SlideShare a Scribd company logo

Democratizing security

Sanjeev Sharma, profile picture
Sanjeev Sharma

This document discusses democratizing security as the next frontier for DevSecOps adoption in enterprises. It covers evolving delivery practices like Agile, DevOps, and SRE. Democratizing involves making capabilities self-service, granting permission to act with guardrails, and building trust. This includes democratizing infrastructure, software delivery, data, and security by making them technology agnostic, self-service, and including them in the DevSecOps toolchain to improve applications, platforms, processes, and culture. Security chaos engineering and value stream mapping are also discussed as ways to identify vulnerabilities and inefficiencies to continuously improve operational readiness and adoption.

Technology
Related topics:
Information Security
1 of 27
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
COPYRIGHT © 2020 ACCELERATED STRATEGIES GROUP, INC. ALL RIGHTS RESERVED. Democratizing Security - the next frontier for DevSecOps adoption in the Enterprise Sanjeev Sharma, Principal Analyst
• 20+ Years experience in Software Development and Delivery, Cloud Adoption and Data Modernization • Led the Data Modernization Practice at Delphix • Driving the definition of ‘DataOps’ for Application Delivery, and AI and Machine Learning • IBM Distinguished Engineer, and IBM’s 1st CTO for DevOps Adoption owning the DevOps practice • Chair of the Architecture Review Board for IBM’s response to the DoD’s JEDI RFP • Conference Keynote speaker, Blogger, Podcaster and Vlogger • Author of two bestseller books: • DevOps For Dummies: https://ibm.biz/BdsPMX • The DevOps Adoption Playbook: http://amzn.to/2hH7rt2 All about me - Sanjeev Sharma
1. Evolution of Delivery Practices 2. Democratization of Application Delivery 3. Security Chaos Engineering 4. Value Stream Mapping Agenda
Evolution of Delivery Practices
SRE Agile DevOps Develop right things right Deliver with speed Deliver with Reliability Evolving Application Delivery from Agile to DevOps
Continuous Integration Continuous Delivery Shift Left Test Shift Left Ops Culture Development SCM Build Package Repo Deploy Testing Staging Production FeedbackPlanning Manage DevOps in a Nutshell: 1. Improve the Application/System being delivered 2. Improve the platform on which it is delivered 3. Improve the processes by which it is being delivered 4. Improve the culture of the organization delivering it DevOps
Why DevSecOps? Security concerns and challenges are growing $57M Google GDPR Fine 4700 Breaches in 2018 11 Bn Records exposed 2018 Becoming a custodian of user data is becoming a differentiator You are not our product. Our products are iPhones and iPads. We treasure your data. We wanna help you keep it private and keep it safe. - Tim Cook, CEO, Apple
Democratization
1874 - Solid Wood 1947 - Laminated Wood 1968 – Steel Racquet 1993 – Graphite Racquet 2008 – Aerodynamic Racquet Democratization of Technology
1. Self-service 2. Permission to act 3. Guardrails 4. Trust Tenets of Democratizing of IT Services
DevOps: Democratizing the Application Delivery Pipeline Democratize Infrastructure Democratize Software Delivery Democratize Data Democratize Security Application Delivery Practitioners
Democratizing Infrastructure with Cloud Become Technology Stack Agnostic Self-service Provisioning and Configuration Infrastructure as Code (IaaC) Elastic Services for on-demand scale Role Based Access Control Democratize Infrastructure 1. Improve the platform 2. Improve the processes 3. Improve the culture
