Welcome!

Security Authors: Rick Delgado, John Grady, Carmen Gonzalez, Colin Lacey, Roger Strukhoff

Related Topics: Cloud Expo, SOA & WOA, Web 2.0, Security, GovIT, Big Data Journal

Cloud Expo: Article

You Got Your Governance in My DevOps

Why cloud-based DevOps and governance shouldn’t be mutually exclusive

Forward-thinking organizations realize that accelerating the speed with which they can deliver new applications and services is critical in making their enterprise more agile - and by extension delivering critical business competitiveness. In order to do so, they must break the cycle that holds many IT organizations captive. In many cases, development bemoans central IT for delays in provisioning development platforms, IT begrudges the Security and Audit teams for the processes and procedures that help create these delays, and these teams are in turn frustrated by the lack of compliance that results in unnecessary audit findings.  In the process, Development is often seen as throwing the proverbial pig over the wall - sometimes with more lipstick than other times. When you add to this mix a healthy dose of firefighting and pressure from business units to innovate faster, it's easy to see how this can become a downward spiral for organizations.

We've all heard the old saying that brakes on a race car actually allow it to go faster. And in much the same way, governance helps accelerate DevOps initiatives. Unleashing DevOps at scale can be a recipe for unbridled innovation, enabling IT to be at the helm of business success. Without governance, however, IT risks continuing the same pattern of distrust between Dev, IT and Security that keeps innovation at bay and politics at the forefront.

Enter Cloud-Based Dev Ops
While analysts indicate that DevOps can be a wholesale restructuring of the IT organization, leveraging the cloud is an opportunity to develop a long-term strategy that creates a virtuous cycle between Dev, IT and Security by automating and governing key aspects of the Dev-to-Ops lifecycle. With the ability to provision platforms on demand, embed standard operating environments upstream for earlier dev and test use, automate application and service configuration, and manage security and operational SLAs across each role in the SDLC, cloud-based DevOps enables IT to respond faster to business and market demands.

Inserting governance into the DevOps process across each of these cloud-based capabilities allows Dev to produce more code and conduct less rework; central IT sees fewer severity one outages, resulting in fewer fire fights; and Security and Audit teams are assured that policies are appropriately applied across each stage of the application lifecycle.  Here are three key areas where DevOps within a cloud environment can help speed up innovation:

1. Provision platforms on demand.
On-demand, self-service is the promise of cloud computing and it should begin with the development team.  With more workloads in Development and Test environments than any other part of the business, it makes a great deal of sense that development teams should be the prime beneficiary of this computing model.  While this change alone can speed the deployment of development-ready platforms from weeks to hours or minutes, the greater benefit is that development can be assured they are working with pre-defined production-like environments with security and governance controls already applied. With no need to configure application stacks or concern themselves with underlying infrastructure and platforms, development can begin coding sooner and spend more time with the code itself, not supporting extraneous details.

2. Govern and Control Common Application Platforms.
Forward-thinking organizations embed governed standard operating environments upstream for dev and test use early on.  By integrating governance at this stage, central IT can be sure that Development output will meet compliance, geographical and other business constraints.

Policies can be applied that govern the usage of standardized application platforms and environments. In fact, policies can be quite fine-grained, meeting specific internal and external security, audit and governance requirements. For example, policies to control access rights, deployment decisions, security zones, or resource limits should all be considered and applied as appropriate across the Software Development Lifecycle (SDLC).

3. Safely Promote Software.
Governance embedded in a cloud-based DevOps model allows teams to automate release management. These teams leverage their organization's existing approval processes supported by automatic provisioning of application deployment environments. By streamlining across the development-to-operations lifecycle, teams are able to keep pace with faster change by automating and standardizing tasks that are manually configured today, creating less room for ‘fat finger' errors and the resultant problem resolution.

