DevOps Traceability Using Blockchain

Owned by Jeyanthi (Unlicensed)
Last updated: Jun 04, 2019 by Rajkumar (Unlicensed)

In order to remain competitive in today dynamic marketplace, enterprises are adopting DevOps practices to run IT at the speed that businesses demand. The adoption of DevOps practices has been relatively high and mature in certain industries like Internet, Retail, Media, and Technology while it has been sporadic and low for regulated industries like Life Sciences, Healthcare and Financial Services. The following are some of the challenges in implementing DevOps in regulated environments (SOX, HIPPA, PCI DSS) are the following. 

  1. Control driven regulations preventing one person alone to introduce a change in to a production system
  2. A detailed audit trial of all the events associated with all the phases of software delivery
  3. Regulator specific processes compliance that governs the safe, transparent and secure way of holding the system of records

Enterprises in the regulated industries often see compliance as the highest priority and mandate, often pushing application delivery automation and DevOps practices a side. An Enterprise DevOps solution that can both accelerate application delivery as well as comply to the regulatory requirements, where the risk-based controls and processes are clearly enforced and recorded in audit trial would benefit the organizations in Life Sciences, Healthcare and Financial sectors.

How OneDevOps Insights can help?

Traceability for Audit Reporting is a feature that helps projects in regulated domains to record the application delivery data (DevOps/SDLC data) as audit trial in a tamper proof and secure way so that it can used for audits. All information from a user story to commit to a deployment are automatically stored inside blockchain (bundled with OneDevOps Insights) so that these can be presented to auditors as a proof for compliance. Insights uses a private permissioned blockchain network - Hyperledger Fabric to archive the system of records in an immutable way.

Insights also offers a user interface for viewing the system of records (ie a specific pipeline item like story, commit, build or the complete pipeline). It offers an end-to-end traceability view for each of the record providing the following capabilities.

  • Segregation of duties: Clear view of the personas who made changes. For instance, implementation of role-based access control across SDLC and ITSM to prevent one person from making changes to systems in production.
  • Traceability: Ability to look at the trace events associated with a software asset that happened for any particular change request or change of state.
  • Chain of custody: Ability to look at detailed drilldown information on each of the state or phase of the software asset shown inside traceability that addresses the question – what, when and how.



Back to Top

©2021 Cognizant, all rights reserved. US Patent 10,410,152