Managing Compliance with Continuous Delivery
Apr 5, 2022 by Daniel Gonzalez
This article explores how continuous delivery helps organizations maintain compliance and discusses how Armory helps with features such as rollbacks and progressive deployments to tighten control over your solution infrastructure. It shows how to improve code deployments, ensure compliance, and maintain a healthy and active innovation ecosystem between your developers and operations team.
Developers and DevOps teams are often stuck with highly manual, error-prone, and resource-intensive processes that do not always meet the requirements of various laws and regulations. Every industry has its own set of regulations and compliance rules. For example, the finance industry has extensive regulatory agencies and regulations, such as:
- The Federal Risk and Authorization Management Program (FedRAMP), which applies to companies in the cloud
- The Payment Card Industry Data Security Standard (PCI DSS), which regulates companies accepting online payments
- Service Organization Control (SOC2), which helps establish trust in and transparency into an organization’s service delivery processes and controls
Additionally, some general regulations, such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), apply to organizations serving a regional or international audience. Organizations must vet every software iteration for compliance with these regulations before deploying fully.
Constantly changing regulations in industries like finance are especially challenging for organizations using a monolith system of application development and deployment. They can’t quickly meet changing compliance requirements and may face delays changing part of an application, which slows innovation. Monolith application delivery becomes challenging because you must run compliance tests on the entire tech stack for every change.
Many organizations turn away from monolithic applications and embrace continuous integration and continuous delivery (CI/CD) to meet regulatory and other challenges. Modern CD tools help technical teams quickly, and sometimes automatically, roll out changes to meet shifting regulatory requirements while maintaining audit logs.
Let’s explore how Armory improves your CD pipeline reliability and flexibility using progressive deployment strategies with one-click rollbacks to minimize risk. Additionally, we’ll discuss how automated policy enforcement ensures your team runs scans and follows configuration best practices.
Frequent Updates Using Continuous Delivery
Organizations are moving toward the microservices-oriented development and deployment model. This development model helps their engineering teams focus on individual challenges inside the entire solution and solve them quickly. Since each team maintains a single code base, it’s easier to regulate and ensure compliance. Also, in case of any problem, the team can easily roll back their deployment to a previously compliant state.
A typical enterprise application might comprise hundreds of small processes called microservices. Validating the compliance and regulation checks on hundreds of different applications is more manageable than one extensive application. This is because you can easily pin and regulate a non-compliant process during deployment checks. If a microservice isn’t compliant, the team rejects the deployment for that microservice only — not the entire stack. This rejection also alerts the developers responsible for the microservice’s maintenance to ensure compliance in their codebase.
Sometimes it’s not technically possible to debug and run the solution locally. For example, if your teams must provision and analyze the logs your app generates, it might not be feasible to run the entire cluster on a developer machine. However, provisioning a test or development environment for every team is expensive in licensing, hardware, and staffing. In contrast, with microservices, each team can run their project locally, ensure compliance, then push it for deployment. Your IT teams can run their deployment checks on each release to either approve or reject the ones needing improvements.
After you’ve passed your compliance checks, progressive rollouts work to minimize the impact of any undetected issues. Progressive rollouts direct a subset of traffic to the microservice’s new version while most traffic continues using the old version. This allows you to inspect the new version with a subset of the production workload, minimizing the impact of any undetected issues. When the versions have run in parallel without issue, you can scale up the new version and reroute the remaining traffic from the old version. If you discover an issue at any point in the deployment, one-click rollback enables you to reroute traffic back to the old version.
Continuous delivery ensures your IT and compliance teams are on top of every release to your infrastructure. In the following sections, you will learn how Armory can help them with production deployments, as well as with one-click rollbacks and progressive deployments. Although companies mainly use microservices to test and verify new functions in isolation, minimizing their footprint and decreasing software delivery risks, microservices also help your teams quickly apply changes as governing bodies introduce new regulations.
Flexibility and Reliability
Maintaining a continuous delivery pipeline can be challenging as you manage smooth rollouts and rollbacks. Continuous delivery requires you to test and verify your deployments for functionality and compliance. When your deployment doesn’t meet the production service-level agreement (SLA), you should be able to revert the changes to the previous working state.
Progressive deployments and one-click rollbacks help you control your DevOps pipeline. The progressive deployment makes sure your app rolls out to the targeted audience that you define. This function helps your IT teams gradually allow a group of customers to access your latest deployment, ensure everything is good to go, and then provide the newest deployment progressively to the rest of your audience.
The benefit of this staggered release is that you can control and quickly revert the application to a working state if your platform crashes or you find any bug. Armory’s one-click rollback, for example, helps you revert the recent changes to your infrastructure, such as Kubernetes.
With Armory, you can control when a rollback happens. This helps you prevent unnecessary rollbacks if something else in your production breaks. Armory is the enterprise-scale version of Netflix’s open-source software Spinnaker, and its features make your continuous deployments easier. Spinnaker supports major public cloud vendors, so you can easily connect Armory to any public cloud and start deploying your production stack.
When you find a compliance issue, you can revert your app to a compliant state using rollbacks. Rollbacks help you avoid inadvertently breaking the rules and incurring fines, losing a license, or other regulatory actions.
Controlling Continuous Delivery
The goal of continuous delivery is to prepare every code commit for deployment. Apart from verifying application functionality, you also need to run specific policy validations on your deployments to ensure security and compliance. The Armory Enterprise Policy Engine can run policy checks on your deployments to ensure security and compliance. Armory’s example policies can get you started.
You can also extend Policy Engine by writing custom policies using Open Policy Agent. These policies ensure compliance and make it easier for your compliance and IT teams to detect red flags in deployments. Your organization can write custom policies to ensure automated test suites and security scanners run before deploying your code to production. These policies include, but are not limited to, security bugs, hardcoded passwords or connection endpoints, logging user data, opening unnecessary ports, and more.
With this custom policy feature, you can control which images are allowed to deploy to production and which the tool should reject.
In addition to enforcing policies around your software delivery pipeline, Policy Engine can also enforce most policies that have traditionally been implemented with Kubernetes Gatekeeper. This decreases Kubernetes management overhead by enabling you to enforce your policies in a single place instead of independently in each Kubernetes cluster.
Some organizations don’t allow developers to access certain production logs. This lack of access slows down the deployment process, and when there is a production problem, the developer has no idea of what is going wrong. Armory with Spinnaker helps you maintain deployment logs while ensuring it doesn’t write sensitive information anywhere. You can then provide these logs to external or internal auditors.
In this article, we discussed the challenges apps face with compliance and regulations. Monolith app development and deployment are more likely to slow app deployments and releases by making it challenging to run compliance, quality, and regulation checks on deployments, slowing the entire DevOps pipeline, and making it challenging to roll back infrastructure changes. Continuous delivery helps overcome these challenges.
You learned how Armory’s DevOps and continuous delivery features, such as progressive deployments and rollbacks, help your IT team remain on top of every deployment. Controlling every deployment helps quickly catch any compliance issues before reaching your audience (and the attention of regulators).
Contact Armory today for a complimentary assessment of your software delivery practices and learn more about how your organization can benefit from safe, reliable deployments.