Modern delivery builds on the agile principle of “shift left,” which moves the quality focus from the end of the development process to the beginning - as a way to reduce defects, cost and rework while increasing customer satisfaction.
Accordingly, in modern delivery, business functions that have traditionally been siloed will instead be integrated into collaborative, full-stack product teams that can apply their domain expertise to the development and iteration of technology. These teams will include functions that are sometimes relegated to the end of the process, such as security, risk, compliance, customer care and IT operations.
Meanwhile, for efficiency and auditability, organizations will automate as many review and transactional tasks as possible, while creating a DevOps process and toolchain that are traceable through and through. Many companies have already started down this path, but most are missing the opportunity to also improve the complex, collaboration-based activities that cannot be automated. The reorganization of these activities is critical to the success of modern delivery and the connected enterprise.
Therefore, in identifying tasks for automation, successful companies will also take a step back, examine the bottlenecks in how work is performed, and consider ways to break down silos in the organizational structure. For example, is there an opportunity for the product engineering group to partner with security and risk teams to implement “controls as code” or “compliance as code” as a fundamental development and organizational asset? This kind of change can improve speed and safety throughout the entire value chain.
Shifting left can ultimately help organizations make skillful decisions before development. For instance, one regulated company used continuous integration and continuous deployment (CI/CD), along with infrastructure as code (IaC), to automate a SOX-based application. But would this automation comply with SOX requirements? Because the company had shifted its internal audit capabilities leftward in the DevOps design continuum, the audit team served as a compliance advisor, helping teams make controls-and-design decisions before development began.
The excerpt was taken from the KPMG publication entitled Preparing for modern delivery: The need for collaboration and integration in the future of IT.