Level Up Through the Capability Maturity Model

All month long we’ve been talking about how to Level Up Your Identity Program, because of the similarities we’ve seen between the concept of Role-Playing Games (RPGs) and the role-based focus on access and authorization that are central to the concepts of Identity practices for organizations in every industry.

Today, we’re going to look closer at our tagline to break down exactly what it means. Is “Level Up Your Identity Program” just a forced metaphor to allow us to geek out about RPGs? While we are daydreaming about booting up Skyrim to finish just one more side quest before we finally move forward with the main quest, the answer is actually NO.

In order to help you transform into a world-class IAM organization, the experts at Fishtech Group will guide you through the five levels of the Capability Maturity Model. No matter where you are at currently, we want to help you level up through five established levels of capability maturity.

So, now that the main quest is set, let’s take a look at what each of those levels looks like.

The Levels of the Capability Maturity Model

Level 1 – Initial

This is the beginning of the quest, and as such, there aren’t many established processes. Some may define this level as ‘chaotic’. The notable characteristics of this level are undocumented processes, and success that is found through individual efforts on an ad hoc basis, due to a lack of definition of the processes at an organizational level.

What to do next: Start with the basics – review your current assets, define your goals, create an action plan to achieve them, document the entire process.

Level 2 – Repeatable

As processes begin to take shape, success becomes repeatable through basic documentation. Even so, there is a lack of process standardization and definition through the organization at this level.

What to do next: Revisit your objectives, identify your pain points, and seek expertise to overcome these early challenges to your goals. What’s working and not should become readily apparent in the early stages.

Level 3 – Defined

Processes and procedures become more refined and documentation becomes more robust. IAM processes have been defined as standard business practice.

What to do next: Develop success criteria for each area of the program and continue to monitor and document its development. Specific use cases (process objectives) can be developed for your growing practice and tools can be optimized to meet your requirements. 

Level 4 – Managed (Capable)

When an organization reaches the managed level, they will be able to monitor the achievement of process objectives through data collection and analysis. At this level, organizations can show that process objectives are still achieved under a variety of circumstances without quality loss, even during times of stress.

What to do next: Differentiate between defined processes and undefined or unsuccessful ones. Incident / Problem / Operations Management plans should be clear and teams clearly understanding their roles within the environment.

Level 5 – Optimizing (Efficient)

At this level, organizations have established success through defined processes and are now concerned with improving overall performance on a continual basis. Organizations should still be completing established objectives as they are optimizing their processes.

Level Up Your Identity Program

No matter where your IAM processes register on the Capability Maturity Model, we want to help you Level Up! We take a consultative approach to identify gaps and introduce next-generation solutions that help your organization minimize risk, maintain compliance, and increase efficiency.

Identity programs that deliver speed-to-value are rare, and organizations that can facilitate them even more so. A tightly integrated, optimized, and mature identity tech stack built from clearly defined policies and governance practices will provide a solid, reliable identity platform.

If you would like to know how our IAM experts can help you Level Up Your Identity Program, let us know by filling out the form below.


The Efficiencies of Onboarding & Offboarding with IAM

This month in our recent articles about Identity and Access Management (IAM), we have talked about some of the benefits of IAM, including increased security for your employees and your organization overall. We have also talked about increased efficiency with onboarding and offboarding.

So, what does something closely associated with HR have to do with a practice often touted by cybersecurity companies? Well, there are a couple side benefits stemming from proper IAM practices that may surprise you.

IAM and Onboarding

Identity and Access Management can help speed up the onboarding process for new hires and ensure that employees gain access to everything they need faster. This is a huge benefit for organizations for a number of reasons.

Proper IAM practices make sure that access to secure systems is conditional to an individual’s role, rather than to the individual. This assists your IT department by simplifying the authorization process by greenlighting access to everything an individual in a particular role may need from day one.

Employees in each specified role to get access to the systems they need in a few hours or faster, unlike outdated practices that result in a delay of access to important systems until days or weeks later.

The implementation of IAM practices helps employees:

  • become productive to an organization more rapidly
  • get the employee comfortable sooner by quickly moving them past the “new job limbo”
  • enjoy job satisfaction more quickly

All of these benefits sound great, right? Well, onboarding is only half of the equation. Offboarding processes also benefit from the efficiencies of IAM.

