Organizations are increasingly moving towards DevOps (development and operations), adopting organizational models to facilitate the practice of automated software deployment. Recent studies indicate that a majority of organizations are changing the way they’re doing they’re development operations practices.
We’re all aware that many enterprises still operate in silos when it comes to the various functions, making it incredibly challenging to both implement and keep track of an initiative like DevOps, especially when it requires cross-functional cooperation. So what does this all mean to the IT auditor of today and what do they need to know? According to Robert Stroud, Chief Product Officer at XebiaLabs, it’s time for them to change the way they go about auditing.
“What they need to do is get involved with product teams,” he told Internal Audit Insights during a recent interview shot at the CACS 2018 event in Chicago, Illinois. “[They should be] involved in the establishment of the process, so how you [conduct] your continuous integration, continuous delivery, and continuous deployment pipelines.”
This can result in establishing an automated process that incorporates automation from the second the developer pushes the code to when it’s deployed into production, he adds.
In the full interview below, Stroud highlights what it is that IT audit needs to know about DevOps, why they should care, and offers up ways in which they can approach DevOps in a constructive manner that ultimately reduces risk in the organization.