It is common for companies to stall or slow in their quest to improve speed, quality, reliability, or security through a DevOps approach. It is not technology that slows them down, but their culture. They have practices and beliefs that make some aspects of DevOps seem impossible:
“Sure, developers at small start-up XYZ can put their own code into production, but we're in a regulated industry, and it would never work.”
“We need separation of duties. What you’re suggesting is impossible.”
“Audit or compliance would never allow a developer to test code.”
In this blog post, we’ve focused on separation of duties. Separation of duties is an important concept and to some, it might seem to be incompatible with a DevOps approach, but it isn’t. In fact, in many cases the separation of duties in the context of DevOps offers more assurance of quality, security, and audit-ability than traditional approaches.