Welcome!

Microservices Expo Authors: Elizabeth White, Gopala Krishna Behara, Sridhar Chalasani, Tirumala Khandrika, Liz McMillan

Related Topics: Java IoT, Microservices Expo

Java IoT: Article

Compliance Issues Represent Pieces of a Puzzle

IBM's Rational Focuses on Business-Driven Development

Imagine trying to solve a puzzle without being certain what the end result should look like, much less how the pieces fit together. Now imagine trying to build the puzzle pieces themselves. Bit of a challenge? To say the least! But this is exactly the situation facing many business and IT executives when it comes to complying with the increasing number of standards and regulations in their industries today.

Why the recent surge of interest in regulatory and standards compliance? With the health and welfare of their citizens and local businesses in mind, global governments are requiring more accountability from organizations that do business within or across their borders. Since 1999, new legislation has passed in the United States that subjects business, IT, and even the software development process itself to audits. Some of the better known legislative acts, such as Sarbanes-Oxley, Basel II and the Health Insurance Portability & Accountability Act (HIPAA), have placed financial services and health care providers directly in the spotlight. These industries are spending money on ensuring compliance, but with mixed results so far. In the United States, for example, an estimated $2.5 billion will be spent annually by Fortune 1000 companies on compliance-related projects.

It doesn’t help that compliance requirements are often a puzzle in and of themselves. They are mandatory, but the steps to achieve compliance are not always outlined. In section 404 of the Sarbanes-Oxley act, for example, it says a company must have “good controls,” but it doesn’t clearly state what they are or how to achieve that. Regulatory requirements are also ever-changing, yet businesses are required to constantly demonstrate compliance. So for many businesses, well intended compliance requirements involve risk without clear guidelines for managing that risk.

Complying with regulations and standards is all about encapsulating business processes. It’s about clarifying and formalizing the way you do business – everything from taking an order to preparing goods for shipment, shipping and taking payment, and then allowing for scenarios like credit returns, faulty products or discounting – and appropriately recording that information.

Many companies have automated these processes by buying off-the-shelf IT packages and customizing them or, in many cases, by building their own custom-made applications. In either case, the modifications or new applications introduce yet another dimension to the puzzle: new pieces that must be shown to fit. This is the stage where compliance can become an even greater challenge.

In custom systems there can be a lot of people working on the development of the applications and errors can creep in, things can change. To withstand an audit – whether internal or external – a business has to be able to prove that the software system it has said it was going to build is the one it actually built, and that the software it built is the one it ultimately deployed – two separate processes. In essence, to achieve true compliance, businesses must be able to demonstrate the reliability and accuracy of any business process and show transparency throughout their development process.

It’s possible to demonstrate business process reliability and accuracy and have a transparent development process by manually compiling information at the time of an audit, but as you might imagine there is a high degree of overhead and risk associated with this reactive approach. There is a direct cost as well as the staff distraction and lost opportunity costs.

Establishing an effective governance framework for software delivery, what IBM Rational Software calls “Business Driven Development,” is a better choice. IBM Rational’s Software Development Platform provides guidance to customers with regard to best practices in developing software. Rational’s portfolio, requirements, testing, and software configuration management products provide a wide range of tools that capture information about what’s going on and what changes were made, what tests were done, what the design documents were and so on. It’s an ongoing process, so businesses can continuously capture information and maintain compliance. Using Rational’s automated workflow system for software delivery, a number of people in various locations can sign off on changes and allocate work.  Instead of one hour per day spent on compliance issues, an hour-long conference call per week may be all that is required.

As an example, various companies in the financial services industry have chosen to work with IBM Rational to strengthen their testing and requirements practices to improve traceability and compliance with regulations like Sarbanes-Oxley. One such customer, a leading provider of data processing and information management services solutions, replaced a competitive testing solution with tools from Rational to improve its application testing processes, resulting in streamlined IT governance and regulatory compliance capabilities.   

Aside from the assurance that comes from knowing the business is compliant, organizations can benefit from reduced risk and lowered costs in the long-term, improved infrastructure and project ownership, as well as better governance and understanding of business processes. With the right software delivery governance framework in place, the regulatory and standards compliance puzzle will look a lot more solvable.  

More Stories By Roger Oberg

Roger Oberg leads IBM Rational’s marketing team, including Rational’s strategy and planning, product and solution marketing, technical marketing, marketing programs, marketing operations and business partner marketing efforts.