Democratizing Software Delivery with DevSecOps Become Technology Stack Agnostic Make DevSecOps capabilities Self Service Integrated end-to-end toolchain Automated Testing and Validation Include Security in the DevSecOps toolchain Democratize Software Delivery 1. Improve the Application/System 2. Improve the processes 3. Improve the culture
Democratizing Data Democratize Data Become Data Source Agnostic Make Data Available Self Service Manage Data Like Code Mitigate Data Privacy & Compliance Risks Include Data Management in the DevSecOps toolchain 1. Improve the Application/System 2. Improve the platform 3. Improve the processes 4. Improve the culture
Democratizing Security Become Technology Stack Agnostic Make Security* Self Service Manage Security* Like Code Automate Mitigation of Security & Compliance Risks Include Security* in the DevOps toolchain Democratize Security * Security Implementation, Validation and Enforcement 1. Secure the Application/System 2. Secure the platform 3. Secure the processes 4. Secure the culture
Business Initiatives: Create New Revenue Streams Improve Quality Accelerate Time to Market Comply with Regulations The Challenge : High Complexity High Cost Multiple Demands High Complexity - Multiple Technology stacks - On Premises and Cloud - Departmental Silos - Legacy, Cloud-native, SaaS applications and services - Open-source sprawl High Cost - Compliance & Governance Policies - Regulatory overhead - Audit and Compliance overhead - Cybersecurity threat preparedness Multiple Demands - Business: Innovation and Monetization - Developers: Continuous Delivery - Analytics Teams: Massive, diverse data sets - Security Teams: Lack of talent and technology expertise
Security Chaos Engineering
One way to make sure you can deal with a flat tire on the freeway, in the rain, in the middle of the night is to poke a hole in your tire once a week in your driveway on a Sunday afternoon and go through the drill of replacing it. Chaos Engineering
Antifragile: Things that are neither fragile or robust, but rather thrive in chaos. Achieving Antifragility
The Chaos is Real https://www.sophos.com/en-us/medialibrary/PDFs/Whitepaper/sophos-exposed-cyberattacks-on-cloud-honeypots-wp.pdf
Security Chaos Engineering Security Chaos Engineering is the discipline of instrumentation, identification, and remediation of failure within security controls through proactive experimentation to build confidence in the system's ability to defend against malicious conditions in production.
Security Chaos Engineering implementation 1. End-to-end Continuous Instrumentation 2. Continuous Readiness Assessment 3. Continuous Security Gap Analysis 4. Automation to identify, detect, and remediate security failures 5. Focus on vulnerability and failure identification 6. Continuous improvement of Operational Readiness
Value Stream Mapping
Idea/Feature/Bug Fix/ Enhancement Production Development Build QA SIT UAT Prod PMO Requirements/ Analyst Developer CustomersLine of Business Build Engineer QA Team Integration Tester User/Tester Operations Artifact Repository Deployment Engineer Release Management Code Repository Deploy Get Feedback Infrastructure as Code/ Cloud Patterns Feedback Customer or Customer Surrogate Data Tasks Artifacts Value Stream Mapping to Identify: • Waste • Wait-States • Rework Value Stream Mapping to Develop an Adoption Roadmap
• Review the current state o Business goals, IT goals, current initiatives o Requirements o Environments o Repositories o Data Sources/Architecture o Roles / Organization o Metrics o Other • Prioritize Waste, Wait states and Rework • Create a first pass at a roadmap to address inefficiencies Next Step: DevOps Value Stream Mapping Workshop
Sanjeev Sharma sanjeev@accelst.com @sd_architect http://sdarchitect.blog http://accelST.com Contact
KNOWLEDGE WANTS TO BE FREE COPYRIGHT © 2020 ACCELERATED STRATEGIES GROUP, INC. ALL RIGHTS RESERVED

