Business units today demand the ability to rapidly release new software features. To simplify release lifecycles, line of business groups have adopted open-source tools for build, configuration, deployment, and release automation. This has created a situation where it is easy to deploy applications to various cloud locations, while the corporate IT team is struggling to stay on top of SLAs, security, and compliance. Bottom-up adoption of open-source container technologies, as well as of DevOps automation tools, has led to individual groups utilizing systems and application configurations that deviate from corporate requirements. Often, this problem is compounded by the lack of a responsive patch process, which by itself can lead to a myriad of security vulnerabilities. Today, enterprise IT is faced with the challenge of restoring governance of numerous dynamic DevOps environments that are characterized through a number of risk and cost factors that all need to be addressed.
Recent ENTERPRISE MANAGEMENT ASSOCIATES® (EMA) research identified “security and compliance” as today’s most important container and DevOps-related pain point. In this paper EMA analyst Torsten Volk talks about four key requirements for risk free and compliant DevOps.