despite all of the previous preventative actions, vulnerabilities will inevitably make it into production. Therefore leveraging Runtime application self-protection solutions (RASP) can help respond to attacks by either self-protecting or failing safe. All of these are great examples of tools that prove compliance by validating the integrity of the product. All of this data needs to be captures as part of your technology chain of custody.
  13. Andreas
  14. Now let’s take process inspection into consideration… Again, DevOps practices have increased the tempo of software delivery. If we can push a change to production every few minutes, no manual governance process can keep up. So, just as we have automated other parts of the software pipeline, we must also seek to automate the governance process. The model to the right represents a single phase in the software development and delivery pipeline (This is also referenced from the Automated Governance Report from IT Revolution). For each stage, this model identifies a set of inputs and outputs, which typically map to the asset. You then have the actors and the actions that can occur during that stage along with a set of risks that can be attributed to the stage. Finally, based on these risks, a set of controls are chosen to mitigate the risks and attest to the integrity of all actions. This model is really describing a method that can be used to prove who did what, when, and how. All of these steps are critical components of Process Inspection and must be properly captured. A governance chain should also consist of the following qualities…
  15. If you do this, you governance chain can now prove compliance for the flow of your assets through the software development and delivery lifecyle…
  16. Andreas
  17. Business often starts with a great idea but is lacking the ability to express the value in measurable goals, followed by a disconnect in execution. Impact on business chain Impact on technology chain
  18. Transform Change Management Manual handoffs from one group to another Email guidance and updates of release process Manually data harvesting for updating on delivery progress Impact on business chain Impact on technology chain
  19. Automation is already progressed a bit but it is still happening in isolation. Roadmap in PowerPoint Planning in Excel Backlog in Jira Build and CI disconnected from Release to production Development separated from Operations Impact on business chain Impact on technology chain
  20. Dev/test/qa complete and then goes to security team for approval All test run but no record kept, so fails to get compliance/audit clearance Impact on business chain Impact on technology chain Impact on governance chain
  21. Dan
  22. Just as the chain of custody for a piece of evidence involved in a legal case proves that that evidence was handled properly, the software chain of custody proves what happened, when it happened, where it happened, and who made it happen.