There once was a time in software development where developers could design, build and then think about their software's security. However in today's highly connected, API-driven application environment, this approach is simply too risky as it exposes the software to vulnerabilities ...
If you're thinking about implementing Application Release Automation (ARA), here are some tips to get started:
■ Pick one software project and map out all the steps in the release process, from design through production.
■ Take an inventory of the DevOps tools use at each step of the above process.
■ Choose an ARA tool. When researching, look at multiple reference sources, from vendor information, to articles, to analyst reports. Gartner and Forrester both issued 2016 reports that introduce ARA and evaluate key vendors in the space.
■ Look for an ARA solution that, at a minimum, integrates and orchestrates all your existing tools. if you have to manually connect every tool in the pipeline, you won't be able to scale.
■ Besides implementing a good CI solution to automate your application builds, pick some areas in your release process to automate right away. For example, if you have to update your ticketing system to denote that an application has been deployed to a staging environment, integrate your ARA tool to automatically update the ticket with the appropriate deployment information.
■ Train everyone involved in the release process (including non-technical people) on how to use the ARA tool, so each person understands how they can do their job in the release process.
■ Optimizing your release process is like paying back a lot of credit cards: find your biggest bottlenecks and remove them first.
■ Determine some key KPIs by which to measure success, such as time to delivery, deployment frequency, change volume, success rate and mean time to recovery.
Only after a single team gets its first ARA project off the ground and running in production, should you start rolling out the new process and the ARA solution to other teams. To encourage widespread adoption, it's important to show others in the organization that the team was able to achieve its core success metrics.
Derek Langone is CEO of XebiaLabs.