IAM and Offboarding

When an employee is let go, or quits an organization, it is imperative to terminate their access as soon as it is relevant to do so. With proper Identity and Access Management practices in place, IT departments will know what employees have had access to, and should be able to remove their authorization quickly, reducing the risk for insider threats, and creating a smooth transitional period for the outgoing employee.

There are a number of ways to facilitate this process, including using single-sign on (SSO) where each employee has access to every website and application through a third party that requires only one user name and password. When the employee is being offboarded, there is only one set of credentials to worry about, so you’re not having to revoke access on a number of different platforms.

Finding ways to increase efficiency in offboarding processes will only grow in importance as trends change within the workforce.

More than 40% of millennials plan to leave a job within two years, and less than a third will be around after five years according to the 2018 Deloitte Millennial Survey. Generation Z, a group born in the mid-1990s to the mid-2000s that is now entering the workforce, has a 60% chance of leaving a workforce within two years. Only 12% plan to stay at any one job beyond five years, the survey reported.

You don’t have to run yourself through the wringer every time you need to offboard another employee. Identity and Access Management is the key to true efficiency with onboarding and offboarding for your organization.

So, while you’re making your organization more secure with Identity and Access Management by limiting who can access certain systems according to who needs said access, IAM can be a huge benefit to your HR Department as well.

If you are interested in learning how IAM can increase efficiencies for your onboarding and offboarding processes, and increase security for your organization, fill out the form below to connect with one of our IAM experts.


Level Up Your Identity Program – What is IAM?

Level Up Your Identity Program. Know Your Role.

 

This is the tagline for our August focus on Identity. Excuse our geek speak, but we see a lot of similarities between the concept of Role-Playing Games (RPGs) and the role-based focus on access and authorization that are central to the concepts of Identity practices for organizations in every industry.

 

 

In RPGs, certain character classes are the key to proceeding with overall missions. The thief class may be the only one that can pick a lock. The warrior may be the only one strong enough to move a boulder. Each party member has a role that only they can fill.

Identity programs in businesses should work the same way.

We each play a unique role in our respective organizations. Our ability to access pertinent information should reflect our role. This not only allows for organizations to run more efficiently, but more securely as well. In the spirit of RPGs, we’re going to help you Level Up Your Identity Program with our new series of articles, videos, podcasts, social media posts, and more!

So, with the quest defined, let’s begin our journey with the basics to get some easy XP.

 

What exactly is IAM?

 

You may have seen the acronym IAM in conversations surrounding Identity. What is IAM?

IAM = Identity and Access Management

Identity and Access Management is the process used by businesses and organizations to grant or deny employees and others authorization to secure systems. To simplify IAM down to the fundamentals, the goal is to make sure that the right people have the right access within an organization.

Programmers don’t need access to financial data, just like accountants don’t need access to the back-end of your website. Employees should have exactly the right amount of access to what is pertinent for their role. No more, no less.

This is accomplished through the establishment of a digital identity for every employee or customer that will have access to certain systems within your organization. With the establishment of this digital identity, users are then granted access according to what they have been authorized for, streamlining organizational efficiencies.

But this is only the beginning. We have covered the “identity access” part of IAM. What about “management”?

 

Leveling Up! The Full Scope of IAM

 

A user’s access privileges are not static. As organizations grow and change, so do the roles of their users. Just as characters in an RPG level up and gain new skills, so do employees and other users. This means that organizations need to take an active role in maintaining each point of access that each digital identity is authorized for.

Doing so can keep systems efficient, and more secure. We focused on insider threats on our previous blog post on the insights from the Haystax 2019 Insider Threat Report. When asked about what the most effective security tools and tactics are to protect against insider attacks, 52% of organizations answered Identity and Access Management.

Maintaining the access of your users through all of the changes in the organization, and any changes to a user’s role can reduce the ever-growing risk of insider threats.

As Yassir Abousselham, senior vice president and chief security officer for Okta, explains:

“[the goal of identity management is to] grant access to the right enterprise assets to the right users in the right context, from a user’s system onboarding, to permission authorizations, to the offboarding of that user as needed in a timely fashion”.

The offboarding mentioned includes a user completing a specific project who no longer needs access to secure systems they were previously working in, to employees that have been laid off.

With Identity and Access Management, organizations can help prevent unintended breaches or leaks by making sure access is only allowed to authorized user, and by closing any access points to employees that are no longer authorized to enter.

Identity and Access Management practices and principles provide value to businesses in every industry, and proper implementation of IAM in your business can help your organization level up like never before.