By standardizing on - and applying governance to - control points across the application lifecycle, IT is able to increase the speed and frequency of software releases without sacrificing the quality and reliability of software in production. Whether an organization is looking to build and leverage cloud-based DevOps in a public, private or hybrid cloud scenario, it doesn't really matter. What matters? Breaking the downward spiral of delays, breaks and fixes, firefighting, politics and finger pointing. None of these activities increases code output or the overall competitiveness of the business. However, implementing dynamic controls across the SDLC through cloud-based DevOps will provide enterprises with the ‘brakes' they need to catapult their ‘race car' faster to the finish line, delivering in the process IT-driven business benefits in the form of advanced agility and competitiveness.

More Stories By Shawn Douglass

Shawn Douglass has been a cloud visionary and key contributor to the emerging enterprise cloud operating model for over a decade. Mr. Douglass is responsible for the strategy and vision of the Agility Platform and contributing to IT transformation at Global 2000 enterprises.

Prior to ServiceMesh he was managing director at EMC Ventures where he drove strategic investments in cloud, security, big data/analytics, and disruptive technology and business models.

He has served on the Board of Directors and as Chairman of the Technical Steering Committee for the Enterprise Grid Alliance (EGA), and on the Board of Directors at Joyent, a high-performance cloud infrastructure provider. He is also a winner of the Always On 2012 Power Players in the Cloud award. Mr. Douglass is a graduate of Harvard Business School.

@ThingsExpo Stories
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at Internet of @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, will discuss how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.
The Internet of Things (IoT) is going to require a new way of thinking and of developing software for speed, security and innovation. This requires IT leaders to balance business as usual while anticipating for the next market and technology trends. Cloud provides the right IT asset portfolio to help today’s IT leaders manage the old and prepare for the new. Today the cloud conversation is evolving from private and public to hybrid. This session will provide use cases and insights to reinforce the value of the network in helping organizations to maximize their company’s cloud experience.
SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named "Bronze Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Industry leaders like Pitney Bowes, Experian, AAA NCNU, VMware, HootSuite and many others choose Aria to power their recurring revenue business and deliver exceptional experiences to their customers.

SUNNYVALE, Calif., Oct. 20, 2014 /PRNewswire/ -- Spansion Inc. (NYSE: CODE), a global leader in embedded systems, today added 96 new products to the Spansion® FM4 Family of flexible microcontrollers (MCUs). Based on the ARM® Cortex®-M4F core, the new MCUs boast a 200 MHz operating frequency and support a diverse set of on-chip peripherals for enhanced human machine interfaces (HMIs) and machine-to-machine (M2M) communications. The rich set of periphera...

