Can DevOps take the pain out of IT compliance audits?
October 12, 2017 | By Kurt Crowley
Compliance. The word can give even the most stable IT director an instant headache. You’re being asked to develop new products and services that blow minds, make everyone’s life easier, beat your competitors to market—and comply with the regulations your auditors look for.
Whatever you develop, provision or change, it has to pass that audit. And when the auditors visit, it can go one of two ways.
In a manually controlled process, staff members work to gather the documentation and data they think the auditors will want. This often requires accessing a variety of systems and creating information in multiple formats. Then, when the auditors ask questions that aren’t covered in the data provided, staff have to go back through those systems and get what is needed. The audit itself may take a day or more, and by then staff have already spent many, MANY hours gathering and processing the information.
But in an automated environment, your information gathering and processing needs are reduced dramatically. Your team can search information from a central location and answer questions for auditors faster and more easily. In these environments, audits can be over in as little as an hour or two.
In these environments, audits can be over in as little as an hour or two.
Of course, audits are only one of the issues that can be made easier by automating DevOps. By removing manual tracking and reporting, and moving systems to the cloud using automation, you can ensure that processes are efficient, data is tracked, and reporting is easy.
5 ways automation improves performance and compliance
Respond to needs faster
Markets demand faster delivery of products and services, and keeping up with those demands while still maintaining regulatory compliance can challenge any IT organization.
When you automate your workflows, you can move through the development and provisioning process and keep better records without requiring the team to stop and document everything they do. (I know, your apps team will really miss the documenting). Additionally, you prevent staff duplicating work because every team member can see at a glance what has been completed and what needs to be done.
Provide better safeguards
Occasionally, people make mistakes as they move through a process. For example, someone completes a task and forgets to note it in the tracking system or documents. Then, either another staff member does the same task, or the product gets moved through to the next step without the proper documentation that the previous task has been completed. Both of these issues can waste time and effort unnecessarily—as well as raise red flags during an audit. Automation prevents those wasted hours and ensures that your auditors know you’re following proper procedures.
Increase overall security
Automation creates records of who developed or deployed the system and what processes were completed. This can help pinpoint risks and track potential issues in a much more efficient manner than manual tracking systems.
You can also automate your “four eyes” review—the requirement that multiple user roles sign off on a change before it can move forward—ensuring and tracking review every step of the way.
React and solve problems more quickly
When you commit to automation, it may be easier to find the process or update that caused a problem and resolve it, either by rolling back to a previous version or rebuilding the offending process. This can save valuable staff time spent looking for the source of a problem—and reduce mean time to recovery.
Cut costs and waste
Adding automation into all stages of the development and provisioning process helps errors come to light throughout (and early) in the lifecycle rather than at the end, when it can cost you a lot of time and money to tear every component apart and rebuild the entire product. Your staff can test processes, implementation and security as they create each new element, rather than having to go through each step and find the offending code or process after everything has been completed.
Automation can seem less secure and less compliant than manual processes, but the truth is that each manual process introduces the possibility of human error. When you automate your systems, you risk that error only once, when the process is created. When it’s manual, you risk an error each time the process is run.
Ready to explore how DevOps helps drive business outcomes? TEKsystems Global Services can relieve the burden of context work like regulatory compliance while you focus on your core business. With world-class expertise up and down the stack, coupled with experience in highly regulated environments, we provide an end-to-end approach to building and maintaining secure, compliant computing environments. Contact us to talk to an expert about your DevOps goals and opportunities.
Kurt Crowley is a principal practice architect within TEKsystem’s cloud and DevOps offering. With over 20 years of experience in technology lifecycle management, infrastructure operations and software architecture, Kurt has held leadership and consulting positions for startups and large corporations, including Microsoft and Global Payments. Kurt lives in Louisville, Kentucky, and leads the Derby DevOps community there.