5 minute read 3 Oct. 2017
hacking computer network

How blockchain helps accelerate DevOps adoption

By Abhishek Sinha

EY Canada Partner, Technology Consulting, FSO Advisory

Senior leader focused on the transformative impact of technology on various industries. Dreamer. Futurist. Dad.

5 minute read 3 Oct. 2017

Old software development models aren’t sustainable in today’s quickly-changing world. Blending DevOps processes and blockchain can help.

Staying competitive today means continuously keeping pace with business automation and technology delivery transformations. Layer in the need to constantly evolve while responding quickly to perpetual industry disruptions — plus meeting control requirements across the development and production lifecycle — can feel like an uphill battle. 

A pilot is a solid first step to getting blockchain right. Taking an iterative approach means you can control the scope, impact and risks every step of the way.
Abhishek Sinha
EY Canada Partner, Technology Consulting, FSO Advisory

The reality is: the traditional “waterfall” model of software development just isn’t sustainable anymore. Many large companies are instead adopting bimodal DevOps processes. They’re doing so to accelerate overall software development lifecycles while integrating agile development, continuous change management, and rapid deployment. The unique combination of software development (dev) and operations (ops) that DevOps represents has massive potential across these applications. But it also unleashes a wave of new challenges. Chief among them? Segregation of Duties (SoD) policies are becoming a key obstacle to faster transformation.

At EY, we see powerful new ways for blockchain to help. Bimodal combinations of DevOps processes implemented on a blockchain will inherently enable transparent SoD compliance, increasing delivery efficiency and agility at the same time.

Initially designed as a technology to enable cryptocurrencies, blockchain is built on principles drawn from cryptography, game theory and peer-to-peer networking. The very nature of blockchain means it natively brings the kinds of features that can be easily extended to implement existing and new controls compliant to SoD regulatory requirements. That can be a game-changer for organizations looking to harness the power of process automation to increase delivery speed, reduce costs, and continue meeting control requirements.

How do you begin to bridge the two?

Organizations adopting DevOps and considering implementing an Enterprise DevOps Blockchain (EDOB) solution should start with a definition of a trust model for their organization. That’s because transformation of existing capabilities — or adoption of new ones — requires you to identify the internal areas that are trusted versus those that aren’t.

Blockchain-based solutions should always start from those that are less trusted. Implemented for technology delivery processes, it means analysis, development, testing, and deployment are less‑trusted areas. Those that are trusted can execute controlling functions in permissioned networks. Management, change management and audit functions are oversight and control areas with higher trust.

From there, starting with a pilot is a solid first step. Taking an iterative approach to DevOps adoption means you can control the scope, impact and risks on the organization every step of the way.

What should you keep in mind as you roll out the pilot?

Each iteration should execute six core steps to accelerate adoption of the model and, ultimately, ensure successful implementation of an EDOB solution:

  1. Define the scope. This step sets out an understanding of the enterprise delivery roles and respective activities. It also defines a sustainable stage of bi-modal DevOps processes once the iteration is complete.
  2. Design a map. You need an outline for each activity in the delivery process that must generate an EDOB transaction. That’s how you identify its associated roles and access rights.
  3. Implement with rules in mind. Implementing by incorporating additional rules into new or existing smart contracts in EDOB and adding nodes to include any additional bimodal DevOps delivery participants is important.
  4. Test, test, test. Testing draws on data from previous steps to produce an analysis of conflicts between the established roles and activities, and existing SoD policies. The results should highlight conflicts with SoD policies by user, role, group or activity. This analysis serves as the compliance testing package disclosed to management, audit parties and regulators.
  5. Mitigation to set limits. Thinking through the potential impact of SoD conflict violations is key. This step can be completed concurrently with remediation or, it can be performed last, when conflicts have been reduced to their minimum.
  6. Remediate before you iterate again. You should be remediating with the goal of permanent correction of SoD conflicts, including role redesign, role clean-up, user appropriateness review, or SoD policy updates according to control requirements. There’s no prescribed leading practice or method for remediation of conflicts. Remediation activities generally fall into two categories: tactical clean-up of the user population, and strategic role redesign. The tactical component represents the items that can be addressed quickly. Role development typically involves a full complement of organizational changes in people, processes and technology.

Moving forward to unleash blockchain’s potential

In an environment of rapid software development and deployment, a well-designed, risk-based Bimodal DevOps delivery rolled out using EDOB will enable compliance, enhance controls, streamline and redesign key delivery processes. This can increase an organization’s efficiency and agility in powerful ways.

SoD policies remain an integral part of an organization’s internal controls. They’ve been designed in response to controls and regulatory requirements geared to prevent fraud and material misstatements. These regulations mandate that controls be put in place to ensure that no individual has excessive rights to execute transactions across an entire business process without trusted checks and balances.

Many organizations struggle with their legacy SoD. On the one hand, control requirements must be adhered to. On the other hand, there’s a pressing need to be more agile, responsive and faster to market. On top of this, the complexity of delivering a change across numerous enterprise systems leaves many organizations struggling to implement basic internal controls.

Organizations today need to strike the right balance between investing the appropriate level of effort and emphasis on compliance within their current SOD policies, and striving for simplicity and precision in the execution of their controls. Blindly following internal directives defined more than a decade ago can be a costly mistake that hinders the benefits of DevOps in large organizations, especially those with multiple service lines.

Blockchain technology is well positioned to implement bimodal DevOps delivery that meets control requirements in business and technology environments of all sizes. A well-understood, role-driven, documented and automated service delivery process is only a requirement, which, when implemented on a blockchain using smart contracts, will provide immutable traceability of approved delivery activities.


The need for speed continues to influence the market, positioning blockchain technology as a strong way to implement Bimodal DevOps delivery, meeting control requirements in business and technology environments of all sizes. Diving deep to understand the potential could uncover real benefits for your organization.

About this article

By Abhishek Sinha

EY Canada Partner, Technology Consulting, FSO Advisory

Senior leader focused on the transformative impact of technology on various industries. Dreamer. Futurist. Dad.