Problem solve Get help with specific problems with your technologies, process and projects.

How to protect digital assets while executing code changes

In response to swift industry changes, ALM expert Kevin Parker calls for strict version control of all code to protect digital assets.

As a veteran project and application lifecycle manager, I'm seeing a big ramp-up in the amount of regulatory- and business-demanded changes to production applications. So, version control is more important than ever. What advice do you have that can help our organization track and execute revisions and code changes to production apps?

Change isn't new. The rate of change isn't new either. What is new is the time we have to effect that change. Every one of us in application lifecycle management, and in IT, we're all committed to doing the very best we can for our organization and our digital assets with the resources we have available, within the budget allocated, with the quality demanded, and in the time expected.

But when the cadence of change increases and the expectation shifts from months to days, some things reduce in priority and others disappear altogether. We might have great controls and policies in place for project initiation, funding and management, but when the business side makes urgent requests, we leap to get them solutions. We regulate, monitor and report on IT activities, but when a threat looms and the organization pivots, we get the job done and worry about the consequences later. It is the nature of business; it is the nature of IT.

The only way we can preserve the integrity of processes, procedures, practices and policies is to ensure that they are encapsulated within automation. Whether it is a tactical step in the lifecycle, such as moving code from dev to test, or a strategic measurement of departmental effectiveness, such as a key performance indicator (KPI) or a service level agreement (SLA), these activities should be automated byproducts of the actions we take to run our business.

All code, with no exceptions, must be version-controlled. The only way code should be able to be changed is through the version control or, preferably, through software change and the configuration management system. The only way code can make it to test or production should be through release automation software. Each time these tools act on our behalf, they build an audit trail and provide us with the ability to recover from errors  that are accidental or malicious. All access rights to test and production environments should be given exclusively to these kinds of tools.

Not only is the result fully traceable but it is also much less error-prone. Access is controlled and no unexpected changes can occur. It takes commitment from the organization to do this and teams hate giving up their access rights. But let's face it: Do we let accountants move cash around our business without automation and controls? Of course not. Digital assets are just as business-critical and executable as other assets.

In short, get the automated infrastructure in place now, and you'll be ready for the next quantum change in the pace of IT.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.