DevOps is a software development methodology that combines software development (DEV) with its operation (PROD). The ultimate goal of a DevOps strategy is to shorten the system development lifecycle while delivering features, bug fixes and updates, close to production and thus in close alignment with business goals and operational dynamic requirements. DevOps is the new quasi-standard, but it also brings a lot of risk.
Overcoming IT silos without compromising data security
In the current and still widespread silo configuration, each team member, in his or her field of activity, is responsible for his or her silo and is characterised by silo-related special behaviour.
Ergo: Developers and admins do not speak the same language. Different tasks are prioritised differently and often different work cultures and ways of working clash.
Securely design technical DevOps strategies
In the devops world, everyone has the same skills and the same access. The DevOps strategy will primarily not change the silos, but only the process behaviour. This leads to the loss of the "segregation of duty" called for in many process descriptions. Who is now responsible? Who has made changes in production or who is responsible for ensuring that test data has been properly and verifiably pseudonymised?
Ergo: Developers and admins are now talking more with each other. They are a team and ideally understand which requirements should be taken into account beyond their own. But the dilemma remains that although they work together, they rarely document together.
DevOps advantages YES - uncontrolled information flow NO
Through the use of VISULOX in front of the silos, every access including user interaction is documented in a screen record. This enables those responsible and interested third parties (management, auditors, etc.) to obtain clear proof of which activities were carried out by whom. Without restricting them or interfering with the operational process.
Non-critical business accesses can be handled as usual, critical accesses can additionally be recorded and personalised.
Business-critical accesses can be assumed with VISULOX, a technically unique and seamlessly implemented 4-eyes principle.
Business-critical transaction of data, such as the transport of test data, can be controlled by predefined parameters.
Who did what, when and how?
A central solution for control and documentation for DevOps
VISULOX Privileged Access Management is the central access component between the user and his tasks. It can be used to document who has access to which application and when, and who authorised it and when. Via VISULOX Privileged Access Management the presentation of an application also takes place and is also documented. This gives you control and an overview of all activities in the system. And all this without changes to the client or server, during operation.
VISULOX has been developed by amitego in Germany since 2003 and is used worldwide by small to medium-sized companies, including DAX30 companies, across all sectors.