Security and DevOps showdown

George Hulme’s article on proceeding with caution on DevOps implementation offers some advice from a few well known security experts. Article here     vs. Alan Shimel says today’s speed of business isn’t compatible with :go slow”. Security people have to understand that DevOps is our last best hope. But in order to have DevOps help us to security nirvana we need to change how we interact with the rest of our IT teams. Article here ...

Read More →

DevOps: Security’s last best hope

Help us Obi Wan! The fact is that DevOps is security’s last best hope. The sooner the security industry realizes it the better it will be for everyone. I read George Hulme’s story today about proceeding with caution and going slow with DevOps. Of course it was no surprise to me that those cautioning to go slow were my fellow security industry professionals. What else do you expect, after all we are the “people who say no”.  At least the three folks George interviewed didn’t flat out say no to DevOps. They just advised caution.  The fact is that DevOps is security’s last best hope. The sooner the security industry realizes it,  the better it will be for everyone. Let’s be honest. The security industry for the most part has not been a stunning success in keeping our data, apps and infrastructure safe and secure. Some may even say it ...

Read More →

DevOps: Caution Ahead

Despite the continued adoption of enterprise DevOps practices, some organizations, especially those in highly-regulated industries remain cautious about moving forward too quickly. “There’s no doubt that DevOps brings benefits for some organizations,” says Martin Fisher, director of information security at Atlanta-based WellStar Health System. “However, many pushing for DevOps underestimate the amount of technological and cultural change that is necessary to overcome before moving ahead to boldly, especially among those in security and regulatory compliance roles that are concerned with securing and auditing processes they see as they’re potentially losing control over,” Fisher says. “You can’t audit and secure what you can’t control,” he says. Eric Cowperthwaite, former chief information security officer at Providence Health and Services agrees. “There are some who want to move too fast. In many organizations the culture just isn’t yet there, especially where they are used to very rigid quality assurance and audit controls,” says ...

Read More →

DevOps developers; don’t be a DevGoof

There was a lot of brush back last week over Jeff Knupp’s post about how DevOps is killing the developer. Frankly I wasn’t shocked by Knupp’s opinion that developers “are the dentists in the dental office”. In my 30+ years of involvement in the IT industry my experience is that developers often think of themselves as the only smart person in the room. Often times that is the reason they are are the only person in the room, lol. The fact is many developers relate better to code than to people. For me all this talk about DevOps killing the developer is akin to saying power steering killed the driver. Just because you can do more with new technology, does not mean one dies, one just has to pivot and in this case become business social. Now the sociable part may be the problem. Sometimes I feel that DevOps is ...

Read More →

Merging creation with operations: facilitated collaboration enables continuous delivery

So much has been written lately about the challenge of improving IT agility in the enterprise. The best sources of insight on why this challenge is so difficult are the CIOs, application owners, ecommerce and release engineering executives, and VPs of I&O, grappling to change their organizations right now. At a conference I attended recently, I met two Fortune 100 IT executives from the same company: one the head of development and the other operations. Their story is emblematic of just how hard this is in the real world. As interesting background, both the development and operations leaders were childhood best friends, participated in each others’ weddings, and spend time together socially on an almost weekly basis – but by their own admission, even they couldn’t get effective collaboration and communication to work between their two organizations. The lesson learned from this example is that the DevOps collaboration and communication ...

Read More →

Technology’s effect on religion

Today being Good Friday, with Easter being Sunday and in the midst of Passover; it is a time for reflection. Instead of thinking about DevOps, today I ponder life and religion. What comes to mind is the future of religion in these technological times. The number of Americans with a religious affiliation continues to decline, less and less of us make an appearance at a Synagogue, Church or any house of worship for that matter. In my childhood we would at the very least make an appearance a few holidays a year, notably at the annual pancake breakfast. From the calculator to the computer, from mobile devices and the Internet, advances in technology are creating monumental changes in our lives and in turn the way religion is practiced.  The universal acceptance of mobile devices, like the iPhone and iPad, is provoking a profound social change. The dependence on these devices ...

Read More →

DevOps adoption can succeed where ITIL failed, if we let it

When I look at the future of DevOps adoption and acceleration I contrast it with what I feel was the failure of ITIL to really move beyond large enterprise IT shops. I am of the firm belief that DevOps has the legs to succeed and soar where ITIL sort of crashed and burned. OK if not crashed and burned, at least sputtered out. To understand why I feel this way, let me share a little personal history with you. ITIL demands you to come to IT I remember my first ITIL project. I was working at a large retailer and I was asked to help our IT department understand what this ITIL thing was and to help drive adoption of some of ITIL’s basic concepts. First on the list was to get a service catalog up and running. In the space of just a few weeks, I realized the main ...

Read More →

Programmability in the Network: Stop a Bleeding Heart…

It is not often the case that a security vulnerability can get the entire Internet talking. And not just the security community on the Internet, but everyone. End-users and IT alike are looking for answers and trying to mitigate Heartbleed. It has its own web site and logo. It’s that big of a deal. Many service providers have already patched their systems, but there are a whole lot of sites on the Internet and it’s estimated that a significant number of them are vulnerable. Netcraft notes that Heartbleed, based on OpenSSL, “affects around 17% of SSL web servers which use certificates issued by trusted certificate authorities.”  One of the most trusted sources of data regarding web server software in use today, Netcraft’s “most recent SSL Survey found that the heartbeat extension was enabled on 17.5% of SSL sites, accounting for around half a million certificates issued by trusted certificate authorities.” But it’s not ...

Read More →

Automation versus Orchestration

Yes, Virginia, there is a difference. One of the things devops practitioners are tasked with is the provisioning and configuration of all sorts of infrastructure.  Application servers, web servers, load balancers, proxies and database servers are among the lengthy (and no doubt growing) list of “boxes” devops needs to get up and running to support just about any given application today. One of the key value propositions of a devops approach to operations is that it can reduce the time it takes to get applications to market by getting them up and running in production faster. That’s increasingly important as we move into the Era of Things, driven by extreme connectivity of everything, because all those “things” need are going to need to be talking to applications on the back side. So speed is of the essence, but not at the cost of accuracy. We’re encouraged, then, to automate tasks ...

Read More →

DevOps Needs a Tsunami To Jump The Chasm

All start up business endeavors must go through the phase of crossing the chasm.  Most of those business endeavors usually fall prey to the chasm. The chasm is this black hole that everyone claims to understand but no one truly does. We have all seen businesses cross the chasm or fail to cross the chasm and fall into the black hole. But no one seems to understand why and how that crossing happens. The bestselling book by Geoffrey A. Moore titled “Crossing the Chasm,” is all about the heart and soul required to get early stage technology across the chasm, from early adopters to mainstream customers. There is a big difference between people who are enthusiastic to try leading edge technologies and the rest of the inhabitants, who tend to be much more conservative. The reasons that people spend time trying to figure out how to cross or jump, if ...

Read More →
Directory powered by Business Directory Plugin