Implementing DevOps Practices in Highly Regulated Environments
April 2018 • White Paper
Jose A. Morales, Hasan Yasar, Aaron Volkmann
In this paper, the authors layout the process with insights on performing a DevOps assessment in a highly regulated environment.
Software Engineering Institute
In this paper, we discuss implementing DevOps practices in highly regulated environments (HREs). DevOps has become a standard option for entities seeking to streamline and increase participation by all stakeholders in their Software Development Lifecycle (SDLC). For a large portion of industry, academia, and government, applying DevOps is a straight forward process. There is, however, a subset of entities in these three sectors where applying DevOps can be very challenging. These are entities mandated by policies to conduct all or a portion of their SDLC activities in HREs. Often, the reason for an HRE is general security and protection of intellectual property. Even if an entity is functioning in a highly regulated environment, its SDLC can still benefit from implementing DevOps as long as the implementation conforms to all imposed policies.
This paper was given at the 2018 International Workshop on Secure Software Engineering in DevOps and Agile Development (SecSE 2018).