You're reading from Enterprise DevOps for Architects Leverage AIOps and DevSecOps for secure digital transformation

Product type Paperback

Published in Nov 2021

Publisher Packt

ISBN-13 9781801812153

Length 288 pages

Edition 1st Edition

Languages

Python

Tools

Ansible

Concepts

DevOps

Authors (2):

Jeroen Mulder

View More author details

Table of Contents (21) Chapters

Preface

1. Section 1: Architecting DevOps for Enterprises

2. Chapter 1: Defining the Reference Architecture for Enterprise DevOps FREE CHAPTER

3. Chapter 2: Managing DevOps from Architecture

4. Chapter 3: Architecting for DevOps Quality

5. Chapter 4: Scaling DevOps

6. Chapter 5: Architecting Next-Level DevOps with SRE

7. Section 2: Creating the Shift Left with AIOps

8. Chapter 6: Defining Operations in Architecture

9. Chapter 7: Understanding the Impact of AI on DevOps

10. Chapter 8: Architecting AIOps

11. Chapter 9: Integrating AIOps in DevOps

12. Chapter 10: Making the Final Step to NoOps

13. Section 3: Bridging Security with DevSecOps

14. Chapter 11: Understanding Security in DevOps

15. Chapter 12: Architecting for DevSecOps

16. Chapter 13: Working with DevSecOps Using Industry Security Frameworks

17. Chapter 14: Integrating DevSecOps with DevOps

18. Chapter 15: Implementing Zero Trust Architecture

19. Assessments

20. Other Books You May Enjoy

Defining governance in DevSecOps

So far, we have drafted a DevSecOps architecture, identified processes, and then aligned these with the business goals of the enterprise. The next step is to manage all this, and that's the subject of governance. DevSecOps is not just a PowerPoint presentation and a Visio diagram showing the CI/CD pipelines. An enterprise needs skilled staff to work with it and a governance model that describes the secured digital operating model. In this section, we will discuss this by using the IT4IT framework by The Open Group as a best practice.

In Chapter 6, Defining Operations in Architecture, we introduced value streams for products and described how IT creates value. The model can be seen in the following diagram:

Figure 14.1 – IT4IT value streams

In IT4IT, Governance, Risk, and Compliance (GRC) is a supporting activity for the four value streams. This means that GRC is fully embedded in every value stream. What does...