We will be diving deeper into many of the concepts mentioned in this article as the month progresses as we continue to help you Level Up Your Identity Program. In the meantime, if you would like to schedule a consultation with our IAM experts, fill out the form below!


Insights from the 2019 Insider Threat Report

Here at Fishtech Group, we often talk about the fact that we are a data-driven cybersecurity services provider, because we believe that real solutions are driven by real data. That’s why we’re so excited about Haystax, a wholly owned subsidiary of Fishtech Group, releasing their 2019 Insider Threat Report with the help of Cybersecurity Insiders.

There are many powerful insights found in this report, and Haystax hosted a webinar to dig a little bit deeper into the findings of the Insider Threat Report!

In the meantime, let’s take a look at a couple useful items found inside.

The Growing Frequency of Insider Threats

Insider threats have evolved into some of the costliest and most challenging risks facing organizations today, and they are growing more frequent every day. Don’t just take our word for it. Directly from the report:

70% of the organizations surveyed think insider attacks have become more frequent in the past 12 months.

 

That should perk up the ears of every business owner. According to the report, these increasing insider threats were believed to be due to lack of employee training/awareness, increasing number of devices with access to sensitive data, and insufficient data protection strategies or solutions. But, wait a minute, these don’t really sound like malicious causes, do they? You may be on to something…

70% of businesses are most concerned about inadvertent or careless data breaches/leaks.

 

“Insider threats” often have the connotation of malicious employees willfully causing harm, but as this statistic shows, that isn’t always the case. Insider threats can occur due to carelessness or negligence, as well as by malicious actors. This really expands the potential pool of insider threat sources, and creates more chances for data breaches/leaks.

Without an effective insider risk mitigation program, your most vulnerable data is at risk, including customer data, intellectual property, and financial data. Data is a core strategic asset, and organizations need a plan in place to make sure their most vulnerable types of data are protected as insider threats become more common.

Insider Threat Solutions

One of the most exciting statistics we saw in the report ties directly into our month-long focus on Identity. When asked about what the most effective security tools and tactics to protect against insider attacks –

52% of organizations said Identity and Access Management (IAM).

 

If you are interested in the rest of the report, you can find the full Haystax 2019 Insider Report here.

As the month of August progresses, we will be focusing on ways Identity and Access Management can help you prevent insider attacks, along with how it can increase efficiencies within your business with on-boarding and off-boarding, among other Identity practices and philosophies.

Be sure to also catch the “ON-DEMAND: Insider Threat 2019 Report Results with Haystax and Cybersecurity Insiders” that took place earlier.


Low-cost prevention of your next cloud breach with Canary tokens

Help your organization avoid being the next Capital One cloud resource breach with this one weird trick that hackers hate.

Capital One has joined the ever-growing list of companies (including Facebook, Dow Jones, Netflix, and Ford) that have had data stolen out of improperly secured cloud resources.

“The perpetrator gained access to card application data of approximately 106 million individuals across the United States and Canada through a misconfiguration of a web application and not the underlying cloud-based infrastructure,” as told to Newsweek a couple of days ago.

It appears this attack involved exploiting a flaw in a web application to gain enough privilege to read the system’s instance metadata via the AWS API.  The metadata contained credentials to access the highly sensitive data outlined in the breach disclosure.

Instance metadata is a well-known, widely used, but only occasionally scrutinized feature that each AWS instance is deployed with. It is enabled by default to provide easily accessible information about the EC2 instances themselves and how they are deployed to an AWS account as a whole including any IAM credentials the instance needs to talk to other AWS services.

For a more in-depth look at this attack vector, check out this blog post from Redlock.

So how do you keep your company from falling victim to this same attack?  There’s a simple and extremely cost-effective solution that would have very quickly alerted Capital One (or others in the same situation) to the inappropriate access of their EC2 metadata: Thinkst’s Canary tokens.

Canary tokens can be thought of as a tripwire in environments, alerting security teams when accessed or executed without tipping their hand to the attacker. Canary tokens come in many different varieties and specifically include a token that notifies when EC2 metadata is accessed.

These tokens are very similar to a web bug, an object that can be placed within a web page or email that allows the creator to monitor user behavior.

Unlike a web bug though, Canary tokens are designed to have multiple personalities based on various deployment use cases, including an EC2 metadata Token. Once created, these tokens can be deployed by installing Thinkst’s Apeeper application to your EC2 instances, separated by region, with virtually no maintenance required.