The Internet of Things (IoT) is making everything it touches smarter – smart devices, smart cars and smart cities. And lucky us, we’re just beginning to reap the benefits as we work toward a networked society. However, this technology-driven innovation is impacting more than just individuals. The IoT has an environmental impact as well, which brings us to the theme of this month’s #IoTuesday Twitter chat. The ability to remove inefficiencies through connected objects is driving change throughout every sector, including waste management. BigBelly Solar, located just outside of Boston, is trans...
SYS-CON Events announced today that Matrix.org has been named “Silver Sponsor” of Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Matrix is an ambitious new open standard for open, distributed, real-time communication over IP. It defines a new approach for interoperable Instant Messaging and VoIP based on pragmatic HTTP APIs and WebRTC, and provides open source reference implementations to showcase and bootstrap the new standard. Our focus is on simplicity, security, and supporting the fullest feature set.
Predicted by Gartner to add $1.9 trillion to the global economy by 2020, the Internet of Everything (IoE) is based on the idea that devices, systems and services will connect in simple, transparent ways, enabling seamless interactions among devices across brands and sectors. As this vision unfolds, it is clear that no single company can accomplish the level of interoperability required to support the horizontal aspects of the IoE. The AllSeen Alliance, announced in December 2013, was formed with the goal to advance IoE adoption and innovation in the connected home, healthcare, education, aut...
SYS-CON Events announced today that Red Hat, the world's leading provider of open source solutions, will exhibit at Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As the connective hub in a global network of enterprises, partners, a...
The only place to be June 9-11 is Cloud Expo & @ThingsExpo 2015 East at the Javits Center in New York City. Join us there as delegates from all over the world come to listen to and engage with speakers & sponsors from the leading Cloud Computing, IoT & Big Data companies. Cloud Expo & @ThingsExpo are the leading events covering the booming market of Cloud Computing, IoT & Big Data for the enterprise. Speakers from all over the world will be hand-picked for their ability to explore the economic strategies that utility/cloud computing provides. Whether public, private, or in a hybrid form, clo...
Software AG helps organizations transform into Digital Enterprises, so they can differentiate from competitors and better engage customers, partners and employees. Using the Software AG Suite, companies can close the gap between business and IT to create digital systems of differentiation that drive front-line agility. We offer four on-ramps to the Digital Enterprise: alignment through collaborative process analysis; transformation through portfolio management; agility through process automation and integration; and visibility through intelligent business operations and big data.
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
Be Among the First 100 to Attend & Receive a Smart Beacon. The Physical Web is an open web project within the Chrome team at Google. Scott Jenson leads a team that is working to leverage the scalability and openness of the web to talk to smart devices. The Physical Web uses bluetooth low energy beacons to broadcast an URL wirelessly using an open protocol. Nearby devices can find all URLs in the room, rank them and let the user pick one from a list. Each device is, in effect, a gateway to a web page. This unlocks entirely new use cases so devices can offer tiny bits of information or simple i...
Things are being built upon cloud foundations to transform organizations. This CEO Power Panel at 15th Cloud Expo, moderated by Roger Strukhoff, Cloud Expo and @ThingsExpo conference chair, will address the big issues involving these technologies and, more important, the results they will achieve. How important are public, private, and hybrid cloud to the enterprise? How does one define Big Data? And how is the IoT tying all this together?
The Internet of Things (IoT) is going to require a new way of thinking and of developing software for speed, security and innovation. This requires IT leaders to balance business as usual while anticipating for the next market and technology trends. Cloud provides the right IT asset portfolio to help today’s IT leaders manage the old and prepare for the new. Today the cloud conversation is evolving from private and public to hybrid. This session will provide use cases and insights to reinforce the value of the network in helping organizations to maximize their company’s cloud experience.
TechCrunch reported that "Berlin-based relayr, maker of the WunderBar, an Internet of Things (IoT) hardware dev kit which resembles a chunky chocolate bar, has closed a $2.3 million seed round, from unnamed U.S. and Switzerland-based investors. The startup had previously raised a €250,000 friend and family round, and had been on track to close a €500,000 seed earlier this year — but received a higher funding offer from a different set of investors, which is the $2.3M round it’s reporting."
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, data security and privacy.
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. Over the summer Gartner released its much anticipated annual Hype Cycle report and the big news is that Internet of Things has now replaced Big Data as the most hyped technology. Indeed, we're hearing more and more about this fascinating new technological paradigm. Every other IT news item seems to be about IoT and its implications on the future of digital busines...
Cultural, regulatory, environmental, political and economic (CREPE) conditions over the past decade are creating cross-industry solution spaces that require processes and technologies from both the Internet of Things (IoT), and Data Management and Analytics (DMA). These solution spaces are evolving into Sensor Analytics Ecosystems (SAE) that represent significant new opportunities for organizations of all types. Public Utilities throughout the world, providing electricity, natural gas and water, are pursuing SmartGrid initiatives that represent one of the more mature examples of SAE. We have s...
The Internet of Things needs an entirely new security model, or does it? Can we save some old and tested controls for the latest emerging and different technology environments? In his session at Internet of @ThingsExpo, Davi Ottenheimer, EMC Senior Director of Trust, will review hands-on lessons with IoT devices and reveal privacy options and a new risk balance you might not expect.
IoT is still a vague buzzword for many people. In his session at Internet of @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, will discuss the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. The presentation will also discuss how IoT is perceived by investors and how venture capitalist access this space. Other topics to discuss are barriers to success, what is new, what is old, and what the future may hold.