SlideShare a Scribd company logo

Dear security, compliance, and auditing: We’re sorry. Love, DevOps | DevNation Tech Talk

Red Hat Developers
Red Hat Developers

DevOps solved the conflict between development and operations, but other essential aspects of the delivery lifecycle—security, compliance, and audit—were left out. DevSecOps is an excellent reminder that security must be DevOps’d, but compliance and audit are still missing. There’s no need for a new DevSecAuditComplianceOps buzzword; instead, let’s talk about continuous authorization, which applies Zero Trust principles to continuous monitoring. In this tech talk, Bill Bensing will discuss practical ways to start with continuous authorization for the software delivery lifecycle using Ploigos.

1 of 47
Download to read offline
DevNation - Mar. 10, 2022 Dear Security, Compliance, and Auditors Sorry, Love DevOps Bill Bensing Managing Architect Software Factory 1
DevNation - Mar. 10, 2022 The Inspiration 2 Source: http://dearauditor.org/
DevNation - Mar. 10, 2022 3 Sorry, Love DevOps Introduction
DevNation - Mar. 10, 2022 Sorry, Love DevOps 4 Beyonce Rule If You Like It , Then You Should Tweet On It @BillBensing
DevNation - Mar. 10, 2022 Sorry, Love DevOps 5 “CI/CD is what we did yesterday. Like usual, we need a word to describe the next phase of something, and CI/CD 2.0 is so ‘mehhh.’ Software Factories reminds us that software delivery goes beyond automation, it should be autonomous, at an industrial scale.” Bill Bensing Managing Architect - Software Factory
DevNation - Mar. 10, 2022 Sorry, Love DevOps 6 John Willis @botchagalupe Andrew Clay Shafer @littleidea Homage & Honorable Mentions Modern Governance & Cloud Native Operating Models
DevNation - Mar. 10, 2022 7 Sorry, Love DevOps Red Hat Global Transformation Office Coined the Term, Helped Drive the Community, Wrote the Books on DevOps, and more…
DevNation - Mar. 10, 2022 Sorry, Love DevOps 8 Source: https://itrevolution.com/investments-unlimited-book
DevNation - Mar. 10, 2022 Sorry, Love DevOps 9
DevNation - Mar. 10, 2022 Sorry, Love DevOps 10 Modern Governance Cooperation, not Core Chronic Conflict Empower Those With Most Context Remove All Subjectivity From Process
DevNation - Mar. 10, 2022 11 Sorry, Love DevOps The Problem
DevNation - Mar. 10, 2022 12 Sorry, Love DevOps Meet Herbie
DevNation - Mar. 10, 2022 13 Sorry, Love DevOps What Does Herbie Represent? Bottlenecks
DevNation - Mar. 10, 2022 14 Sorry, Love DevOps Source: https://www.vectorstock.com/royalty-free-vector/boy-scout-vector-1270222 Most SDLC Governance Is A Herbie Governance is a bottleneck
DevNation - Mar. 10, 2022 15 Sorry, Love DevOps Herbie Paces The SDLC
DevNation - Mar. 10, 2022 16 Sorry, Love DevOps Herbie Paces The SDLC
DevNation - Mar. 10, 2022 17 Sorry, Love DevOps The Slowest Is the Fastest If Not, You’ll See WIP
DevNation - Mar. 10, 2022 18 Sorry, Love DevOps Work In Process Is Risk A Simple Example Work in Process 98% Success Rate 98% Success Rate 4 hrs. 4 hrs.
DevNation - Mar. 10, 2022 19 Sorry, Love DevOps The Risk of Your Governance Process Implementation Governance Creating Risk, Not Mitigating It Work in Process 98% Success Rate 90% Success Rate 8 hrs. 40 hrs.
DevNation - Mar. 10, 2022 20 Sorry, Love DevOps A More Relatable Example Why Can’t Governance Take Just Second?! Work in Process 98% Success Rate 60% Success Rate 16 hrs. 400 hrs.
DevNation - Mar. 10, 2022 Sorry, Love DevOps 21 Chasing Herbies’ How Do We Address The Governance Bottleneck?
DevNation - Mar. 10, 2022 22 Sorry, Love DevOps Modern Governance
DevNation - Mar. 10, 2022 Sorry, Love DevOps 23 Move from implicit security & compliance models to explicit proof. Modern Governance How Do We Need to Think Differently
DevNation - Mar. 10, 2022 Sorry, Love DevOps 24 Two Types of Toil: Audit Toil Delivery Toil Governance is the Bottleneck We Need to Think Differently
