New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Contributing to the FINOS DevOps Mutualization Project #44
Comments
The following question was raised over email to be raised in the agenda of the first project meeting ...
|
Some thoughts I had on areas we can collaborate:
|
Some thoughts I had are the following: Tooling: Open-Source & commercial: Why not also cover guidance and advisory non-open source tooling/frameworks? Quite often commercial ALM platforms are in place, alongside commercial core app platforms, and connecting them to work in a DevOps way is not always well understood. Examples include Jira, Azure DevOps or Xebialabs on one hand (CI/CD orch tooling) and for instance Murex, Calypso, FIS or Finastra (financial technical solutions/platforms). People & Process: I would like to make sure the People and Process side of DevOps are not overlooked and equally represented. In my experience tooling is not the main aspect of DevOps, however cultural behavioural change and (people) capability in the broader process context definitely is. ‘a fool with a tool is still a fool’ kind of philosophy. “DevOps is not just a technology imperative but also an organizational imperative”. Reporting: I would like to also make sure there is a good focus on robust analytics and reporting as main feedback loop mechanism and basis for evidence based decision making. This drives not only higher levels of experimentation and pivoting where needed, but also continuously enhances the above mentioned topics of People and Process and making sure the right DevOps engineering techniques yield the right benefits (and having empirical evidence they do/or do not make things better/aligned with DevOps way of working). Advisory/Selling: I have always found it very hard to “convince” certain organisations on the benefits and the art of the possible of DevOps way of working, especially in finance organisations. The difficulty is multi-facetted – incumbents’ “not invented here syndrome”, “we like the way things are now” and fear of job loss/”where do I fit in all this” are rife. So a focus on creating advisory/guidance on this “convincing” would be great, targeted at high-mid management. Partnering with industry leaders: is anyone looking at partnership with industry leading organisations – for example Scrum.org or DevOps institute? This will aid adoption but also allow to tap into the communities of experts that is behind these organisations to drive/build the initiative. |
Agility vs Control
Consistency vs Portability |
Thank you @DovOps, @kdeman and @natishalom for your response to the DevOps Mutualization ideas and feedback. Are you happy if I share the screen and ask you to represent your own feedback on Thursday's call? James. |
@citistefanos and @grovesy - Thanks for joining the first DevOps Mutualization project meeting yesterday. It was great having your experience and opinions on the call. Thank you 👏👏 💯💯💯 |
All - Thank you for attending the first FINOS DevOps Mutualization formation meeting last Thursday. It was great having so many FINOS members on the call inputting into such an exciting project. Please find a list of the attendees below as I complete the meeting minutes and add them to the issue. Also, please let me know your GitHub ID in the comments if it's missing from the list. DevOps Mutualization Formation Meeting AttendeesDate and Time : Thursday 18th June @ 1pm ET / 6pm BST
|
Thanks for letting me attend the call. We will also have senior technical leaders on future calls. I wanted to follow up on something David Gould mentioned late in the session about not being able to deliver a secure pipeline/release process from multiple vendors. What did you mean by that and what prevents you from doing that? |
Please find below meeting minutes from the DevOps Mutualization Formation Meeting that took place on Thursday 18th June @ 1pm ET / 6pm BST. DevOps Mutualization Formation Meeting MinutesDate and Time : Thursday 18th June @ 1pm ET / 6pm BST
The suggested next actions include ...
Please feel free to comment below ... |
@tcraigjohnson I was just making the observation that a lot of the popular CI/CD build chain tools on the market have not been designed with compliance at the forefront of their minds, but rather the expedient delivery of code. Trying to retrospectively make these tools operate in a compliant manner is difficult. An issue exacerbated when you put these tools into a loosely coupled tool chain. An example; we've been looking at digitally fingerprinting artifacts with something like grapheas so we can prove the code that's being deployed into production (or has been deployed) is what was intended by the developer and hasn't been tampered with (traceability). We've found it very difficult to make this fingerprinting work across multiple tools in the tool chain without "gaps" where it could be compromised. This leads me to wonder if the answer is now a single tool, from a single vendor for the whole CI/CD pipeline e.g. GitHub Actions, GitLab, etc. where compliance is built in by design, or at least easier to fit retrospectively. |
@mcleo-d @mindthegab I'm excited to provide any assistance I can IRT DevOps inside the Finance Industry. Armory is currently having some very interesting conversations with some large banks around Policy Driven Deployments. This allows operations teams to create self-service capabilities for their AppDev teams in non-production environments while creating the safety needed for teams to deploy to production once a change review has been completed in an automated fashion. Our focus has been to spend time with companies around the people and process of DevOps to allow for collaboration and transparency rather than the technical bits of building out pipelines or automating tickets. |
Issue closed as next meeting occurred here 👉 #52 |
On last week's call, I believe it was Stefanos was talking about the burden of Change Management. They have an astounding number of manual approvals in their process that sound like they are little more than someone ticking a box because Change Management requires it. In a segment that has to move fast, that's a lot of administrative burden. Here's my questions for the forum: How do you change Change Management? What evidence and automation would the CMB need to actually improve and streamline the process? Are you changing people to change the process or do you show how to change the process to change the people? |
@tcraigjohnson - I have pasted your question under the minutes of our last call here ... #52 (comment) |
Excellent. Thanks.
…On Wed, Aug 5, 2020 at 11:01 AM James McLeod ***@***.***> wrote:
@tcraigjohnson <https://github.com/tcraigjohnson> - I have pasted your
question under the minutes of our last call here ... #52 (comment)
<#52 (comment)>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#44 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AOYFLFKDI7I3I7SAJJUDQSLR7GNAVANCNFSM4NN7PZWA>
.
|
I am collecting examples of audit requests/demands from various regulatory agencies that the group has to deal with. For example, here is a summary of a Targeted Examination letter from FINRA. Can the group provide links to other examples they regularly encounter? |
Description
DevOps Mutualization aims to solve common engineering problems by providing a continuous compliance and assurance approach to DevOps and we’re asking for your input and contribution prior to initiating the project.
Within this GitHub Issue provide your thoughts and ideas that align with ...
We look forward to your ideas, feedback and contribution.
The FINOS Team.
The text was updated successfully, but these errors were encountered: