Toggle Menu

Insights / Digital Service Delivery / Helping IT and Audit Work Better Together: The DevOps Audit Defense Toolkit

July 25, 2014

Helping IT and Audit Work Better Together: The DevOps Audit Defense Toolkit

2 mins read

Many organizations want to adopt DevOps practices to get the benefits associated with it: faster time to market, increased stability and quality, and more time to build stuff that’s valuable to the bottom line. But they often get tripped up by audits and compliance checks to make sure the organization is adequately addressing risk. DevOps practices don’t align well with traditional audit practices. So these organizations are often left asking themselves, “How do I position my organization for an audit when I’m using DevOps practices?” Until recently, there hasn’t been a really good answer.

But that’s changing.

Over the last few months, I’ve had the privilege of working with Gene Kim, James DeLuccia, and Byron Miller (three super smart people who are incredibly knowledgeable about DevOps and audits) on a project to develop the DevOps Audit Defense Toolkit. The vision for the project is to define the authoritative guidance for how management and auditors should conduct audits in organizations where DevOps practices are in use.

The first draft of the toolkit is out and we’ve already received some incredibly useful feedback on it. If you want a good overview, George V. Hulme wrote a terrific article on CSO Online about the project, why we’re doing it, and what we hope to accomplish. You can also join a growing Google+ community for the toolkit – people are posting some great content there.

This is a really exciting project, especially when I think about the impact the toolkit can have on bringing the DevOps and audit communities closer together and make audits less painful and more productive. While we have more work to do on the toolkit, we know it’s possible – something Simon Storm demonstrated in his awesome presentation at the DC Continuous Delivery meetup a couple months ago. Hopefully the DevOps Audit Defense Toolkit can help more organizations realize those same benefits.

You Might Also Like

Artificial Intelligence (AI)

3 Components of Ethical Artificial Intelligence 

The concept of artificial intelligence (AI) has been around since the middle of the 20th century, but...


3 Tips for Shifting Security Left in the Development Process

In modern software development, cybersecurity cannot be an afterthought. Instead, security should be considered as...


The Top Three Technical Capabilities You Need To Build And Maintain More Secure Systems

More and more organizations are tackling the imperative to improve the security of their systems....