DevNation - Mar. 10, 2022 Sorry, Love DevOps Continuous Risk Assessment 25 Source: https://software.af.mil/wp-content/uploads/2021/05/DoD-Enterprise-DevSecOps-2.0-Strategy-Guide.pdf (Pg. 19)
DevNation - Mar. 10, 2022 Sorry, Love DevOps 26 Source: https://myresources.itrevolution.com/viewer/?Id=006657043
DevNation - Mar. 10, 2022 Sorry, Love DevOps Example IORCAA 27 Dependency Management Source: https://myresources.itrevolution.com/viewer/?Id=006657043
DevNation - Mar. 10, 2022 Sorry, Love DevOps What If There Was… 28 A technology-agnostic canonical implementation of SDLC tooling, with default workflow implementations, that allows one to layer in current, and future unknown concerns, which are independent of SDLC tool execution?
DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 29 A technology-agnostic canonical implementation of SDLC tooling, with default workflow implementations, that allows one to layer in current, and future unknown concerns, which are independent of SDLC tool execution.
DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Ecosystem 30 https://github.com/ploigos
DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 31 How It Works CI Tool Static Scanning Lines & Lines of Imperative Logic
DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 32 How It Works CI Tool $ psr static-scan Ploigos Step Runner Step Runner Config Retrieve Configuration Invoke Tools
DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 33
DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 34 How It Works ▸ Procedural ▸ Declarative ▸ SOLID ・ S - Single Responsibility ・ O - Open-Closed Principle ・ L - Liskov Substitution ・ I - Interface Segregation ・ D - Dependency Inversion
DevNation - Mar. 10, 2022 Sorry, Love DevOps 35 Unit Tested Workflow Advantages Integration Tested Tools A workflow & tool set as a service
DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 36 How It Works - Automated Governance CI Tool $ psr static-scan Ploigos Step Runner Step Runner Config Retrieve Configuration Collect, Serialize, Sign,& Persist Outcomes Invoke Tools Store Outcome Attestation
DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 37 How It Works Evidence Attestation Persisted Evidence Cross Reference Eachother
DevNation - Mar. 10, 2022 38 Sorry, Love DevOps Automated Control Gate Activity Collect Material Normalized Material Retrieve Attestation Validate & Audit Attestation Attest To (Sign) Material & Persist Retrieve Policy Evidence & Attestation Procedure Policy Enforcement Point Procedure
DevNation - Mar. 10, 2022 Sorry, Love DevOps Serialize Material is Key to Externalized Policy 39 Evidence & Attestation - How to Codify Policy, Security, & Compliance
DevNation - Mar. 10, 2022 Sorry, Love DevOps 40
DevNation - Mar. 10, 2022 Sorry, Love DevOps Externalize Governance - Audit Against Business Interface 41 Policy Enforcement Point - How to Codify Policy, Security, & Compliance
DevNation - Mar. 10, 2022 Sorry, Love DevOps 42
DevNation - Mar. 10, 2022 Sorry, Love DevOps Continuous Integration as Evidence 43 Evidence Collection & Attestation of CI Process & Outcomes
DevNation - Mar. 10, 2022 Sorry, Love DevOps Validateable Continuous Deployment 44 Audits Are the First Part of the Deployment Process
DevNation - Mar. 10, 2022 Sorry, Love DevOps 100% Automated - Commit to Production 45 Automated Governance = Compliance as Code + Policy as Code
DevNation - Mar. 10, 2022 Sorry, Love DevOps Key Architectural Themes 46 Applying Modern Governance 1. Externalized Policy - Independent of all tools 2. Trusted Agent - Collect Evidence, Attest, Enforce Policy 3. Observibility - More important to know what is not/cannot be validated, as opposed to what is passing & failing. 4. Convergence - Distill processes, tools, policies, and procedures to reusable cross-cutting concern
DevNation - Mar. 10, 2022 linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat Bill Bensing Email: wbensing@redhat.com Twitter: @BillBensing LinkedIn: https://www.linkedin.com/in/billbensing/ No Questions, Just Conversations 47