More Related Content

PDF
My code, my environment, and yes, my data
Sanjeev Sharma
 
PDF
DeliverAgile2018 - from Apollo 13 to Google SRE
Sanjeev Sharma
 
PDF
The Muda, Mura and Muri of DevOps
Sanjeev Sharma
 
PDF
From Apollo 13 to Google SRE
Sanjeev Sharma
 
PDF
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Sanjeev Sharma
 
PDF
How NBCUniversal Adopted DevOps
Sanjeev Sharma
 
PDF
Security and DevOps - Managing Security in a DevOps Enterprise
Claudia Ring
 
PPTX
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Sanjeev Sharma
 
My code, my environment, and yes, my data
Sanjeev Sharma
 
DeliverAgile2018 - from Apollo 13 to Google SRE
Sanjeev Sharma
 
The Muda, Mura and Muri of DevOps
Sanjeev Sharma
 
From Apollo 13 to Google SRE
Sanjeev Sharma
 
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Sanjeev Sharma
 
How NBCUniversal Adopted DevOps
Sanjeev Sharma
 
Security and DevOps - Managing Security in a DevOps Enterprise
Claudia Ring
 
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Sanjeev Sharma
 

What's hot (20)

PDF
Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Claudia Ring
 
PDF
A DevOps adoption playbook- achieving business value at scale
Sanjeev Sharma
 
PDF
Mastering DevOps Automation: Webinar
Claudia Ring
 
PDF
DevOps in the Hybrid Cloud
Richard Irving
 
PDF
The Future of DevOps and UrbanCode
IBM UrbanCode Products
 
PDF
Bluemix DevOps Meetup
Kyle Brown
 
PPTX
Gartner EA Architecting for DevOps and Hybrid Cloud
Rosalind Radcliffe
 
PPTX
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Chris Haddad
 
PDF
DevOps Thinking for the Line of Business
Sanjeev Sharma
 
PDF
Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...
Michael Elder
 
PDF
Cloud Native Operations
Michael Mueller
 
PPTX
Troubleshooting App Health and Performance with PCF Metrics 1.2
VMware Tanzu
 
PPTX
Cloud With DevOps Enabling Rapid Business Development
Sam Garforth
 
PDF
Metrics That Matter: How to Measure Digital Transformation Success
XebiaLabs
 
PPTX
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
Siva Rama Krishna Chunduru
 
PDF
Continuous Delivery for cloud - scenarios and scope
Sanjeev Sharma
 
PDF
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
VMware Tanzu
 
PDF
Accelerating Time to Market
VMware Tanzu
 
PDF
IBM DevOps Workshops at IBM InterConnect 2017
IBM DevOps
 
PDF
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
VMware Tanzu
 
Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Claudia Ring
 
A DevOps adoption playbook- achieving business value at scale
Sanjeev Sharma
 
Mastering DevOps Automation: Webinar
Claudia Ring
 
DevOps in the Hybrid Cloud
Richard Irving
 
The Future of DevOps and UrbanCode
IBM UrbanCode Products
 
Bluemix DevOps Meetup
Kyle Brown
 
Gartner EA Architecting for DevOps and Hybrid Cloud
Rosalind Radcliffe
 
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Chris Haddad
 
DevOps Thinking for the Line of Business
Sanjeev Sharma
 
Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...
Michael Elder
 
Cloud Native Operations
Michael Mueller
 
Troubleshooting App Health and Performance with PCF Metrics 1.2
VMware Tanzu
 
Cloud With DevOps Enabling Rapid Business Development
Sam Garforth
 
Metrics That Matter: How to Measure Digital Transformation Success
XebiaLabs
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
Siva Rama Krishna Chunduru
 
Continuous Delivery for cloud - scenarios and scope
Sanjeev Sharma
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
VMware Tanzu
 
Accelerating Time to Market
VMware Tanzu
 
IBM DevOps Workshops at IBM InterConnect 2017
IBM DevOps
 
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
VMware Tanzu
 
Ad

Similar to Democratizing security (20)

PDF
The What, Why, and How of DevSecOps
Cprime
 
PPTX
Achieving Secure DevOps: Overcoming the Risks of Modern Service Delivery
Perforce
 
PDF
Introduction to DevOps slides.pdf
BoreVishnusai
 
PPTX
DevSecOps Story with added security controls
HareeshNani5
 
PPTX
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
 
PDF
Velocity Conference NYC 2014 - Real World DevOps
Rodrigo Campos
 
PDF
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Eryk Budi Pratama
 
PDF
The Rise of DevSecOps in CI_CD Workflows.pdf
your techdigest
 
PDF
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
DevOps.com
 
PPTX
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
PPTX
Data Agility for Enterprise DevOps Adoption
Delphix
 
