February 15, 2016 | Written by: Claudia Ring
Share this post:
The pressure to deliver innovative apps to the market faster than the competition keeps many development executives up at night. While they’re often aware of deployment automation, unfounded worries about using it give them pause. That’s why when we wrote Application Release and Deployment For Dummies. We concluded the book by debunking ten common myths about deployment automation.
One myth — Automation Reduces Quality and Control — frequently comes up when we talk to customers looking to adopt DevOps solutions, particularly in regulated industries. An aspect of this myth that deserves a deeper dive is audits.
Many are concerned that sharing automation capabilities across development and operations will compromise Separation of Duties governance imposed by regulatory structures such as Sarbanes Oxley, PCI, or SAS70, etc. The good news is that not only does deployment automation not compromise these policies, it can support and enforce them while helping the organization move fast.
At a recent DevOps network event, a client explained how they justified a rapid rollout of automation because of the cost savings in responding to audits. Deployment automation tools including role- based security, approval gates and deployment logging, help facilitate audit responses.
Role-based security actually allows users to designate who can deploy what (specific components or applications) and to where (environments), and who cannot. This is very effective when used with a release management tool and a solid release process. When a release manager has a hand in designing the release process, working with development and operations team members to designate roles and technical stakeholders agree who can deploy what to where, this ensures compliance with regulations around separation of duties.
You can to more to ensure quality management with role-based security and approval/quality gates. Quality gates and approvals are enforced when applications or their components can only be deployed to the next phase in the delivery pipeline when they meet pre-determined criteria, which you and your organization specify.
An ARA (application release automation) tool can allow you to decide whether or not an actual human needs to approve each step. This negates the idea that automation automatically promotes applications and components through environments without any human interaction or quality checks.
Learn more about the Truth of Application and Development and the other 9 myths or download a copy of Application Release and Deployment For Dummies.
Claudia Ring is the co-author of Application Release and Deploy for Dummies.