As in any crisis situation, especially one as complex as the current COVID-19 situation, it helps to have a crisis management checklist to get your head wrapped around everything that needs to get done. Copado has put together a focused ‘Remote DevOps’ checklist that lists key considerations to ensure business continuity for your DevOps teams in this time of crisis and transition to a remote work environment.
For all the key activities in the development lifecycle (planning, development, testing, deployments, and monitoring) ensure there is a central system that gives visibility and allows collaboration. Deployments done from laptops don’t provide adequate traceability. Even if some people are working on-prem, they need to use the same common system.
Ensure you conduct team, department and company meetings periodically, provide adequate remote communication channels, provide company guidelines for remote employees’ use of work tools, and provide advice on how to ease remote collaboration.
Implement a system of shared work where work items can be tracked and assigned to queues instead of individuals if possible. Expect the flow of work to be less predictable, and strive to identify bottlenecks and single points of failure to minimize disruption.
Encourage and ensure the use of basic code quality tools such as static analysis, and focus on increasing automated testing to address potential degradation in code quality caused by remote work. Take time to ensure quality up front so you don’t suffer from late-stage issues, as the saying goes, “slow is smooth, smooth is fast”.
Ensure devices that will be used remotely have the latest version of their operating software, security software and applications. Implement Zero Trust architecture on your network for remote employees by ensuring that there should not be any unauthenticated access even within the local network. In that regard, cloud security provides a template for on-prem security.
Instruct your staff on emerging threats tied to the COVID-19 coronavirus, including new phishing attacks and attempts to steal VPN credentials. Implement two-factor authentication using smart cards, security keys, or smartphone authenticator apps.
Confirm you have enough bandwidth coming into any on-premise systems to handle all the new remote traffic, then double it. Confirm your staff can reach your cloud-based applications and services directly without having to go through the company network. Also, ensure remote employees have access to and can use a business-grade VPN if they need access to on-premise systems, and you have sufficient VPN licenses for all employees working remotely.
Make sure you have backups of your data as well as failover systems so your staff can keep working in case of data loss or issues with your primary services.
Ensure relevant rules, checks and balances are implemented within your DevOps processes to ensure compliance to internal policies and external regulations.
Automate processes where manual work may be susceptible to costly errors, delays or compliance exceptions.
Ensure complete visibility of your DevOps pipeline and all the changes being made and be able to roll back changes if required.
Implement a DevOps Command Center with real-time dashboards and reports that give you a 360-degree view of your development pipeline including people, process, systems and data. Enable alerts and notifications to help you to proactively detect and address potential governance exceptions.