Prior to joining IBM as director of market management in February 2003, when IBM acquired Rational Software, Roger was Rational's vice president of product marketing. He was vice president and general manager, visual modeling products from 1999 until 2002 and vice president and general manager, requirements management products from 1997 to 1999, overseeing 100%+ growth in both businesses. Roger joined Rational when Requisite Software was acquired in 1997, where he was vice president, marketing and sales. He was executive director for AIN at USWest, held vice president of engineering and marketing positions at XVT Software before that and spent nearly 10 years in sales, sales training, sales management and marketing positions for NBI, an office automation software and systems company. He has also served on the boards of two start-up software companies.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
JDJ News Desk 08/09/06 12:29:42 PM EDT

Imagine trying to solve a puzzle without being certain what the end result should look like, much less how the pieces fit together. Now imagine trying to build the puzzle pieces themselves. Bit of a challenge? To say the least! But this is exactly the situation facing many business and IT executives when it comes to complying with the increasing number of standards and regulations in their industries today.

@MicroservicesExpo Stories
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
You often hear the two titles of "DevOps" and "Immutable Infrastructure" used independently. In his session at DevOps Summit, John Willis, Technical Evangelist for Docker, covered the union between the two topics and why this is important. He provided an overview of Immutable Infrastructure then showed how an Immutable Continuous Delivery pipeline can be applied as a best practice for "DevOps." He ended the session with some interesting case study examples.
When you focus on a journey from up-close, you look at your own technical and cultural history and how you changed it for the benefit of the customer. This was our starting point: too many integration issues, 13 SWP days and very long cycles. It was evident that in this fast-paced industry we could no longer afford this reality. We needed something that would take us beyond reducing the development lifecycles, CI and Agile methodologies. We made a fundamental difference, even changed our culture...
Updating DevOps to the latest production data slows down your development cycle. Probably it is due to slow, inefficient conventional storage and associated copy data management practices. In his session at @DevOpsSummit at 20th Cloud Expo, Dhiraj Sehgal, in Product and Solution at Tintri, will talk about DevOps and cloud-focused storage to update hundreds of child VMs (different flavors) with updates from a master VM in minutes, saving hours or even days in each development cycle. He will also...
As Enterprise business moves from Monoliths to Microservices, adoption and successful implementations of Microservices become more evident. The goal of Microservices is to improve software delivery speed and increase system safety as scale increases. Documenting hurdles and problems for the use of Microservices will help consultants, architects and specialists to avoid repeating the same mistakes and learn how and when to use (or not use) Microservices at the enterprise level. The circumstance w...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets. By creating abundant, high-quality editorial content across more than 140 highly targeted technology-specific websites, TechTarget attracts and nurtures communities of technology buyers researching their companies' information technology needs. By understanding these buyers' content consumption behaviors, TechTarget creates the purchase inte...
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry’s single source for the cloud. Fusion’s advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including cloud...
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
DevOps and microservices are permeating software engineering teams broadly, whether these teams are in pure software shops but happen to run a business, such Uber and Airbnb, or in companies that rely heavily on software to run more traditional business, such as financial firms or high-end manufacturers. Microservices and DevOps have created software development and therefore business speed and agility benefits, but they have also created problems; specifically, they have created software securi...
This week's news brings us further reminders that if you're betting on cloud, you're headed in the right direction. The cloud is growing seven times faster than the rest of IT, according to IDC, with a 25% spending increase just from 2016 to 2017. SaaS still leads the pack, with an estimated two-thirds of public cloud spending going that way. Large enterprises, with more than 1,000 employees, are predicted to account for more than half of cloud spending and have the fastest annual growth rate.
The emerging Internet of Everything creates tremendous new opportunities for customer engagement and business model innovation. However, enterprises must overcome a number of critical challenges to bring these new solutions to market. In his session at @ThingsExpo, Michael Martin, CTO/CIO at nfrastructure, outlined these key challenges and recommended approaches for overcoming them to achieve speed and agility in the design, development and implementation of Internet of Everything solutions with...
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo 2017. The @DevOpsSummit at Cloud Expo New York will take place on June 6-8, 2017, at the Javits Center in New York City, New York, and @DevOpsSummit at Cloud Expo Silicon Valley will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you...
In his General Session at 16th Cloud Expo, David Shacochis, host of The Hybrid IT Files podcast and Vice President at CenturyLink, investigated three key trends of the “gigabit economy" though the story of a Fortune 500 communications company in transformation. Narrating how multi-modal hybrid IT, service automation, and agile delivery all intersect, he will cover the role of storytelling and empathy in achieving strategic alignment between the enterprise and its information technology.
All clouds are not equal. To succeed in a DevOps context, organizations should plan to develop/deploy apps across a choice of on-premise and public clouds simultaneously depending on the business needs. This is where the concept of the Lean Cloud comes in - resting on the idea that you often need to relocate your app modules over their life cycles for both innovation and operational efficiency in the cloud. In his session at @DevOpsSummit at19th Cloud Expo, Valentin (Val) Bercovici, CTO of Soli...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his general session at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership abi...