PDF
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
PDF
Devops, Secops, Opsec, DevSec *ops *.* ?
Kris Buytaert
 
PPTX
Devsec ops
VipinYadav257
 
PPT
Applying DevOps for more reliable Public Sector Software Delivery
Sanjeev Sharma
 
PDF
2021-10-14 The Critical Role of Security in DevOps.pdf
Savinder Puri
 
PPTX
Introduction to DevSecOps
abhimanyubhogwan
 
PDF
IBM Innovate - Uderstanding DevOps
Sanjeev Sharma
 
PDF
DevSecOps - The big picture
Stefan Streichsbier
 
PDF
DevSecOps - The big picture
DevSecOpsSg
 
The What, Why, and How of DevSecOps
Cprime
 
Achieving Secure DevOps: Overcoming the Risks of Modern Service Delivery
Perforce
 
Introduction to DevOps slides.pdf
BoreVishnusai
 
DevSecOps Story with added security controls
HareeshNani5
 
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
 
Velocity Conference NYC 2014 - Real World DevOps
Rodrigo Campos
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Eryk Budi Pratama
 
The Rise of DevSecOps in CI_CD Workflows.pdf
your techdigest
 
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
DevOps.com
 
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
Data Agility for Enterprise DevOps Adoption
Delphix
 
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
Devops, Secops, Opsec, DevSec *ops *.* ?
Kris Buytaert
 
Devsec ops
VipinYadav257
 
Applying DevOps for more reliable Public Sector Software Delivery
Sanjeev Sharma
 
2021-10-14 The Critical Role of Security in DevOps.pdf
Savinder Puri
 
Introduction to DevSecOps
abhimanyubhogwan
 
IBM Innovate - Uderstanding DevOps
Sanjeev Sharma
 
DevSecOps - The big picture
Stefan Streichsbier
 
DevSecOps - The big picture
DevSecOpsSg
 
Ad

More from Sanjeev Sharma (18)

PDF
From DevOps to DevSecOps: 2 Dimensions of Security for DevOps
Sanjeev Sharma
 
PDF
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Sanjeev Sharma
 
PDF
IBM InterConnect 2016: Security for DevOps in an Enterprise
Sanjeev Sharma
 
PDF
DevOps adoption in the enterprise
Sanjeev Sharma
 
PDF
dev@InterConnect workshop - Lean and DevOps
Sanjeev Sharma
 
PPTX
OpenTechSummit InterConnect2015 DevOps
Sanjeev Sharma
 
PDF
DTS-1778 Understanding DevOps - IBM InterConnect Session
Sanjeev Sharma
 
PDF
Mobile to Mainframe - En-to-end transformation
Sanjeev Sharma
 
PDF
DevOps and Application Delivery for Hybrid Cloud - DevOpsSummit session
Sanjeev Sharma
 
PDF
Using Lean Thinking to identify and address Delivery Pipeline bottlenecks
Sanjeev Sharma
 
PPTX
DevOps 101 - IBM Impact 2014
Sanjeev Sharma
 
PPT
Enabling DevOps in the cloud - Federal Cloud Innovation Center
Sanjeev Sharma
 
PPT
Continuous Delivery to the cloud - Innovate 2014
Sanjeev Sharma
 
PDF
CampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
Sanjeev Sharma
 
PPT
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
Sanjeev Sharma
 
PPTX
Mobile to mainframe - Enterprise DevOps - MoDevEast Slides
Sanjeev Sharma
 
PPT
(Japanese) From Continuous Integration to DevOps - Japan Innovate 2013
Sanjeev Sharma
 
PPTX
From Continuous Integration to DevOps - Japan Innovate 2013
Sanjeev Sharma
 
From DevOps to DevSecOps: 2 Dimensions of Security for DevOps
Sanjeev Sharma
 
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Sanjeev Sharma
 
IBM InterConnect 2016: Security for DevOps in an Enterprise
Sanjeev Sharma
 
DevOps adoption in the enterprise
Sanjeev Sharma
 
dev@InterConnect workshop - Lean and DevOps
Sanjeev Sharma
 
OpenTechSummit InterConnect2015 DevOps
Sanjeev Sharma
 
DTS-1778 Understanding DevOps - IBM InterConnect Session
Sanjeev Sharma
 
Mobile to Mainframe - En-to-end transformation
Sanjeev Sharma
 
DevOps and Application Delivery for Hybrid Cloud - DevOpsSummit session
Sanjeev Sharma
 
