Click here to close now.




















Welcome!

Cloud Security Authors: Mark Carrizosa, Liz McMillan, Ian Khan, Cloud Best Practices Network, Tim Hinds

Related Topics: @CloudExpo, Microservices Expo, Agile Computing, Cloud Security, Government Cloud, @BigDataExpo

@CloudExpo: Article

You Got Your Governance in My DevOps

Why cloud-based DevOps and governance shouldn’t be mutually exclusive

Forward-thinking organizations realize that accelerating the speed with which they can deliver new applications and services is critical in making their enterprise more agile - and by extension delivering critical business competitiveness. In order to do so, they must break the cycle that holds many IT organizations captive. In many cases, development bemoans central IT for delays in provisioning development platforms, IT begrudges the Security and Audit teams for the processes and procedures that help create these delays, and these teams are in turn frustrated by the lack of compliance that results in unnecessary audit findings.  In the process, Development is often seen as throwing the proverbial pig over the wall - sometimes with more lipstick than other times. When you add to this mix a healthy dose of firefighting and pressure from business units to innovate faster, it's easy to see how this can become a downward spiral for organizations.

We've all heard the old saying that brakes on a race car actually allow it to go faster. And in much the same way, governance helps accelerate DevOps initiatives. Unleashing DevOps at scale can be a recipe for unbridled innovation, enabling IT to be at the helm of business success. Without governance, however, IT risks continuing the same pattern of distrust between Dev, IT and Security that keeps innovation at bay and politics at the forefront.

Enter Cloud-Based Dev Ops
While analysts indicate that DevOps can be a wholesale restructuring of the IT organization, leveraging the cloud is an opportunity to develop a long-term strategy that creates a virtuous cycle between Dev, IT and Security by automating and governing key aspects of the Dev-to-Ops lifecycle. With the ability to provision platforms on demand, embed standard operating environments upstream for earlier dev and test use, automate application and service configuration, and manage security and operational SLAs across each role in the SDLC, cloud-based DevOps enables IT to respond faster to business and market demands.

Inserting governance into the DevOps process across each of these cloud-based capabilities allows Dev to produce more code and conduct less rework; central IT sees fewer severity one outages, resulting in fewer fire fights; and Security and Audit teams are assured that policies are appropriately applied across each stage of the application lifecycle.  Here are three key areas where DevOps within a cloud environment can help speed up innovation:

1. Provision platforms on demand.
On-demand, self-service is the promise of cloud computing and it should begin with the development team.  With more workloads in Development and Test environments than any other part of the business, it makes a great deal of sense that development teams should be the prime beneficiary of this computing model.  While this change alone can speed the deployment of development-ready platforms from weeks to hours or minutes, the greater benefit is that development can be assured they are working with pre-defined production-like environments with security and governance controls already applied. With no need to configure application stacks or concern themselves with underlying infrastructure and platforms, development can begin coding sooner and spend more time with the code itself, not supporting extraneous details.

2. Govern and Control Common Application Platforms.
Forward-thinking organizations embed governed standard operating environments upstream for dev and test use early on.  By integrating governance at this stage, central IT can be sure that Development output will meet compliance, geographical and other business constraints.

Policies can be applied that govern the usage of standardized application platforms and environments. In fact, policies can be quite fine-grained, meeting specific internal and external security, audit and governance requirements. For example, policies to control access rights, deployment decisions, security zones, or resource limits should all be considered and applied as appropriate across the Software Development Lifecycle (SDLC).

3. Safely Promote Software.
Governance embedded in a cloud-based DevOps model allows teams to automate release management. These teams leverage their organization's existing approval processes supported by automatic provisioning of application deployment environments. By streamlining across the development-to-operations lifecycle, teams are able to keep pace with faster change by automating and standardizing tasks that are manually configured today, creating less room for ‘fat finger' errors and the resultant problem resolution.

By standardizing on - and applying governance to - control points across the application lifecycle, IT is able to increase the speed and frequency of software releases without sacrificing the quality and reliability of software in production. Whether an organization is looking to build and leverage cloud-based DevOps in a public, private or hybrid cloud scenario, it doesn't really matter. What matters? Breaking the downward spiral of delays, breaks and fixes, firefighting, politics and finger pointing. None of these activities increases code output or the overall competitiveness of the business. However, implementing dynamic controls across the SDLC through cloud-based DevOps will provide enterprises with the ‘brakes' they need to catapult their ‘race car' faster to the finish line, delivering in the process IT-driven business benefits in the form of advanced agility and competitiveness.

More Stories By Shawn Douglass

Shawn Douglass has been a cloud visionary and key contributor to the emerging enterprise cloud operating model for over a decade. Mr. Douglass is responsible for the strategy and vision of the Agility Platform and contributing to IT transformation at Global 2000 enterprises.

Prior to ServiceMesh he was managing director at EMC Ventures where he drove strategic investments in cloud, security, big data/analytics, and disruptive technology and business models.

He has served on the Board of Directors and as Chairman of the Technical Steering Committee for the Enterprise Grid Alliance (EGA), and on the Board of Directors at Joyent, a high-performance cloud infrastructure provider. He is also a winner of the Always On 2012 Power Players in the Cloud award. Mr. Douglass is a graduate of Harvard Business School.