With these Canaries in place, if an attacker then attempts to query the metadata of your EC2 instances, an alert will be triggered in real time, alerting you or your team of potential exploitation while also providing valuable information regarding the incident.

Apeeper can also be configured to run in three different modes depending on your environment’s architecture and security program needs:

  • Blacklist

Alert on certain paths that are queried

  • Whitelist

Do not alert on certain paths that are queried

  • All

Alert on all paths that are queried  

At CYDERES, we provide the best “blue team as a service” with our solutions for managed detection and response that include comprehensive coverage of both on-prem and cloud environments.

The CYDERES Cyber Defense Platform includes a wide range of technologies including Thinkst’s Canary tokens.  With Thinkst, you can have a whole flock of Canary token sensors deployed quickly.

With CYDERES, you can have those sensors monitored 24/7 by our award-winning Cyber Defense Center.  Our surveillance team can not only architect and deploy your Thinkst deception solution, we will actively monitor all of the security telemetry and events from your environment to quickly triage and respond to threats – freeing your precious internal security team to focus on enabling the business to move faster, but securely.


Bridge to DevOps: Further Reading

Throughout the past month, we have been putting a special focus on DevOps and how it can be a transformational part of your business. We’ve helped to define what exactly DevOps is, laid out what our phased approach to DevOps would look like for your business, and talked through some recent buzzwords surrounding security and DevOps. We hope you have gained some valuable insight into DevOps philosophies and practices during this recent close up.

To round out the month, we’re going to be focusing on some further reading materials if you want to dive a little bit deeper into DevOps as you plan your digital transformation. Here at Fishtech Group, we have been passing around a book written by three progenitors of the DevOps movement that may help put DevOps into context for you through a real-world application.

The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win is set in a fictional company called Parts Unlimited. Written by Gene Kim, Kevin Behr, and George Spafford, the book gives the reader a small glimpse of DevOps and how companies can integrate different departments, like IT, to align with overall business goals rather than their own individual functions.

While we recommend reading the whole novel, there is one particular idea that can demonstrate how you can help foster a DevOps culture at your business, or at least get an idea of what it looks like when DevOps is implemented correctly. This is idea is summed up as “The Three Ways of DevOps” in the novel. Let’s break it down a little bit more by looking at each way individually.

The First Way says that work should always flow in one direction – downstream. In the novel, the First Way focuses on eliminating constraints and creating a fast workflow that moves from development, to operations, to IT, and then ultimately to the customer. The First Way looks at the system as a whole, rather than fixating on a specific department.

The Second Way looks to create, shorten, and amplify feedback loops. The Second Way integrates feedback, not only from the customers, but also from the different sectors of a company, like operations and development. Through the implementation of this philosophy, communication is increased, allowing for fewer surprises as work gets finished, and allows for faster changes.

The Third Way focuses on continued experimentation in order to learn from mistakes and achieve mastery. This philosophy augments the Second Way in that continued communication will allow you to experiment with more frequency to continue to take risks and find the best way forward through your DevOps practices. Without proper communication and experimentation, your business will not succeed or progress.

The Phoenix Project has been a great resource for our team to better understand the core concepts of DevOps, straight from minds of some of the creators of the movement. If you are wanting to learn more about DevOps in an easy-to-digest setting, think about picking this novel up and follow the DevOps journey of Parts Unlimited as they transform their business for the better.

If you are still looking for a few more resources to dive into as you continue to explore DevOps, we have a short list of recent articles that our DevOps team has sent our way that may help whet your appetite:

Of course, we are always open to talking DevOps and seeing how it can transform YOUR business for the better. If you would like to set up a consultation with our DevOps team, fill out the form below, and let us help guide you on your own Digital Transformation.


Cybersecurity Budget: Spend It Now, or Spend More Later

Equifax to pay up to $700 million in data breach settlement

Marriott faces a $124 million fine for failing to protect customer data

These are just a couple headlines that have come out over the last month regarding penalties for data breaches. How do those numbers compare to your current spend on cybersecurity? A recent social media post from a local CISO fostered some good conversation on the matter when he asked his research and advisory connections:

“Can you please provide a benchmark about the cybersecurity budget before and after a data breach [including fines incurred due to the breach itself]?”

In response to some of the growing dialogue that was stemmed from this inquiry, our own Founder / CEO, Gary Fish, chimed in with some simple, but powerful wisdom when it came to companies’ cybersecurity budgets:

“Spend it now, or spend more later.”

We often only see the enormous fine amounts posted in each subsequent article for each subsequent breach. While those numbers can be scary enough in their own rights, there are other factors to take into consideration.

