Welcome!

Cloud Security Authors: Ed Featherston, Darren Anstee, Liz McMillan, Elizabeth White, Pat Romanski

Related Topics: @CloudExpo, Microservices Expo, Agile Computing, Cloud Security, Government Cloud, @BigDataExpo

@CloudExpo: Article

You Got Your Governance in My DevOps

Why cloud-based DevOps and governance shouldn’t be mutually exclusive

Forward-thinking organizations realize that accelerating the speed with which they can deliver new applications and services is critical in making their enterprise more agile - and by extension delivering critical business competitiveness. In order to do so, they must break the cycle that holds many IT organizations captive. In many cases, development bemoans central IT for delays in provisioning development platforms, IT begrudges the Security and Audit teams for the processes and procedures that help create these delays, and these teams are in turn frustrated by the lack of compliance that results in unnecessary audit findings.  In the process, Development is often seen as throwing the proverbial pig over the wall - sometimes with more lipstick than other times. When you add to this mix a healthy dose of firefighting and pressure from business units to innovate faster, it's easy to see how this can become a downward spiral for organizations.

We've all heard the old saying that brakes on a race car actually allow it to go faster. And in much the same way, governance helps accelerate DevOps initiatives. Unleashing DevOps at scale can be a recipe for unbridled innovation, enabling IT to be at the helm of business success. Without governance, however, IT risks continuing the same pattern of distrust between Dev, IT and Security that keeps innovation at bay and politics at the forefront.

Enter Cloud-Based Dev Ops
While analysts indicate that DevOps can be a wholesale restructuring of the IT organization, leveraging the cloud is an opportunity to develop a long-term strategy that creates a virtuous cycle between Dev, IT and Security by automating and governing key aspects of the Dev-to-Ops lifecycle. With the ability to provision platforms on demand, embed standard operating environments upstream for earlier dev and test use, automate application and service configuration, and manage security and operational SLAs across each role in the SDLC, cloud-based DevOps enables IT to respond faster to business and market demands.

Inserting governance into the DevOps process across each of these cloud-based capabilities allows Dev to produce more code and conduct less rework; central IT sees fewer severity one outages, resulting in fewer fire fights; and Security and Audit teams are assured that policies are appropriately applied across each stage of the application lifecycle.  Here are three key areas where DevOps within a cloud environment can help speed up innovation:

1. Provision platforms on demand.
On-demand, self-service is the promise of cloud computing and it should begin with the development team.  With more workloads in Development and Test environments than any other part of the business, it makes a great deal of sense that development teams should be the prime beneficiary of this computing model.  While this change alone can speed the deployment of development-ready platforms from weeks to hours or minutes, the greater benefit is that development can be assured they are working with pre-defined production-like environments with security and governance controls already applied. With no need to configure application stacks or concern themselves with underlying infrastructure and platforms, development can begin coding sooner and spend more time with the code itself, not supporting extraneous details.

2. Govern and Control Common Application Platforms.
Forward-thinking organizations embed governed standard operating environments upstream for dev and test use early on.  By integrating governance at this stage, central IT can be sure that Development output will meet compliance, geographical and other business constraints.

Policies can be applied that govern the usage of standardized application platforms and environments. In fact, policies can be quite fine-grained, meeting specific internal and external security, audit and governance requirements. For example, policies to control access rights, deployment decisions, security zones, or resource limits should all be considered and applied as appropriate across the Software Development Lifecycle (SDLC).

3. Safely Promote Software.
Governance embedded in a cloud-based DevOps model allows teams to automate release management. These teams leverage their organization's existing approval processes supported by automatic provisioning of application deployment environments. By streamlining across the development-to-operations lifecycle, teams are able to keep pace with faster change by automating and standardizing tasks that are manually configured today, creating less room for ‘fat finger' errors and the resultant problem resolution.

