Change isn’t new. The rate of change isn’t new either. What is new is the time we have to effect that change. Every one of us in IT is committed to doing the very best we can for our organization with the resources available, within the budget allocated, with the quality demanded, in the time expected.
But when the cadence of change increases and the expectation shifts from months to days some things reduce in priority and others disappear altogether. We might have great controls and policies in place for project initiation, funding and management but when the business screams we leap to get them a solution. We regulate, monitor and report on IT activities but when a threat looms and the organizations pivots we get the job done and worry about the consequences later. It is the nature of business; it is the nature of IT.
The only way we can preserve the integrity of the processes, procedures, practices and policies is to ensure that they are encapsulated within automation. Whether it is a tactical step in the lifecycle, such as moving code from dev to test, or a strategic measurement of departmental effectiveness, such as a KPI or SLA, these activities should be automated byproducts of the actions we take to run our business.
All code, with no exceptions, must be version controlled. The only way code should be able to be changed should be through the version control (or software change and configuration management preferably) system. The only way code can make it to test or production should be through the release automation software. Each time these tools act on our behalf they build an audit trail and provide us with the ability to recover from errors (accidental or malicious). All access rights to test and production environments should be given exclusively to these kinds of tools.
Not only is the result fully traceable but it is much less error prone. Access is controlled and no “unexpected” changes can occur. It takes commitment from the organization to do this and teams hate giving up their access rights. But, let’s face it, do we let accountants move cash around our business without automation and controls? Of course not. Digital assets are just a business-critical and executable digital asset even more so.
In short get the automated infrastructure in place now and you’ll be ready for the next quantum change in the pace of IT.