You’re looking at extra time investments as you take care of the ramifications of the data breach.

You’re looking at legal expenses.

You’re looking at marketing costs as you try to repair your reputation. The list goes on and on.

All of a sudden, your budget allocation to cybersecurity doesn’t look so bad, does it?

We recently saw a prime example of the disastrous consequences of cybersecurity vulnerabilities as a data breach forced medical debt collector AMCA to file for bankruptcy protection.

They were hacked last year in a time period estimated to be from August 1, 2018 to March 30, 2019. In the aftermath of the breach, class-action lawsuits were filed, cybersecurity forensics bills grew exponentially, AMCA’s tarnished reputation led to an exodus of some of their most valuable business partners, and this ultimately led to AMCA filing for Chapter 11.

We know conversations around cybersecurity budgets can be difficult, especially if you have never experienced (or more realistically, haven’t realized you’ve already been compromised) any cyber attacks, or data breaches, but in an increasingly digital world, cybersecurity is more important than ever. Take it from Equifax and Marriott…

Fishtech Group has worked with companies of all sizes to help them grow a mature cybersecurity architecture and plan, delivering the right solution, the first time.

Fishtech Group is a data-driven cybersecurity services provider for any computing platform. Combining a group of holistic, data-driven cybersecurity solutions, we identify gaps and solutions to help organizations minimize risk, maintain compliance, and increase efficiency.


DevSecOps – Breakthrough? Or Buzzword?

In the beginning, the tech gurus created DevOps, and saw that it was good.

Next, buzzword nation went off and started creating ThisOps and ThatOps, and here at Fishtech Group, we saw that it wasn’t good.

One of the “Ops” iterations making its way onto the market and into the industry consciousness over the last few years is DevSecOps, which is essentially adding “security” into the previous combination of Development and IT Operations (“DevOps”).

You may have noticed that this is the first time we have mentioned anything about DevSecOps on our website. You may also be asking, “wait, aren’t you a cybersecurity solutions company? Shouldn’t security be a core focus of your offerings?” Of course!

So, why aren’t we providing “DevSecOps” alongside our DevOps offerings? Let’s clear a few things up.

Security in DevOps is a Byproduct of Quality

We talked a little bit in our previous “What is DevOps?” blog post about the pitfalls of buzzwords surrounding DevOps, and DevSecOps is a prime example.

While we don’t disagree with the primary principles of so-called DevSecOps, we think it unnecessary to make a new distinction and are wary of offerings of “DevSecOps” as if it’s a new and shiny thing you should divert your resources to.

With the invention of DevSecOps, it sounds like security is just now in consideration for DevOps principles and processes, but we beg to differ.

Security in DevOps is inherent.

Security in DevOps is implicit.

Without security, DevOps isn’t DevOps.

Security in DevOps is a byproduct of quality. If DevOps practices are implemented correctly, security will be there. But don’t just take it from us…

The Phoenix Project (The Experts Have Spoken)

Our team has been passing around a copy of The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win, which was written by some of the progenitors of the DevOps movement, and they mention the inclusion of information security within the DevOps structure, without referring to such an organization as DevSecOps.

In fact, one of the primary writers, Gene Kim, was the CTO of a cybersecurity company for years before writing The Phoenix Project. If there was no distinction made by an originator of DevOps, who has extensive history in cybersecurity, we don’t think there needs to be one either.

We’ve done our own market research to look into what the unique aspects of “DevSecOps” really are. To be honest, they sound kind of familiar…

Automation Through CI/CD Pipelines

Time and time again, source after source brought up automation through CI/CD pipelines as a core tenant of DevSecOps saying that DevSecOps automates security within the DevOps workflow. In our experience this is already a key part of the DevOps philosophy.

As we’ve mentioned, DevOps practices focus on busting silos and automating process from all applicable teams, including IT Operations, Development, Security, and more.

That’s just what DevOps is.

The Focus Should Already Be On Security 

Furthermore, these sources mention that “real DevSecOps” needs to place an emphasis on empowering teams to improve security practices for quick review and approval processes that leave an audit trail and meet compliance requirements. We agree!

But, again, this is something that we believe is already covered in DevOps practices and principles.

Let us again clarify that we find nothing wrong with the ideas behind DevSecOps. Security is supremely important. Our belief is simply that putting a new name on established practices to spin up new business isn’t the right approach.