More Related Content

Similar to Dear security, compliance, and auditing: We’re sorry. Love, DevOps | DevNation Tech Talk

Obsidian Agile DevOps
Obsidian Agile DevOpsObsidian Agile DevOps
Obsidian Agile DevOps
David A. Callner
 
DOES14 - Aimee Bechtle and Bill Donaldson - The MITRE Corp
DOES14 - Aimee Bechtle and Bill Donaldson - The MITRE CorpDOES14 - Aimee Bechtle and Bill Donaldson - The MITRE Corp
DOES14 - Aimee Bechtle and Bill Donaldson - The MITRE Corp
Gene Kim
 
14 3400-mitre dev ops enterprise summit briefing 2014-10_22
14 3400-mitre dev ops enterprise summit briefing 2014-10_2214 3400-mitre dev ops enterprise summit briefing 2014-10_22
14 3400-mitre dev ops enterprise summit briefing 2014-10_22
Bill Donaldson
 
Webinar: DevOps - Redefining your IT Strategy
Webinar: DevOps - Redefining your IT StrategyWebinar: DevOps - Redefining your IT Strategy
Webinar: DevOps - Redefining your IT Strategy
Edureka!
 
Trend Micro Star Trek 2020 - Accelerating DevOps transformation through gamif...
Trend Micro Star Trek 2020 - Accelerating DevOps transformation through gamif...Trend Micro Star Trek 2020 - Accelerating DevOps transformation through gamif...
Trend Micro Star Trek 2020 - Accelerating DevOps transformation through gamif...
Der-Jeng Lin
 
Creating a DevOps Practice for Analytics -- Strata Data, September 28, 2017
Creating a DevOps Practice for Analytics -- Strata Data, September 28, 2017Creating a DevOps Practice for Analytics -- Strata Data, September 28, 2017
Creating a DevOps Practice for Analytics -- Strata Data, September 28, 2017
Caserta
 
Software development and delivery with dev ops
Software development and delivery with dev opsSoftware development and delivery with dev ops
Software development and delivery with dev ops
Fingent Corporation
 
Salesforce DevOps Maturity Matrix, Anna Walach
Salesforce DevOps Maturity Matrix, Anna WalachSalesforce DevOps Maturity Matrix, Anna Walach
Salesforce DevOps Maturity Matrix, Anna Walach
CzechDreamin
 
Quality engineering & testing in DevOps IT delivery with TMAP
Quality engineering & testing in DevOps IT delivery with TMAPQuality engineering & testing in DevOps IT delivery with TMAP
Quality engineering & testing in DevOps IT delivery with TMAP
Rik Marselis
 
BizDevOps – Delivering Business Value Quickly at Scale
BizDevOps – Delivering Business Value Quickly at ScaleBizDevOps – Delivering Business Value Quickly at Scale
BizDevOps – Delivering Business Value Quickly at Scale
QASymphony
 
DevOps a peek into high performing organizations
DevOps a peek into high performing organizationsDevOps a peek into high performing organizations
DevOps a peek into high performing organizations
Ram0603
 
Principles of Continuous Delivery and DevOps
Principles of Continuous Delivery and DevOpsPrinciples of Continuous Delivery and DevOps
Principles of Continuous Delivery and DevOps
Bert Jan Schrijver
 
DevOps Overview
DevOps OverviewDevOps Overview
DevOps Overview
Sagar Mody
 
Microservices the Good Bad and the Ugly
Microservices the Good Bad and the UglyMicroservices the Good Bad and the Ugly
Microservices the Good Bad and the Ugly
Adrian Cockcroft
 
DevOps Culture transformation in Modern Software Delivery
DevOps Culture transformation in Modern Software DeliveryDevOps Culture transformation in Modern Software Delivery
DevOps Culture transformation in Modern Software Delivery
Najib Radzuan
 
DevOps: The Future of Software Development
DevOps: The Future of Software DevelopmentDevOps: The Future of Software Development
DevOps: The Future of Software Development
Opsta
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software Delivery
Anand Chauhan
 
DevOps in Practice
DevOps in PracticeDevOps in Practice
DevOps in Practice
Derek Chen
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged
James Wickett
 
Double K: Kanban and Kata
Double K: Kanban and KataDouble K: Kanban and Kata
Double K: Kanban and Kata
Bernadette Dario
 

Similar to Dear security, compliance, and auditing: We’re sorry. Love, DevOps | DevNation Tech Talk (20)

Obsidian Agile DevOps
Obsidian Agile DevOpsObsidian Agile DevOps
Obsidian Agile DevOps
 
DOES14 - Aimee Bechtle and Bill Donaldson - The MITRE Corp
DOES14 - Aimee Bechtle and Bill Donaldson - The MITRE CorpDOES14 - Aimee Bechtle and Bill Donaldson - The MITRE Corp
DOES14 - Aimee Bechtle and Bill Donaldson - The MITRE Corp
 
14 3400-mitre dev ops enterprise summit briefing 2014-10_22
14 3400-mitre dev ops enterprise summit briefing 2014-10_2214 3400-mitre dev ops enterprise summit briefing 2014-10_22
14 3400-mitre dev ops enterprise summit briefing 2014-10_22
 
Webinar: DevOps - Redefining your IT Strategy
Webinar: DevOps - Redefining your IT StrategyWebinar: DevOps - Redefining your IT Strategy
Webinar: DevOps - Redefining your IT Strategy
 
Trend Micro Star Trek 2020 - Accelerating DevOps transformation through gamif...
Trend Micro Star Trek 2020 - Accelerating DevOps transformation through gamif...Trend Micro Star Trek 2020 - Accelerating DevOps transformation through gamif...
Trend Micro Star Trek 2020 - Accelerating DevOps transformation through gamif...
 