Using Lean Thinking to identify and address Delivery Pipeline bottlenecks
Sanjeev Sharma
 
DevOps 101 - IBM Impact 2014
Sanjeev Sharma
 
Enabling DevOps in the cloud - Federal Cloud Innovation Center
Sanjeev Sharma
 
Continuous Delivery to the cloud - Innovate 2014
Sanjeev Sharma
 
CampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
Sanjeev Sharma
 
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
Sanjeev Sharma
 
Mobile to mainframe - Enterprise DevOps - MoDevEast Slides
Sanjeev Sharma
 
(Japanese) From Continuous Integration to DevOps - Japan Innovate 2013
Sanjeev Sharma
 
From Continuous Integration to DevOps - Japan Innovate 2013
Sanjeev Sharma
 

Recently uploaded (20)

PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Advanced IT Governance
University of Hertfordshire
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Advanced IT Governance
University of Hertfordshire
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Approach and Philosophy of On baking technology
30anthuong17
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 

Democratizing security

  • 1. COPYRIGHT © 2020 ACCELERATED STRATEGIES GROUP, INC. ALL RIGHTS RESERVED. Democratizing Security - the next frontier for DevSecOps adoption in the Enterprise Sanjeev Sharma, Principal Analyst
  • 2. • 20+ Years experience in Software Development and Delivery, Cloud Adoption and Data Modernization • Led the Data Modernization Practice at Delphix • Driving the definition of ‘DataOps’ for Application Delivery, and AI and Machine Learning • IBM Distinguished Engineer, and IBM’s 1st CTO for DevOps Adoption owning the DevOps practice • Chair of the Architecture Review Board for IBM’s response to the DoD’s JEDI RFP • Conference Keynote speaker, Blogger, Podcaster and Vlogger • Author of two bestseller books: • DevOps For Dummies: https://ibm.biz/BdsPMX • The DevOps Adoption Playbook: http://amzn.to/2hH7rt2 All about me - Sanjeev Sharma
  • 3. 1. Evolution of Delivery Practices 2. Democratization of Application Delivery 3. Security Chaos Engineering 4. Value Stream Mapping Agenda
  • 5. SRE Agile DevOps Develop right things right Deliver with speed Deliver with Reliability Evolving Application Delivery from Agile to DevOps
  • 6. Continuous Integration Continuous Delivery Shift Left Test Shift Left Ops Culture Development SCM Build Package Repo Deploy Testing Staging Production FeedbackPlanning Manage DevOps in a Nutshell: 1. Improve the Application/System being delivered 2. Improve the platform on which it is delivered 3. Improve the processes by which it is being delivered 4. Improve the culture of the organization delivering it DevOps
  • 7. Why DevSecOps? Security concerns and challenges are growing $57M Google GDPR Fine 4700 Breaches in 2018 11 Bn Records exposed 2018 Becoming a custodian of user data is becoming a differentiator You are not our product. Our products are iPhones and iPads. We treasure your data. We wanna help you keep it private and keep it safe. - Tim Cook, CEO, Apple
  • 9. 1874 - Solid Wood 1947 - Laminated Wood 1968 – Steel Racquet 1993 – Graphite Racquet 2008 – Aerodynamic Racquet Democratization of Technology
  • 10. 1. Self-service 2. Permission to act 3. Guardrails 4. Trust Tenets of Democratizing of IT Services
  • 11. DevOps: Democratizing the Application Delivery Pipeline Democratize Infrastructure Democratize Software Delivery Democratize Data Democratize Security Application Delivery Practitioners
  • 12. Democratizing Infrastructure with Cloud Become Technology Stack Agnostic Self-service Provisioning and Configuration Infrastructure as Code (IaaC) Elastic Services for on-demand scale Role Based Access Control Democratize Infrastructure 1. Improve the platform 2. Improve the processes 3. Improve the culture