By standardizing on - and applying governance to - control points across the application lifecycle, IT is able to increase the speed and frequency of software releases without sacrificing the quality and reliability of software in production. Whether an organization is looking to build and leverage cloud-based DevOps in a public, private or hybrid cloud scenario, it doesn't really matter. What matters? Breaking the downward spiral of delays, breaks and fixes, firefighting, politics and finger pointing. None of these activities increases code output or the overall competitiveness of the business. However, implementing dynamic controls across the SDLC through cloud-based DevOps will provide enterprises with the ‘brakes' they need to catapult their ‘race car' faster to the finish line, delivering in the process IT-driven business benefits in the form of advanced agility and competitiveness.

More Stories By Shawn Douglass

Shawn Douglass has been a cloud visionary and key contributor to the emerging enterprise cloud operating model for over a decade. Mr. Douglass is responsible for the strategy and vision of the Agility Platform and contributing to IT transformation at Global 2000 enterprises.

Prior to ServiceMesh he was managing director at EMC Ventures where he drove strategic investments in cloud, security, big data/analytics, and disruptive technology and business models.

He has served on the Board of Directors and as Chairman of the Technical Steering Committee for the Enterprise Grid Alliance (EGA), and on the Board of Directors at Joyent, a high-performance cloud infrastructure provider. He is also a winner of the Always On 2012 Power Players in the Cloud award. Mr. Douglass is a graduate of Harvard Business School.

@ThingsExpo Stories
What are the new priorities for the connected business? First: businesses need to think differently about the types of connections they will need to make – these span well beyond the traditional app to app into more modern forms of integration including SaaS integrations, mobile integrations, APIs, device integration and Big Data integration. It’s important these are unified together vs. doing them all piecemeal. Second, these types of connections need to be simple to design, adapt and configure...
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
SYS-CON Events announced today that CDS Global Cloud, an Infrastructure as a Service provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. CDS Global Cloud is an IaaS (Infrastructure as a Service) provider specializing in solutions for e-commerce, internet gaming, online education and other internet applications. With a growing number of data centers and network points around the world, ...
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Bradley Holt, Developer Advocate a...
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2016 Silicon Valley. The 6thInternet of @ThingsExpo will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Big Data has been changing the world. IoT fuels the further transformation recently. How are Big Data and IoT related? In his session at @BigDataExpo, Tony Shan, a renowned visionary and thought leader, will explore the interplay of Big Data and IoT. He will anatomize Big Data and IoT separately in terms of what, which, why, where, when, who, how and how much. He will then analyze the relationship between IoT and Big Data, specifically the drilldown of how the 4Vs of Big Data (Volume, Variety,...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus...
Technology vendors and analysts are eager to paint a rosy picture of how wonderful IoT is and why your deployment will be great with the use of their products and services. While it is easy to showcase successful IoT solutions, identifying IoT systems that missed the mark or failed can often provide more in the way of key lessons learned. In his session at @ThingsExpo, Peter Vanderminden, Principal Industry Analyst for IoT & Digital Supply Chain to Flatiron Strategies, will focus on how IoT de...
Ask someone to architect an Internet of Things (IoT) solution and you are guaranteed to see a reference to the cloud. This would lead you to believe that IoT requires the cloud to exist. However, there are many IoT use cases where the cloud is not feasible or desirable. In his session at @ThingsExpo, Dave McCarthy, Director of Products at Bsquare Corporation, will discuss the strategies that exist to extend intelligence directly to IoT devices and sensors, freeing them from the constraints of ...
One of biggest questions about Big Data is “How do we harness all that information for business use quickly and effectively?” Geographic Information Systems (GIS) or spatial technology is about more than making maps, but adding critical context and meaning to data of all types, coming from all different channels – even sensors. In his session at @ThingsExpo, William (Bill) Meehan, director of utility solutions for Esri, will take a closer look at the current state of spatial technology and ar...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
Complete Internet of Things (IoT) embedded device security is not just about the device but involves the entire product’s identity, data and control integrity, and services traversing the cloud. A device can no longer be looked at as an island; it is a part of a system. In fact, given the cross-domain interactions enabled by IoT it could be a part of many systems. Also, depending on where the device is deployed, for example, in the office building versus a factory floor or oil field, security ha...
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, will discuss recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model f...
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Big Data at Cloud Expo - to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm ...