Blockchain in DevOps

Implementing transparent continuous delivery

  • Share


To increase business agility, large companies are adopting Bimodal DevOps processes and, almost uniformly, all of them are finding their Segregation of Duties (SoD) policies are one of the key obstacles to faster transformation. Due to blockchains’ intrinsic traits, Bi-modal DevOps processes implemented on a blockchain will inherently enable a transparent SoD compliance, increasing an organization’s delivery efficiency and agility.

Companies implemented their SoD policies more than a decade ago in response to control-driven regulations, including Sarbanes-Oxley (SOX) in the US, the European Union’s 8th Directive, viewed by some as Europe’s SOX equivalent, J-SOX (the Japanese SOX) and Payment Card Industry Data Security Standard (PCI DSS). SoD in IT delivery means implementing roles, permissions and responsibilities so that one person alone cannot introduce a technology change in a production system without auditable control. However, SoD policies were defined for the traditional “waterfall” model of software development, whereby separate environments and teams are established at every stage of the delivery process, each separated from the other by physical and logical controls.

To stay competitive and respond quickly to perpetual industry disruptions, companies have to keep pace with business automation and technology delivery transformations in industry, while continuing to meet the control requirements throughout the development and production lifecycle. This renders the traditional waterfall approach unsustainable.

Adoption of DevOps software development model is driven by the need to increase organization’s agility and accelerate business transformation to quickly respond to ever more frequent disruptions in their industries. Organizations are adopting DevOps to accelerate overall software development lifecycles (SDLC), integrate agile development, continuous change management and rapid deployment. These delivery cycles need to be executed over a shorter period of time — sometimes as quickly as a few hours.

EY - Blockchain in DevOps - Introduction

In DevOps environment, traditional SoD controls become “walls” physically separating teams, which ultimately increases in the number of development, testing, deployment and maintenance resources, slowing down delivery of the final product. To accelerate implementation of DevOps across an enterprise, we need an innovative solution that will efficiently and seamlessly implement SoD controls in an agile environment.

Blockchain natively brings features that can be easily extended to implement existing and new controls compliant to SoD regulatory requirements. In this document, we outline a practical, risk-based approach to managing controls in DevOps environments based on blockchain technology.

DevOps: Accelerating software delivery and IT support processes

EY - Blockchain in DevOps - Accelerating software delivery and IT support processes

What is blockchain?

Blockchain was initially designed as a technology to enable cryptocurrencies, and is built on the principles drawn from cryptography, game theory and peer-to-peer networking. It is a networking technology, similar to world-wide-web (www), that enables a decentralize exchange of data. In a wider sense, blockchain is a distributed database (ledger), which maintains a continuously growing list of timestamped and encrypted transaction records organized in blocks, with each block being linked to a previous block, forming a chain.

EY - Blockchain in DevOps - What is blockchain?

Enterprise DevOps Blockchain Bi-modal DevOps implementation using blockchain

As organizations aggressively adopt DevOps, the question is: can blockchain enable and expedite DevOps implementation in large enterprises?

A blockchain based code repository would offer a decentralized solution with auditablity and immutability. The new intermediary would sequentialize delivery and manage process latencies. A conceptual solution for implementation of the DevOps auditable change control process using a permissioned blockchain is shown in figure 2.

Ey - Blockchain in DevOps - Bi-modal DevOps implementation using blockchain

Blockchain technology is well positioned to implement Bimodal DevOps delivery that meets control requirements in business and technology environments of all sizes. A well-understood, role-driven, documented and automated service delivery process is only a requirement, which, when implemented on a blockchain using smart contracts, will provide immutable traceability of approved delivery activities.

In an environment of rapid software development and deployment, a well-designed, risk-based Bimodal DevOps delivery implemented using EDOB will enable compliance, enhance controls, streamline and redesign key delivery processes. This, in turn will increase an organization’s efficiency and agility.

EY - Blockchain in DevOps: Implementing transparent continuous delivery


Blockchain in DevOps: Implementing transparent continuous delivery
as a printable document
(1.80 MB).