Welcome!

Microservices Expo Authors: Pat Romanski, Elizabeth White, Liz McMillan, Gopala Krishna Behara, Sridhar Chalasani

Related Topics: @CloudExpo, Microservices Expo, Agile Computing, Cloud Security, Government Cloud, @DXWorldExpo

@CloudExpo: Article

You Got Your Governance in My DevOps

Why cloud-based DevOps and governance shouldn’t be mutually exclusive

Forward-thinking organizations realize that accelerating the speed with which they can deliver new applications and services is critical in making their enterprise more agile - and by extension delivering critical business competitiveness. In order to do so, they must break the cycle that holds many IT organizations captive. In many cases, development bemoans central IT for delays in provisioning development platforms, IT begrudges the Security and Audit teams for the processes and procedures that help create these delays, and these teams are in turn frustrated by the lack of compliance that results in unnecessary audit findings.  In the process, Development is often seen as throwing the proverbial pig over the wall - sometimes with more lipstick than other times. When you add to this mix a healthy dose of firefighting and pressure from business units to innovate faster, it's easy to see how this can become a downward spiral for organizations.

We've all heard the old saying that brakes on a race car actually allow it to go faster. And in much the same way, governance helps accelerate DevOps initiatives. Unleashing DevOps at scale can be a recipe for unbridled innovation, enabling IT to be at the helm of business success. Without governance, however, IT risks continuing the same pattern of distrust between Dev, IT and Security that keeps innovation at bay and politics at the forefront.

Enter Cloud-Based Dev Ops
While analysts indicate that DevOps can be a wholesale restructuring of the IT organization, leveraging the cloud is an opportunity to develop a long-term strategy that creates a virtuous cycle between Dev, IT and Security by automating and governing key aspects of the Dev-to-Ops lifecycle. With the ability to provision platforms on demand, embed standard operating environments upstream for earlier dev and test use, automate application and service configuration, and manage security and operational SLAs across each role in the SDLC, cloud-based DevOps enables IT to respond faster to business and market demands.

Inserting governance into the DevOps process across each of these cloud-based capabilities allows Dev to produce more code and conduct less rework; central IT sees fewer severity one outages, resulting in fewer fire fights; and Security and Audit teams are assured that policies are appropriately applied across each stage of the application lifecycle.  Here are three key areas where DevOps within a cloud environment can help speed up innovation:

1. Provision platforms on demand.
On-demand, self-service is the promise of cloud computing and it should begin with the development team.  With more workloads in Development and Test environments than any other part of the business, it makes a great deal of sense that development teams should be the prime beneficiary of this computing model.  While this change alone can speed the deployment of development-ready platforms from weeks to hours or minutes, the greater benefit is that development can be assured they are working with pre-defined production-like environments with security and governance controls already applied. With no need to configure application stacks or concern themselves with underlying infrastructure and platforms, development can begin coding sooner and spend more time with the code itself, not supporting extraneous details.

2. Govern and Control Common Application Platforms.
Forward-thinking organizations embed governed standard operating environments upstream for dev and test use early on.  By integrating governance at this stage, central IT can be sure that Development output will meet compliance, geographical and other business constraints.

Policies can be applied that govern the usage of standardized application platforms and environments. In fact, policies can be quite fine-grained, meeting specific internal and external security, audit and governance requirements. For example, policies to control access rights, deployment decisions, security zones, or resource limits should all be considered and applied as appropriate across the Software Development Lifecycle (SDLC).

3. Safely Promote Software.
Governance embedded in a cloud-based DevOps model allows teams to automate release management. These teams leverage their organization's existing approval processes supported by automatic provisioning of application deployment environments. By streamlining across the development-to-operations lifecycle, teams are able to keep pace with faster change by automating and standardizing tasks that are manually configured today, creating less room for ‘fat finger' errors and the resultant problem resolution.

By standardizing on - and applying governance to - control points across the application lifecycle, IT is able to increase the speed and frequency of software releases without sacrificing the quality and reliability of software in production. Whether an organization is looking to build and leverage cloud-based DevOps in a public, private or hybrid cloud scenario, it doesn't really matter. What matters? Breaking the downward spiral of delays, breaks and fixes, firefighting, politics and finger pointing. None of these activities increases code output or the overall competitiveness of the business. However, implementing dynamic controls across the SDLC through cloud-based DevOps will provide enterprises with the ‘brakes' they need to catapult their ‘race car' faster to the finish line, delivering in the process IT-driven business benefits in the form of advanced agility and competitiveness.

More Stories By Shawn Douglass

Shawn Douglass has been a cloud visionary and key contributor to the emerging enterprise cloud operating model for over a decade. Mr. Douglass is responsible for the strategy and vision of the Agility Platform and contributing to IT transformation at Global 2000 enterprises.

Prior to ServiceMesh he was managing director at EMC Ventures where he drove strategic investments in cloud, security, big data/analytics, and disruptive technology and business models.

He has served on the Board of Directors and as Chairman of the Technical Steering Committee for the Enterprise Grid Alliance (EGA), and on the Board of Directors at Joyent, a high-performance cloud infrastructure provider. He is also a winner of the Always On 2012 Power Players in the Cloud award. Mr. Douglass is a graduate of Harvard Business School.

Microservices Articles
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, discussed how data centers of the future will be managed, how the p...
"Peak 10 is a hybrid infrastructure provider across the nation. We are in the thick of things when it comes to hybrid IT," explained , Chief Technology Officer at Peak 10, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
DevOps tends to focus on the relationship between Dev and Ops, putting an emphasis on the ops and application infrastructure. But that’s changing with microservices architectures. In her session at DevOps Summit, Lori MacVittie, Evangelist for F5 Networks, will focus on how microservices are changing the underlying architectures needed to scale, secure and deliver applications based on highly distributed (micro) services and why that means an expansion into “the network” for DevOps.
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes how...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.
As Enterprise business moves from Monoliths to Microservices, adoption and successful implementations of Microservices become more evident. The goal of Microservices is to improve software delivery speed and increase system safety as scale increases. Documenting hurdles and problems for the use of Microservices will help consultants, architects and specialists to avoid repeating the same mistakes and learn how and when to use (or not use) Microservices at the enterprise level. The circumstance w...
Containers, microservices and DevOps are all the rage lately. You can read about how great they are and how they’ll change your life and the industry everywhere. So naturally when we started a new company and were deciding how to architect our app, we went with microservices, containers and DevOps. About now you’re expecting a story of how everything went so smoothly, we’re now pushing out code ten times a day, but the reality is quite different.