The DevOps-Price of Segregation of Duties.

Segregation of duties will change because it must change. It has a tremendous impact on our motivation, time to market and IT Security. It influences many parts of an organization. Most organizations have started with DevOps, Continuous Delivery and Continuous Deployment and it is only natural to think about segregation of duties at one point and how we deal with it today. Today, it costs us a fortune that we’re not willing to pay in the near future. And why should we? ...

Read More →

Continuous Testing: What exactly is it?

The aptly named DevOps practice of Continuous Testing synchronizes Testing/QA with Dev and Ops processes optimized to achieve business and development goals. A few years ago when Agile was all the rage, lightning-fast Dev sprints left the Ops and QA personnel playing catch-up due to inadequate and sluggish testing practices with minimal coverage across frequent builds. The widespread culture of Agile development has accelerated development while software testing still lags behind, forcing organizations to cut corners in QA or slow down Dev processes entirely. Instead of speeding up the conveyor belt beyond control or slowing down development to kill efficiencies, Continuous Testing in DevOps encourages a systematic approach toward process improvement. Continuous Testing goes beyond automation and encompasses all practices — including tooling and cultural change — that help mitigate risks before progressing to subsequent Software Development Lifecycle stages. Continuous testing and Automation The approach to Continuous Testing can vary ...

Read More →

DevOps Leadership Series: Security at Velocity

If it does not fit, it does not get done.  For many DevOps practices, application security falls into the “does not get done” bucket.  That’s because for many DevOps-centric organizations, application security has historically been done somewhere else, by someone else, who is slow. Go faster.  Shift left.  Remove complexity. Reduce rework.  All mantras of DevOps practices.  And while DevOps practices have changed dramatically in recent years, many experts will tell you that application security has not changed enough. In this installment of the DevOps Leadership Series, you will hear Chris Corriere (DevOps Engineer, Autotrader) and Mitchell Ashley (VP Information Technology, CableLabs) share perspectives on the state of DevOps and security. It is about security at velocity. But is going faster and automating resulting in better security? There are still security pros who are uncomfortable with that premise. Nevertheless, that is where this is headed. The security community has to ...

Read More →

API Discovery and Search with APIs.JSON

If that sounds vaguely like UDDI (which dealt with discovery and search of WSDL then you’re on the right track. Glue is this week, and preceding the conference was the 2015 API Strategy and Practice Tech Un-Workshops. One of the lightning talks (and they were lightning fast, let me tell you) was all about APIs.JSON – a relatively new collaborative effort between Kin Lane, API Evangelist, and Steven Willmott and Nicolas Grenie of 3scale networks, The effort – which you can dig into at apisjson.org – is an attempt to provide a more formal and standardized definition of APIs designed for “public deployment and consumption by automated software agents (robots)”.  In a nutshell, automated agents (and people, too, if you like reading machine-consumable metadata) can access a meta description of the APIs available for an organization at a known (standardized) URI such as http://company.com/apis.json. It’s not quite a WSDL for JSON, as ...

Read More →

Swim in the DevOps pool or drown in security problems

There has been a significant shift recently in security. Most security vendors and organizations recognize that the traditional model of keeping the bad guys out by detecting malicious exploits is flawed at best. The reality is that the bad guys are already inside the network using authorized credentials to bypass security controls and exfiltrate sensitive data. That sounds ominous but the silver lining is that DevOps changes the game and shifts the advantage back to the good guys. There was a time when the traditional model made sense. The attack techniques used and the motivations behind the attacks were different. In recent years, however, the line between inside and outside attacks has been blurred beyond recognition. There have been some high-profile insider attacks like Bradley Manning and Edward Snowden, but the reality is that most of the “outside” attacks were perpetrated using stolen or compromised credentials. In other words there ...

Read More →

4 Ways DevOps Teams Create Value.

Sven Malvik – I’ve written thousand of lines of code based on lies, lies I hoped were the truth. The truth is that we make false assumptions. Assumptions that kill our business. I’ve built software that was too expensive, I’ve built software nobody wanted, and I’ve built software that never saw the light. If you are like any other developer you probably have lied too. But it doesn’t matter. What matters is the application we haven’t built yet and that we will build based on the truth. We need the truth to create value and to survive. This article will show you 4 ways of how DevOps teams create value. ...

Read More →

The Heavy Cost and Burden of Shrink Wrapped DevOps

I’ve worked in the enterprise software game for quite a few decades now and for most part it’s been a good gig. Ok, there’ve been a few road bumps that beset anyone working in this oh so fickle and volatile business, but what really keeps me motoring isn’t the software at all – it’s the joy that comes from helping folks learn and grow – even in the midst of all the crap, chaos and confusion that surrounds us. Paradoxically and sadly, most of this “triple-C” burden comes from over hyping and sensationalizing the real IT goodness. Goodness in the shape of best practices that can help us grow both at an individual level, and in context of supporting team, departmental and business goals. DevOps is a classic example. Here we have a set of principles and guidance to facilitate better communication across an often fractured IT function. All simple ...

Read More →

DevOps and Bi-Modal IT

Can a business have two competing approaches to delivery and operations of their information infrastructure and be successful? If you follow Gartner recommendations, it would seem that bi-modal IT is the way to go. Bi-modal IT has been explained many different ways, but, ultimately, comes down a failure in leadership; allowing a subset of IT to continue to operate in an non-optimal way because it’s too expensive and difficult to transform. This results in formation of a secondary subset of IT leveraging emerging trends that have demonstrated results to deliver modern information infrastructure faster with reliability. If we examine from the 50,000 foot view, bi-modal IT actually makes a lot of sense. Disruptions are happening everywhere and businesses need to respond quickly. For many of these businesses IT can barely keep the core systems afloat let alone bear the burden for handling creative exploitation of massive data growth, enhanced customer ...

Read More →

The Great Legacy Code Crisis Of 2016

Over the next few years, I believe that legacy software is going to become a key factor which will start impacting organisations in fundamental ways, having a sudden and significant impact on their profitability. Those constrained by legacy platforms will be operating with a ball and chain, holding back their ability to get new features to market, to iterate, and to innovate with software. Those unconstrained will be able to fly by taking advantage of modern tooling and approaches, and quickly grab market share from an increasingly fickle consumer base. These modern approaches to software delivery such as DevOps, Continuous Delivery, cloud, containers, infrastructure automation and polyglot MicroServices are exponentially better approaches than last generation technology. Those who are working on these modern platforms can move so quickly in comparison to more traditional enterprise environments that people working on older platforms don’t stand a chance. It’s at least a 5-10x ...

Read More →

Social Skills for DevOps: Whose responsibility?

In his post “DevOps developers; don´t be a DevGoof” on devops.com Parker Yates pointed out, that developers have to become more social. Devs should better realize that they need to become a normal part of the business social structure. That is really true and extremely necessary to make DevOps more efficient. But is this the whole truth? And who is responsible for the social structures and the relationships? First let´s have a look at the devs. For me as a consultant working with people from IT I always get the impression that developers are creating a cult in being a “nerd”. They use being “nerds” as an excuse for not being compatible with the “others”! To be honest, this is a very cheap way of remaining within their own comfort zones! But perhaps we should take some time to ask for the “why?”! Developers are human beings, too. As is ...

Read More →