Creating a DevOps Practice for Analytics -- Strata Data, September 28, 2017
Creating a DevOps Practice for Analytics -- Strata Data, September 28, 2017Creating a DevOps Practice for Analytics -- Strata Data, September 28, 2017
Creating a DevOps Practice for Analytics -- Strata Data, September 28, 2017
 
Software development and delivery with dev ops
Software development and delivery with dev opsSoftware development and delivery with dev ops
Software development and delivery with dev ops
 
Salesforce DevOps Maturity Matrix, Anna Walach
Salesforce DevOps Maturity Matrix, Anna WalachSalesforce DevOps Maturity Matrix, Anna Walach
Salesforce DevOps Maturity Matrix, Anna Walach
 
Quality engineering & testing in DevOps IT delivery with TMAP
Quality engineering & testing in DevOps IT delivery with TMAPQuality engineering & testing in DevOps IT delivery with TMAP
Quality engineering & testing in DevOps IT delivery with TMAP
 
BizDevOps – Delivering Business Value Quickly at Scale
BizDevOps – Delivering Business Value Quickly at ScaleBizDevOps – Delivering Business Value Quickly at Scale
BizDevOps – Delivering Business Value Quickly at Scale
 
DevOps a peek into high performing organizations
DevOps a peek into high performing organizationsDevOps a peek into high performing organizations
DevOps a peek into high performing organizations
 
Principles of Continuous Delivery and DevOps
Principles of Continuous Delivery and DevOpsPrinciples of Continuous Delivery and DevOps
Principles of Continuous Delivery and DevOps
 
DevOps Overview
DevOps OverviewDevOps Overview
DevOps Overview
 
Microservices the Good Bad and the Ugly
Microservices the Good Bad and the UglyMicroservices the Good Bad and the Ugly
Microservices the Good Bad and the Ugly
 
DevOps Culture transformation in Modern Software Delivery
DevOps Culture transformation in Modern Software DeliveryDevOps Culture transformation in Modern Software Delivery
DevOps Culture transformation in Modern Software Delivery
 
DevOps: The Future of Software Development
DevOps: The Future of Software DevelopmentDevOps: The Future of Software Development
DevOps: The Future of Software Development
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software Delivery
 
DevOps in Practice
DevOps in PracticeDevOps in Practice
DevOps in Practice
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged
 
Double K: Kanban and Kata
Double K: Kanban and KataDouble K: Kanban and Kata
Double K: Kanban and Kata
 

More from Red Hat Developers

DevNation Tech Talk: Getting GitOps
DevNation Tech Talk: Getting GitOpsDevNation Tech Talk: Getting GitOps
DevNation Tech Talk: Getting GitOps
Red Hat Developers
 
Exploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on KubernetesExploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on Kubernetes
Red Hat Developers
 
GitHub Makeover | DevNation Tech Talk
GitHub Makeover | DevNation Tech TalkGitHub Makeover | DevNation Tech Talk
GitHub Makeover | DevNation Tech Talk
Red Hat Developers
 
Quinoa: A modern Quarkus UI with no hassles | DevNation tech Talk
Quinoa: A modern Quarkus UI with no hassles | DevNation tech TalkQuinoa: A modern Quarkus UI with no hassles | DevNation tech Talk
Quinoa: A modern Quarkus UI with no hassles | DevNation tech Talk
Red Hat Developers
 
Extra micrometer practices with Quarkus | DevNation Tech Talk
Extra micrometer practices with Quarkus | DevNation Tech TalkExtra micrometer practices with Quarkus | DevNation Tech Talk
Extra micrometer practices with Quarkus | DevNation Tech Talk
Red Hat Developers
 
Event-driven autoscaling through KEDA and Knative Integration | DevNation Tec...
Event-driven autoscaling through KEDA and Knative Integration | DevNation Tec...Event-driven autoscaling through KEDA and Knative Integration | DevNation Tec...
Event-driven autoscaling through KEDA and Knative Integration | DevNation Tec...
Red Hat Developers
 
Integrating Loom in Quarkus | DevNation Tech Talk
Integrating Loom in Quarkus | DevNation Tech TalkIntegrating Loom in Quarkus | DevNation Tech Talk
Integrating Loom in Quarkus | DevNation Tech Talk
Red Hat Developers
 