  • 13. Democratizing Software Delivery with DevSecOps Become Technology Stack Agnostic Make DevSecOps capabilities Self Service Integrated end-to-end toolchain Automated Testing and Validation Include Security in the DevSecOps toolchain Democratize Software Delivery 1. Improve the Application/System 2. Improve the processes 3. Improve the culture
  • 14. Democratizing Data Democratize Data Become Data Source Agnostic Make Data Available Self Service Manage Data Like Code Mitigate Data Privacy & Compliance Risks Include Data Management in the DevSecOps toolchain 1. Improve the Application/System 2. Improve the platform 3. Improve the processes 4. Improve the culture
  • 15. Democratizing Security Become Technology Stack Agnostic Make Security* Self Service Manage Security* Like Code Automate Mitigation of Security & Compliance Risks Include Security* in the DevOps toolchain Democratize Security * Security Implementation, Validation and Enforcement 1. Secure the Application/System 2. Secure the platform 3. Secure the processes 4. Secure the culture
  • 16. Business Initiatives: Create New Revenue Streams Improve Quality Accelerate Time to Market Comply with Regulations The Challenge : High Complexity High Cost Multiple Demands High Complexity - Multiple Technology stacks - On Premises and Cloud - Departmental Silos - Legacy, Cloud-native, SaaS applications and services - Open-source sprawl High Cost - Compliance & Governance Policies - Regulatory overhead - Audit and Compliance overhead - Cybersecurity threat preparedness Multiple Demands - Business: Innovation and Monetization - Developers: Continuous Delivery - Analytics Teams: Massive, diverse data sets - Security Teams: Lack of talent and technology expertise
  • 18. One way to make sure you can deal with a flat tire on the freeway, in the rain, in the middle of the night is to poke a hole in your tire once a week in your driveway on a Sunday afternoon and go through the drill of replacing it. Chaos Engineering
  • 19. Antifragile: Things that are neither fragile or robust, but rather thrive in chaos. Achieving Antifragility
  • 20. The Chaos is Real https://www.sophos.com/en-us/medialibrary/PDFs/Whitepaper/sophos-exposed-cyberattacks-on-cloud-honeypots-wp.pdf
  • 21. Security Chaos Engineering Security Chaos Engineering is the discipline of instrumentation, identification, and remediation of failure within security controls through proactive experimentation to build confidence in the system's ability to defend against malicious conditions in production.
  • 22. Security Chaos Engineering implementation 1. End-to-end Continuous Instrumentation 2. Continuous Readiness Assessment 3. Continuous Security Gap Analysis 4. Automation to identify, detect, and remediate security failures 5. Focus on vulnerability and failure identification 6. Continuous improvement of Operational Readiness
  • 24. Idea/Feature/Bug Fix/ Enhancement Production Development Build QA SIT UAT Prod PMO Requirements/ Analyst Developer CustomersLine of Business Build Engineer QA Team Integration Tester User/Tester Operations Artifact Repository Deployment Engineer Release Management Code Repository Deploy Get Feedback Infrastructure as Code/ Cloud Patterns Feedback Customer or Customer Surrogate Data Tasks Artifacts Value Stream Mapping to Identify: • Waste • Wait-States • Rework Value Stream Mapping to Develop an Adoption Roadmap
  • 25. • Review the current state o Business goals, IT goals, current initiatives o Requirements o Environments o Repositories o Data Sources/Architecture o Roles / Organization o Metrics o Other • Prioritize Waste, Wait states and Rework • Create a first pass at a roadmap to address inefficiencies Next Step: DevOps Value Stream Mapping Workshop
  • 27. KNOWLEDGE WANTS TO BE FREE COPYRIGHT © 2020 ACCELERATED STRATEGIES GROUP, INC. ALL RIGHTS RESERVED