Business Objectives Cloud Native Architecture To Achieve THE CLOUD NATIVE DREAM (BUSINESS DRIVERS) … Tools & Techniques People, Teams & Processes Impacts On ▸Faster Time to Market ▸Allow business to grow (Scalability)
applications capable of exploiting and taking advantage of modern, scalable cloud like delivery techniques and tools in order to meet business objectives!
Do minimum get away with ▸Operating under a false sense of security ▸Only happy path testing ▸Inconsistent environments ▸The single instance fallacy TACKLING TOO MUCH, TOO QUICKLY Can’t expect to gain a fully rounded & reliable cloud native system overnight!
focusing on easy not risky • Operate under a false sense of security • Only happy path testing (platform testing neglected) • Lack of robust CI/CD - Inconsistent environments • TACKLING TOO MUCH, TOO QUICKLY - OBSERVATIONS
focusing on easy not risky • Operate under a false sense of security • Only happy path testing (platform testing neglected) • Lack of robust CI/CD - Inconsistent environments • image credit: http:// www.guinnessworldrec ords.com/world- records/most-tennis- balls-held-in-the- mouth-dog TACKLING TOO MUCH, TOO QUICKLY - OBSERVATIONS
focusing on easy not risky • Operate under a false sense of security • Only happy path testing (platform testing neglected) • Lack of robust CI/CD - Inconsistent environments • TACKLING TOO MUCH, TOO QUICKLY - OBSERVATIONS
focusing on easy not risky • Operate under a false sense of security • Only happy path testing (platform testing neglected) • Lack of robust CI/CD - Inconsistent environments • TACKLING TOO MUCH, TOO QUICKLY - OBSERVATIONS
Do minimum get away with ▸Operating under a false sense of security ▸Only happy path testing ▸Inconsistent environments ▸The single instance fallacy Distributed Systems are hard. The devil is in the detail And the detail matters RELYING ON A SURFACE LEVEL UNDERSTANDING
24 hours != Expert • Outsource commodity, in-house business value • Missing out on optimising for the Bigger Picture • Artificial Boundaries • Artificial Centralisation RELYING ON A SURFACE LEVEL UNDERSTANDING
24 hours != Expert • Outsource commodity, in-house business value • Missing out on optimising for the Bigger Picture • Artificial Boundaries • Artificial Centralisation RELYING ON A SURFACE LEVEL UNDERSTANDING
24 hours != Expert • Outsource commodity, in-house business value • Missing out on optimising for the Bigger Picture • Artificial Boundaries • Artificial Centralisation RELYING ON A SURFACE LEVEL UNDERSTANDING
Do minimum get away with ▸Operating under a false sense of security ▸Only happy path testing ▸Inconsistent environments ▸The single instance fallacy Considered Thought & Pragmatism … (CNCF Recommendations - good start) Rule of Thumb: Automation, API & Horizontally scale friendly INEFFECTIVE TOOLS & PROCESSES - SO WHAT SHOULD YOU USE?
up • No excuse to ignore it though! • Devs/Ops are the new Gatekeepers • Help a CISO, help yourself • Provide tools/reports to help understand new world • Shift Security Left, make it a 1st class citizen
up • No excuse to ignore it though! • Devs/Ops are the new Gatekeepers • Help a CISO, help yourself • Provide tools/reports to help understand new world • Shift Security Left, make it a 1st class citizen DevOps CI CD
it though! • Devs/Ops are the new Gatekeepers • Help a CISO, help yourself • Provide tools/reports to help understand new world • Shift Security Left, make it a 1st class citizen IGNORING SECURITY CONCERNS DevSecOps <— Shifting Security to the left <— Shift Security Left
though! ▸Devs/Ops are the new Gatekeepers ▸Help a CISO, help yourself ▸Provide tools/reports to help understand new world ▸Shift Security Left, make it a 1st class citizen IGNORING SECURITY CONCERNS DevSecOps <— Shifting Security to the left Get Security Insight Out —> Deploy Security Runtime Security
help yourself • Provide tools/reports to help understand new world • Help a CISO, help yourself • Provide tools/reports to help understand new world • Shift Security Left, make it a 1st class citizen IGNORING SECURITY CONCERNS
Do minimum get away with ▸Operating under a false sense of security ▸Only happy path testing ▸Inconsistent environments ▸The single instance fallacy <— Shift Security Left Get Security Insights Out —> Engage don’t enrage! IGNORING SECURITY CONCERNS
Business Objectives Cloud Native Architecture To Achieve … Tools & Techniques People, Teams & Processes Impacts On !67 • Needs A Different • Approach • Tooling • Skills THE CLOUD NATIVE JOURNEY
too quickly • Acquire enough expertise to journey safely • Choose your Tools wisely • Engage don’t enrage Security • Anticipate, Plan and Actively Test for Failure