Quarkus Renarde 🦊♥: an old-school Web framework with today's touch | DevNatio...
Quarkus Renarde 🦊♥: an old-school Web framework with today's touch | DevNatio...Quarkus Renarde 🦊♥: an old-school Web framework with today's touch | DevNatio...
Quarkus Renarde 🦊♥: an old-school Web framework with today's touch | DevNatio...
Red Hat Developers
 
Containers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech TalkContainers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech Talk
Red Hat Developers
 
Distributed deployment of microservices across multiple OpenShift clusters | ...
Distributed deployment of microservices across multiple OpenShift clusters | ...Distributed deployment of microservices across multiple OpenShift clusters | ...
Distributed deployment of microservices across multiple OpenShift clusters | ...
Red Hat Developers
 
DevNation Workshop: Object detection with Red Hat OpenShift Data Science [Mar...
DevNation Workshop: Object detection with Red Hat OpenShift Data Science [Mar...DevNation Workshop: Object detection with Red Hat OpenShift Data Science [Mar...
DevNation Workshop: Object detection with Red Hat OpenShift Data Science [Mar...
Red Hat Developers
 
11 CLI tools every developer should know | DevNation Tech Talk
11 CLI tools every developer should know | DevNation Tech Talk11 CLI tools every developer should know | DevNation Tech Talk
11 CLI tools every developer should know | DevNation Tech Talk
Red Hat Developers
 
A Microservices approach with Cassandra and Quarkus | DevNation Tech Talk
A Microservices approach with Cassandra and Quarkus | DevNation Tech TalkA Microservices approach with Cassandra and Quarkus | DevNation Tech Talk
A Microservices approach with Cassandra and Quarkus | DevNation Tech Talk
Red Hat Developers
 
GitHub Actions and OpenShift: ​​Supercharging your software development loops...
GitHub Actions and OpenShift: ​​Supercharging your software development loops...GitHub Actions and OpenShift: ​​Supercharging your software development loops...
GitHub Actions and OpenShift: ​​Supercharging your software development loops...
Red Hat Developers
 
To the moon and beyond with Java 17 APIs! | DevNation Tech Talk
To the moon and beyond with Java 17 APIs! | DevNation Tech TalkTo the moon and beyond with Java 17 APIs! | DevNation Tech Talk
To the moon and beyond with Java 17 APIs! | DevNation Tech Talk
Red Hat Developers
 
Profile your Java apps in production on Red Hat OpenShift with Cryostat | Dev...
Profile your Java apps in production on Red Hat OpenShift with Cryostat | Dev...Profile your Java apps in production on Red Hat OpenShift with Cryostat | Dev...
Profile your Java apps in production on Red Hat OpenShift with Cryostat | Dev...
Red Hat Developers
 
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Red Hat Developers
 
Kubernetes configuration and security policies with KubeLinter | DevNation Te...
Kubernetes configuration and security policies with KubeLinter | DevNation Te...Kubernetes configuration and security policies with KubeLinter | DevNation Te...
Kubernetes configuration and security policies with KubeLinter | DevNation Te...
Red Hat Developers
 
Level-up your gaming telemetry using Kafka Streams | DevNation Tech Talk
Level-up your gaming telemetry using Kafka Streams | DevNation Tech TalkLevel-up your gaming telemetry using Kafka Streams | DevNation Tech Talk
Level-up your gaming telemetry using Kafka Streams | DevNation Tech Talk
Red Hat Developers
 
Friends don't let friends do dual writes: Outbox pattern with OpenShift Strea...
Friends don't let friends do dual writes: Outbox pattern with OpenShift Strea...Friends don't let friends do dual writes: Outbox pattern with OpenShift Strea...
Friends don't let friends do dual writes: Outbox pattern with OpenShift Strea...
Red Hat Developers
 

More from Red Hat Developers (20)

DevNation Tech Talk: Getting GitOps
DevNation Tech Talk: Getting GitOpsDevNation Tech Talk: Getting GitOps
DevNation Tech Talk: Getting GitOps
 
Exploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on KubernetesExploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on Kubernetes
 
GitHub Makeover | DevNation Tech Talk
GitHub Makeover | DevNation Tech TalkGitHub Makeover | DevNation Tech Talk
GitHub Makeover | DevNation Tech Talk
 
Quinoa: A modern Quarkus UI with no hassles | DevNation tech Talk
Quinoa: A modern Quarkus UI with no hassles | DevNation tech TalkQuinoa: A modern Quarkus UI with no hassles | DevNation tech Talk
Quinoa: A modern Quarkus UI with no hassles | DevNation tech Talk
 
Extra micrometer practices with Quarkus | DevNation Tech Talk
Extra micrometer practices with Quarkus | DevNation Tech TalkExtra micrometer practices with Quarkus | DevNation Tech Talk
Extra micrometer practices with Quarkus | DevNation Tech Talk
 
Event-driven autoscaling through KEDA and Knative Integration | DevNation Tec...
Event-driven autoscaling through KEDA and Knative Integration | DevNation Tec...Event-driven autoscaling through KEDA and Knative Integration | DevNation Tec...
Event-driven autoscaling through KEDA and Knative Integration | DevNation Tec...
 
