The COBIT® framework has been created and promoted over the years to help with the understanding, planning, and implementation of Enterprise Governance of Information and Technology (EGIT). The latest version of COBIT framework is COBIT® 2019. It is intended to provide greater adaptability for organizations while customizing an IT GRC procedure.
However, did you know that the COBIT® 2019 framework can also be used for DevOps?
Also check out our IT GRC training and certifications program such as COBIT® 2019 Foundation, COBIT® 2019 Design and Implementation, CGEIT®, and many more. We are ready to deliver end-to-end IT GRC solutions that could improve your organizational performance
A Quick Glimpse of COBIT® 2019 and DevOps
COBIT® 2019 is a comprehensive framework that integrates IT governance into organizational governance. The main purpose of COBIT® 2019 is to balance the benefits and risks of IT while putting the significances of all stakeholders into consideration. Interestingly, it’s also flexible and can be used for DevOps. COBIT® 2019 allows organizations to add new focus areas or modify the existing ones.
According to IBM, DevOps outlines a software development process and an organizational culture shift that speeds the delivery of higher quality software by automating and integrating the efforts of development and IT operations teams – two groups that traditionally practiced separately from each other, or in silos. DevOps calls for specific guidance, making it a focus area. The fundamental COBIT® model's generic governance and management goals are included in DevOps, along with a variety of organizational structures and activities relating to development, operations, and monitoring.
COBIT® Focus Area: DevOps Using COBIT® 2019
It’s not easy to ensure that the organization's governance system is in line with DevOps. Though digital transformation is crucial, aligning DevOps and governance structure can be a problem. However, COBIT® can be a solution for this matter. In its latest update in the COBIT® 2019, COBIT® 2019 Focus Area: DevOps offers guidance for the governance and management of DevOps.
The COBIT® 2019-based guidance provides knowledge of a governance and management framework used to improve governance and management procedures to implement DevOps. It also explains how DevOps relates to and aligns with organizational goals, the ambiguity surrounding the risk connected to DevOps practices, the requirements for investments in DevOps, and more. It presents the concepts and recommendations to ensure that the advantages of DevOps are realized while potential risk is reduced.
The key aspects relevant to DevOps in the COBIT® 2019 Focus Area: DevOps include:
- DevOps stakeholder interests
- Key aspects of DevOps
- DevOps continuous activities
- Governance and management objectives
- Organizational structures
- Principles, policies and procedures
- Tool types
As organizations are embracing DevOps principles at different stages, IT Auditors and DevOps engineers need to equip themselves with the knowledge and abilities to audit DevOps processes successfully and in a secure and efficient manner, they should consider utilizing the COBIT® 2019 guidance for DevOps. Why? Because DevOps Focus Area benefits include:
- Establishing alignment of DevOps with enterprise goals and strategic objectives
- Integrating DevOps with the enterprise architecture
- Understanding of governance and management systems applicable to DevOps
- Providing a consistent governance and management framework and system related to DevOps
The guidance also identifies key issues such as:
- The need to understand the relationship and alignment of DevOps with enterprise goals and strategic objectives
- Insufficient assurance being provided on DevOps
- Insufficient clarity in DevOps roles and responsibilities
- Insufficient understanding of DevOps processes and practices
- The potential technical complexity of DevOps practices
- A perceived lack of internal control in DevOps
- The specific management oversight required due to the dynamic, continuous and automated nature of DevOps
- Resistance to the mindset and cultural changes required for DevOps
- Insufficiently defined DevOps management systems for stakeholders and assurance providers
In conclusion, the DevOps team's ability to locate the resources they need to contribute will be reinforced by IT GRC. Thus, implementing COBIT® 2019 can be very beneficial for the organization’s DevOps team. Join our IT GRC class to learn more!
Reference:
IBM. What is DevOps? | IBM. (n.d.). https://www.ibm.com/topics/devops
Salman, S. (2022). Maximizing the Benefits of DevOps Using COBIT. ISACA. https://www.isaca.org/resources/news-and-trends/industry-news/2022/maximizing-the-benefits-of-devops-using-cobit
