A new framework for reducing DevOps complexity

Risk and security

Problem statement

As cybersecurity threats continue to increase, organizations are facing immense enterprise security challenges. DevOps requires the collaboration of two different teams: development and operations. As these teams traditionally work in silos, unifying their processes can be challenging. And without collaboration and information sharing, organizations can inadvertently create security vulnerabilities that can provide a path for attackers to compromise sensitive data and disrupt critical business operations.

DCP value

Given the current landscape of cybersecurity across organizations today, DevSecOps—which is the next phase of DevOps that integrates security practices into every phase of DevOps—has been identified as a key way to securely move forward with DevOps. With DCP, DevSecOps can be facilitated through automated and configurable controls that allow for adherence to organization security standards and policies at every step in the release process for every application, and business unit, rolled up all the way to the organization level. Additionally, DCP can aggregate several critical security tests, integrating visibility with risk and security elements for every product and feature across the organization.

Compliance

Problem statement

Over the years, organizations have invested heavily in continuous integration/continuous delivery (CI/CD) pipelines to automate their build and deployment processes. However, audit and security requirements tend to complicate these automated processes, eventually resulting in heavy manual intervention to meet critical regulatory and compliance standards. 

DCP value

Deloitte built DCP to address this specific industry challenge, and through thoughtful feedback and solutioning, the compliance process has been automated to improve the software delivery process. The Deloitte DevOps Cloud Platform helps configure compliance rules in the form of workflows allowing for compliance-specific jobs to execute that track the results so every production deployment ensures the application is compliant with the defined standards. 

Observability

Problem statement

To meet ever-growing business demands, IT service providers and enterprises need to aggressively manage business service performance, improve stability, and predict and prevent performance degradation and outages. This requires closely observing metrics and datasets and monitoring service performance vulnerabilities, particularly during upgrades and code launches. System observability plays a critical role for enhanced end-to-end visibility.

Historically, the challenge in implementing observability in IT has been the volume, variety, and velocity of data, combined with having the computational power and domain knowledge needed to analyze and make sense of it in real time. 

DCP value

Deloitte’s observability—powered by Dynatrace—helps companies design, implement, and operate observability through orchestration and automation into their product development, operations, and business processes. DCP provides:

• Observability delivery to enable tracing, logs, and metrics across the entire environment.
• Advanced practices such as monitoring-as-code (monoco) to shift observability left.
• Enhanced site reliability engineering capabilities via automated root-cause analysis and self-healing automation.

The DCP’s observability integration and orchestration, coupled with strategic delivery and AIOps, provides holistic end-to-end business services insights and helps drive autonomous remediation. 

Site reliability engineering

Problem statement

The main goal of site reliability engineering (SRE) is to mitigate operational challenges like production failures, infrastructure issues, and security monitoring. The focus of the SRE team is to maintain the reliability of applications and servers and automate tasks to reduce manual work. Standard expectations for an enterprise SRE require these capabilities:

• Monitoring and alerting: Selecting the right tools for monitoring and configuring the correct metrics to monitor the infrastructure and applications.
• Reliability: Maintaining the reliability of infrastructure and applications is another challenge that the team needs to overcome to meet service level agreement (SLA) expectations. These expectations are largely observed through service level objectives (SLO), service level indicators (SLI), and error budgets.
• Incident management: Detecting incidents and performing root-cause analysis (RCA). Maintaining records of incidents and defining policies and procedures for managing incidents inside the organization, enabling quick resolution without violating SLAs.
• Automating manual tasks: Eliminating time-consuming and repetitive operations. Site reliability engineering uses time more efficiently by automating repetitive manual tasks. It also reduces toil (waste) in the process and automates repetitive operations and releases.
• Debugging and troubleshooting skills: Leveraging site reliability engineers as “detectives” in order to figure out why things don’t work as expected. When working with distributed computing systems, observability functionality to detect, measure, trace, and inspect is a critical capability to troubleshoot in order to resolve and optimize.

DCP value

The DCP has easy-to-read dashboarding and reporting capabilities across distributed computing and data centers that can be easily customized. The platform allows companies to implement critical processes of the software delivery life cycle such as secrets management, sophisticated stage gated workflows for proper CI/CD, enabling DevSecOps, automation pipelines, and repeatable “blueprints” for tool configurations, jobs, and rules.

These workflows include user tasks and approved tasks in the pipelines, which function as automated compliance gatekeepers. The DCP’s configurable stage gates enable guardrails to set specific pass-or-fail conditions on every task. Through these powerful workflows, companies can also rapidly initiate assessments and view the reports in near-real time. With DCP, organizations can increase time to value, reduce major security risks, and help tackle application and infrastructure issues.

Governance 

Problem statement

DevOps teams are often burdened by change management in large organizations due to the quantity of environments and rapidly evolving application architecture, creating friction between DevOps and developers. Gaining access to infrastructure and leveraging infrastructure-as-code platforms can be insufficient in offering the necessary collaboration, governance, and cost controls to run a modern software organization. An infrastructure control plane that supports these needs throughout the life cycle of the application environment, from development to production, is crucial.

DCP value

The Deloitte DevOps Cloud Platform is a DevSecOps maturity enablement platform that can help automatically enforce governance policies by translating business requirements into technical rules. It has automated and accelerated traditional governance processes, enabling organizations to improve and mature their DevSecOps processes, understand where risks and improvements can be made without wasted time and energy, and unlock enormous productivity and business value.

A final word

With cloud adoption growing, and companies seeking higher value from their cloud investments, it’s critical to have a solution to helps organizations combine their cloud environment into a single platform for software delivery, automation, operations, and management. The DCP combines leading DevOps practices into a simplified, aggregated view across a complex ecosystem of tools and teams, enabling product teams to focus on their core mission to build and release software features that produce better business outcomes and value-add to cloud investments.