Integrating Loom in Quarkus | DevNation Tech Talk
Integrating Loom in Quarkus | DevNation Tech TalkIntegrating Loom in Quarkus | DevNation Tech Talk
Integrating Loom in Quarkus | DevNation Tech Talk
 
Quarkus Renarde 🦊♥: an old-school Web framework with today's touch | DevNatio...
Quarkus Renarde 🦊♥: an old-school Web framework with today's touch | DevNatio...Quarkus Renarde 🦊♥: an old-school Web framework with today's touch | DevNatio...
Quarkus Renarde 🦊♥: an old-school Web framework with today's touch | DevNatio...
 
Containers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech TalkContainers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech Talk
 
Distributed deployment of microservices across multiple OpenShift clusters | ...
Distributed deployment of microservices across multiple OpenShift clusters | ...Distributed deployment of microservices across multiple OpenShift clusters | ...
Distributed deployment of microservices across multiple OpenShift clusters | ...
 
DevNation Workshop: Object detection with Red Hat OpenShift Data Science [Mar...
DevNation Workshop: Object detection with Red Hat OpenShift Data Science [Mar...DevNation Workshop: Object detection with Red Hat OpenShift Data Science [Mar...
DevNation Workshop: Object detection with Red Hat OpenShift Data Science [Mar...
 
11 CLI tools every developer should know | DevNation Tech Talk
11 CLI tools every developer should know | DevNation Tech Talk11 CLI tools every developer should know | DevNation Tech Talk
11 CLI tools every developer should know | DevNation Tech Talk
 
A Microservices approach with Cassandra and Quarkus | DevNation Tech Talk
A Microservices approach with Cassandra and Quarkus | DevNation Tech TalkA Microservices approach with Cassandra and Quarkus | DevNation Tech Talk
A Microservices approach with Cassandra and Quarkus | DevNation Tech Talk
 
GitHub Actions and OpenShift: ​​Supercharging your software development loops...
GitHub Actions and OpenShift: ​​Supercharging your software development loops...GitHub Actions and OpenShift: ​​Supercharging your software development loops...
GitHub Actions and OpenShift: ​​Supercharging your software development loops...
 
To the moon and beyond with Java 17 APIs! | DevNation Tech Talk
To the moon and beyond with Java 17 APIs! | DevNation Tech TalkTo the moon and beyond with Java 17 APIs! | DevNation Tech Talk
To the moon and beyond with Java 17 APIs! | DevNation Tech Talk
 
Profile your Java apps in production on Red Hat OpenShift with Cryostat | Dev...
Profile your Java apps in production on Red Hat OpenShift with Cryostat | Dev...Profile your Java apps in production on Red Hat OpenShift with Cryostat | Dev...
Profile your Java apps in production on Red Hat OpenShift with Cryostat | Dev...
 
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
 
Kubernetes configuration and security policies with KubeLinter | DevNation Te...
Kubernetes configuration and security policies with KubeLinter | DevNation Te...Kubernetes configuration and security policies with KubeLinter | DevNation Te...
Kubernetes configuration and security policies with KubeLinter | DevNation Te...
 
Level-up your gaming telemetry using Kafka Streams | DevNation Tech Talk
Level-up your gaming telemetry using Kafka Streams | DevNation Tech TalkLevel-up your gaming telemetry using Kafka Streams | DevNation Tech Talk
Level-up your gaming telemetry using Kafka Streams | DevNation Tech Talk
 
Friends don't let friends do dual writes: Outbox pattern with OpenShift Strea...
Friends don't let friends do dual writes: Outbox pattern with OpenShift Strea...Friends don't let friends do dual writes: Outbox pattern with OpenShift Strea...
Friends don't let friends do dual writes: Outbox pattern with OpenShift Strea...
 