In Conclusion

Rest assured! While you may not see “DevSecOps” in our offerings, security is still a top priority as we guide organizations through total digital transformation utilizing a DevOps perspective.

DevOps may go by many names, but true DevOps bakes security into every process, principle, and toolset.

It’s time to embrace the DevOps revolution and see the speed-to-value ramp up in your organization. Let silos be a thing of the past and learn how to continuously and reliably deliver value to your customers faster.

DevOps truly provides the purest form of Digital Transformation.


Buzzword Bingo with Eric Foster & Rick Holland

Recently we were excited to welcome Rick Holland, CISO and Vice President of Strategy from Digital Shadows, to sit down with our own Eric Foster, COO of CYDERES to discuss a wide range of topics across the landscape of cybersecurity.

Check out their fascinating discussion around:

  • DevOps
  • Purple Team
  • AI & ML
  • The “Cloud”
  • The state of SIEM
  • And more …


Bridge to DevOps: Our Unique Approach

We believe DevOps is MORE than a buzzword.

We’ve seen it revolutionize the way our customers deliver speedy value to their customers.

We’ve seen silos busted and teams working more efficiently to innovate securely.

Now that we’ve discussed the history of DevOps and how traditional organizational structures are being revamped for exponential increases in efficiency, let’s take a moment to look at how we approach the implementation of DevOps principles and practices in your organization.

DevOps is more than a practice, it’s a cultural shift. It’s important to take each unique aspect of your organization into consideration as you proceed through every step of this transformation.

PHASE ONE: DEFINING SUCCESS

DevOps success looks different for every organization while maintaining the same overall tried and true principles of success.

Therefore, the first step in an effective DevOps reorganization strategy is always to take time analyzing what success looks like for your organization and what exactly your core objectives are.

For example, identify a specific targeted process we want to improve. Next, how will we know if we have improved it, or if we’ve actually made it worse? Identifying metrics and KPI’s are crucial in measuring success.

Once we define measurable goals for this project’s timeframe and scope, actionable steps can be set as we progress in shifting the overall culture.

PHASE TWO: DEFINING KEY PERSONNEL & REQUIREMENTS

In order to truly sow the seeds of cultural change within the organization, it’s critical that the key personnel are deeply involved and accountable to the process.

Each of these people should be involved in deciding:

  • What are the business objectives we can focus on during the course of this project?
  • What are the requirements that we must keep in mind?
  • Who are the main groups/stakeholders that should be interviewed to gather intelligence?
  • Which of these stakeholders are the most sympathetic to this shift?

PHASE THREE: ORGANIZATIONAL ANALYSIS

This phase involves ascertaining the crucial intelligence needed to begin the transformation towards an effective DevOps culture.

It can and will be painful – silos will be revealed, lack of efficiency highlighted, redundancy and bottlenecks discovered. Keep in mind the goal is not to focus on the negative, but to isolate what’s keeping your organization back and apply the principles to change.

Iterate and improve! That concept is essential to the core of DevOps.

As your DevOps advisor, we will ask fact-finding discovery questions like –

  • In the targeted process, what are the steps, even if loosely understood?
  • How do you track/confirm the success of your process? (e.g. what, if any metrics exist to track the success of this process)
  • Where is significant re-work generated or received?

With all of this analysis of current toolsets and other relevant information, a thorough review of organizational processes can be compiled.

PHASE FOUR: Develop DevOps Structure

At this point, several key processes have been identified to be in need of serious adaptation or to be removed and replaced altogether!

The key personnel involved can continue to work with this data and, with the help of your DevOps advisor, develop detailed recommendations for moving to a CI/CD pipeline. This includes evaluating your technology stack for stability and efficiency moving forward as new benchmarks for success are created.

The new DevOps structure is beginning to take shape, and because the right people have been involved in the discovery and analysis phases, they will have a clear cultural buy-in to lead the new DevOps charge.

PHASE FIVE: Documentation & Execution 

The analysis and conclusions of each of the previous phases culminate in an executive summary that the DevOps advisor will deliver with detailed recommendations for immediate and ongoing execution.

This involves clear and documented process instructions, training on the various new or augmented toolsets, and redefined roles and responsibilities for those involved.

The end result is really no end at all, rather a commitment to ever increasing efficiency and speed to value, constantly innovating and growing your DevOps culture.

Have a question about any of these phases and how a Fishtech-led DevOps workshop can benefit your organization? Put our industry-leading expertise to work for your business, and watch pure digital transformation unfold.