@ThingsExpo Stories
With the Apple Watch making its way onto wrists all over the world, it’s only a matter of time before it becomes a staple in the workplace. In fact, Forrester reported that 68 percent of technology and business decision-makers characterize wearables as a top priority for 2015. Recognizing their business value early on, FinancialForce.com was the first to bring ERP to wearables, helping streamline communication across front and back office functions. In his session at @ThingsExpo, Kevin Roberts, GM of Platform at FinancialForce.com, will discuss the value of business applications on wearable ...
With the proliferation of connected devices underpinning new Internet of Things systems, Brandon Schulz, Director of Luxoft IoT – Retail, will be looking at the transformation of the retail customer experience in brick and mortar stores in his session at @ThingsExpo. Questions he will address include: Will beacons drop to the wayside like QR codes, or be a proximity-based profit driver? How will the customer experience change in stores of all types when everything can be instrumented and analyzed? As an area of investment, how might a retail company move towards an innovation methodolo...
The Internet of Things (IoT) is about the digitization of physical assets including sensors, devices, machines, gateways, and the network. It creates possibilities for significant value creation and new revenue generating business models via data democratization and ubiquitous analytics across IoT networks. The explosion of data in all forms in IoT requires a more robust and broader lens in order to enable smarter timely actions and better outcomes. Business operations become the key driver of IoT applications and projects. Business operations, IT, and data scientists need advanced analytics t...
While many app developers are comfortable building apps for the smartphone, there is a whole new world out there. In his session at @ThingsExpo, Narayan Sainaney, Co-founder and CTO of Mojio, will discuss how the business case for connected car apps is growing and, with open platform companies having already done the heavy lifting, there really is no barrier to entry.
Contrary to mainstream media attention, the multiple possibilities of how consumer IoT will transform our everyday lives aren’t the only angle of this headline-gaining trend. There’s a huge opportunity for “industrial IoT” and “Smart Cities” to impact the world in the same capacity – especially during critical situations. For example, a community water dam that needs to release water can leverage embedded critical communications logic to alert the appropriate individuals, on the right device, as soon as they are needed to take action.
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
SYS-CON Events announced today that Micron Technology, Inc., a global leader in advanced semiconductor systems, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Micron’s broad portfolio of high-performance memory technologies – including DRAM, NAND and NOR Flash – is the basis for solid state drives, modules, multichip packages and other system solutions. Backed by more than 35 years of technology leadership, Micron's memory solutions enable the world's most innovative computing, consumer,...
As more intelligent IoT applications shift into gear, they’re merging into the ever-increasing traffic flow of the Internet. It won’t be long before we experience bottlenecks, as IoT traffic peaks during rush hours. Organizations that are unprepared will find themselves by the side of the road unable to cross back into the fast lane. As billions of new devices begin to communicate and exchange data – will your infrastructure be scalable enough to handle this new interconnected world?
Through WebRTC, audio and video communications are being embedded more easily than ever into applications, helping carriers, enterprises and independent software vendors deliver greater functionality to their end users. With today’s business world increasingly focused on outcomes, users’ growing calls for ease of use, and businesses craving smarter, tighter integration, what’s the next step in delivering a richer, more immersive experience? That richer, more fully integrated experience comes about through a Communications Platform as a Service which allows for messaging, screen sharing, video...
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies leverage disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advanced analytics, and DevOps to advance innovation and increase agility. Specializing in designing, imple...
In his session at @ThingsExpo, Lee Williams, a producer of the first smartphones and tablets, will talk about how he is now applying his experience in mobile technology to the design and development of the next generation of Environmental and Sustainability Services at ETwater. He will explain how M2M controllers work through wirelessly connected remote controls; and specifically delve into a retrofit option that reverse-engineers control codes of existing conventional controller systems so they don't have to be replaced and are instantly converted to become smart, connected devices.
SYS-CON Events announced today that IceWarp will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IceWarp, the leader of cloud and on-premise messaging, delivers secured email, chat, documents, conferencing and collaboration to today's mobile workforce, all in one unified interface
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome,” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Consumer IoT applications provide data about the user that just doesn’t exist in traditional PC or mobile web applications. This rich data, or “context,” enables the highly personalized consumer experiences that characterize many consumer IoT apps. This same data is also providing brands with unprecedented insight into how their connected products are being used, while, at the same time, powering highly targeted engagement and marketing opportunities. In his session at @ThingsExpo, Nathan Treloar, President and COO of Bebaio, will explore examples of brands transforming their businesses by t...
As more and more data is generated from a variety of connected devices, the need to get insights from this data and predict future behavior and trends is increasingly essential for businesses. Real-time stream processing is needed in a variety of different industries such as Manufacturing, Oil and Gas, Automobile, Finance, Online Retail, Smart Grids, and Healthcare. Azure Stream Analytics is a fully managed distributed stream computation service that provides low latency, scalable processing of streaming data in the cloud with an enterprise grade SLA. It features built-in integration with Azur...
Akana has announced the availability of the new Akana Healthcare Solution. The API-driven solution helps healthcare organizations accelerate their transition to being secure, digitally interoperable businesses. It leverages the Health Level Seven International Fast Healthcare Interoperability Resources (HL7 FHIR) standard to enable broader business use of medical data. Akana developed the Healthcare Solution in response to healthcare businesses that want to increase electronic, multi-device access to health records while reducing operating costs and complying with government regulations.
For IoT to grow as quickly as analyst firms’ project, a lot is going to fall on developers to quickly bring applications to market. But the lack of a standard development platform threatens to slow growth and make application development more time consuming and costly, much like we’ve seen in the mobile space. In his session at @ThingsExpo, Mike Weiner, Product Manager of the Omega DevCloud with KORE Telematics Inc., discussed the evolving requirements for developers as IoT matures and conducted a live demonstration of how quickly application development can happen when the need to comply wit...
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities.
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Architect for the Internet of Things and Intelligent Systems, described how to revolutionize your archit...