Recently uploaded

BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
Liveplex
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
Eric D. Schabell
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
Adam Dunkels
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Mydbops
 
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Erasmo Purificato
 
Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
BookNet Canada
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
BookNet Canada
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real worldImplementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real world
Emerging Tech
 
Quantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLMQuantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLM
Vijayananda Mohire
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
Matthew Sinclair
 
The Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU CampusesThe Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU Campuses
Larry Smarr
 
What's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptxWhat's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptx
Stephanie Beckett
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
RaminGhanbari2
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
shanthidl1
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
20240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 202420240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 2024
Matthew Sinclair
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
Stephanie Beckett
 

Recently uploaded (20)

BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
 
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
 
Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real worldImplementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real world
 
Quantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLMQuantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLM
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
 
The Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU CampusesThe Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU Campuses
 
What's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptxWhat's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptx
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
20240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 202420240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 2024
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
 

Dear security, compliance, and auditing: We’re sorry. Love, DevOps | DevNation Tech Talk

  • 1. DevNation - Mar. 10, 2022 Dear Security, Compliance, and Auditors Sorry, Love DevOps Bill Bensing Managing Architect Software Factory 1
  • 2. DevNation - Mar. 10, 2022 The Inspiration 2 Source: http://dearauditor.org/
  • 3. DevNation - Mar. 10, 2022 3 Sorry, Love DevOps Introduction
  • 4. DevNation - Mar. 10, 2022 Sorry, Love DevOps 4 Beyonce Rule If You Like It , Then You Should Tweet On It @BillBensing
  • 5. DevNation - Mar. 10, 2022 Sorry, Love DevOps 5 “CI/CD is what we did yesterday. Like usual, we need a word to describe the next phase of something, and CI/CD 2.0 is so ‘mehhh.’ Software Factories reminds us that software delivery goes beyond automation, it should be autonomous, at an industrial scale.” Bill Bensing Managing Architect - Software Factory
  • 6. DevNation - Mar. 10, 2022 Sorry, Love DevOps 6 John Willis @botchagalupe Andrew Clay Shafer @littleidea Homage & Honorable Mentions Modern Governance & Cloud Native Operating Models
  • 7. DevNation - Mar. 10, 2022 7 Sorry, Love DevOps Red Hat Global Transformation Office Coined the Term, Helped Drive the Community, Wrote the Books on DevOps, and more…
  • 8. DevNation - Mar. 10, 2022 Sorry, Love DevOps 8 Source: https://itrevolution.com/investments-unlimited-book
  • 9. DevNation - Mar. 10, 2022 Sorry, Love DevOps 9
  • 10. DevNation - Mar. 10, 2022 Sorry, Love DevOps 10 Modern Governance Cooperation, not Core Chronic Conflict Empower Those With Most Context Remove All Subjectivity From Process
  • 11. DevNation - Mar. 10, 2022 11 Sorry, Love DevOps The Problem
  • 12. DevNation - Mar. 10, 2022 12 Sorry, Love DevOps Meet Herbie
  • 13. DevNation - Mar. 10, 2022 13 Sorry, Love DevOps What Does Herbie Represent? Bottlenecks
  • 14. DevNation - Mar. 10, 2022 14 Sorry, Love DevOps Source: https://www.vectorstock.com/royalty-free-vector/boy-scout-vector-1270222 Most SDLC Governance Is A Herbie Governance is a bottleneck
  • 15. DevNation - Mar. 10, 2022 15 Sorry, Love DevOps Herbie Paces The SDLC
  • 16. DevNation - Mar. 10, 2022 16 Sorry, Love DevOps Herbie Paces The SDLC
  • 17. DevNation - Mar. 10, 2022 17 Sorry, Love DevOps The Slowest Is the Fastest If Not, You’ll See WIP
  • 18. DevNation - Mar. 10, 2022 18 Sorry, Love DevOps Work In Process Is Risk A Simple Example Work in Process 98% Success Rate 98% Success Rate 4 hrs. 4 hrs.
  • 19. DevNation - Mar. 10, 2022 19 Sorry, Love DevOps The Risk of Your Governance Process Implementation Governance Creating Risk, Not Mitigating It Work in Process 98% Success Rate 90% Success Rate 8 hrs. 40 hrs.
  • 20. DevNation - Mar. 10, 2022 20 Sorry, Love DevOps A More Relatable Example Why Can’t Governance Take Just Second?! Work in Process 98% Success Rate 60% Success Rate 16 hrs. 400 hrs.
  • 21. DevNation - Mar. 10, 2022 Sorry, Love DevOps 21 Chasing Herbies’ How Do We Address The Governance Bottleneck?
  • 22. DevNation - Mar. 10, 2022 22 Sorry, Love DevOps Modern Governance
  • 23. DevNation - Mar. 10, 2022 Sorry, Love DevOps 23 Move from implicit security & compliance models to explicit proof. Modern Governance How Do We Need to Think Differently
  • 24. DevNation - Mar. 10, 2022 Sorry, Love DevOps 24 Two Types of Toil: Audit Toil Delivery Toil Governance is the Bottleneck We Need to Think Differently
  • 25. DevNation - Mar. 10, 2022 Sorry, Love DevOps Continuous Risk Assessment 25 Source: https://software.af.mil/wp-content/uploads/2021/05/DoD-Enterprise-DevSecOps-2.0-Strategy-Guide.pdf (Pg. 19)
  • 26. DevNation - Mar. 10, 2022 Sorry, Love DevOps 26 Source: https://myresources.itrevolution.com/viewer/?Id=006657043
  • 27. DevNation - Mar. 10, 2022 Sorry, Love DevOps Example IORCAA 27 Dependency Management Source: https://myresources.itrevolution.com/viewer/?Id=006657043
  • 28. DevNation - Mar. 10, 2022 Sorry, Love DevOps What If There Was… 28 A technology-agnostic canonical implementation of SDLC tooling, with default workflow implementations, that allows one to layer in current, and future unknown concerns, which are independent of SDLC tool execution?
  • 29. DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 29 A technology-agnostic canonical implementation of SDLC tooling, with default workflow implementations, that allows one to layer in current, and future unknown concerns, which are independent of SDLC tool execution.
  • 30. DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Ecosystem 30 https://github.com/ploigos
  • 31. DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 31 How It Works CI Tool Static Scanning Lines & Lines of Imperative Logic
  • 32. DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 32 How It Works CI Tool $ psr static-scan Ploigos Step Runner Step Runner Config Retrieve Configuration Invoke Tools
  • 33. DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 33
  • 34. DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 34 How It Works ▸ Procedural ▸ Declarative ▸ SOLID ・ S - Single Responsibility ・ O - Open-Closed Principle ・ L - Liskov Substitution ・ I - Interface Segregation ・ D - Dependency Inversion
  • 35. DevNation - Mar. 10, 2022 Sorry, Love DevOps 35 Unit Tested Workflow Advantages Integration Tested Tools A workflow & tool set as a service
  • 36. DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 36 How It Works - Automated Governance CI Tool $ psr static-scan Ploigos Step Runner Step Runner Config Retrieve Configuration Collect, Serialize, Sign,& Persist Outcomes Invoke Tools Store Outcome Attestation
  • 37. DevNation - Mar. 10, 2022 Sorry, Love DevOps Ploigos Step Runner 37 How It Works Evidence Attestation Persisted Evidence Cross Reference Eachother
  • 38. DevNation - Mar. 10, 2022 38 Sorry, Love DevOps Automated Control Gate Activity Collect Material Normalized Material Retrieve Attestation Validate & Audit Attestation Attest To (Sign) Material & Persist Retrieve Policy Evidence & Attestation Procedure Policy Enforcement Point Procedure
  • 39. DevNation - Mar. 10, 2022 Sorry, Love DevOps Serialize Material is Key to Externalized Policy 39 Evidence & Attestation - How to Codify Policy, Security, & Compliance
  • 40. DevNation - Mar. 10, 2022 Sorry, Love DevOps 40
  • 41. DevNation - Mar. 10, 2022 Sorry, Love DevOps Externalize Governance - Audit Against Business Interface 41 Policy Enforcement Point - How to Codify Policy, Security, & Compliance
  • 42. DevNation - Mar. 10, 2022 Sorry, Love DevOps 42
  • 43. DevNation - Mar. 10, 2022 Sorry, Love DevOps Continuous Integration as Evidence 43 Evidence Collection & Attestation of CI Process & Outcomes
  • 44. DevNation - Mar. 10, 2022 Sorry, Love DevOps Validateable Continuous Deployment 44 Audits Are the First Part of the Deployment Process
  • 45. DevNation - Mar. 10, 2022 Sorry, Love DevOps 100% Automated - Commit to Production 45 Automated Governance = Compliance as Code + Policy as Code
  • 46. DevNation - Mar. 10, 2022 Sorry, Love DevOps Key Architectural Themes 46 Applying Modern Governance 1. Externalized Policy - Independent of all tools 2. Trusted Agent - Collect Evidence, Attest, Enforce Policy 3. Observibility - More important to know what is not/cannot be validated, as opposed to what is passing & failing. 4. Convergence - Distill processes, tools, policies, and procedures to reusable cross-cutting concern
  • 47. DevNation - Mar. 10, 2022 linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat Bill Bensing Email: wbensing@redhat.com Twitter: @BillBensing LinkedIn: https://www.linkedin.com/in/billbensing/ No Questions, Just Conversations 47