Dear IT Operations: It’s Time To Get Serious About Security

Milan Hanson

Okay, I’ll apologize right away to the IT ops teams that are already security-savvy. Hats off to you. But I suspect there are still a few that leave security to the CISO’s team.

On Friday, May 12, 2017, evil forces launched a ransomware pandemic, like a defibrillator blasting security into the heart of IT operations. What protected some systems? It wasn’t an esoteric fancy-pants security tool that made some organizations safe; it was simple e-hygiene: Keep your operating systems current. Whose job is that? IT operations’. Had the victims kept up with OS versions and patches, they wouldn’t have been working over the weekend to claw back from disaster. What’s the path to quick restoration? Having a safe offline backup. Whose job is that? IT operations’. The WannaCry ransomware outbreak is a brutal reminder that IT operations plays a critical role (or not!) in protecting the business from villains.

While headlines get everyone’s attention, there’s another non-news reason for IT operations to step up its security role, and that’s profit. In this age of the customer, the businesses that gain market share and disrupt industries are exceptionally agile; they deliver the features that users want as fast as they want them. DevOps arose from that new reality: to make IT operations as quick and nimble as developers are. In the process (and I would argue that this should be essential to the process), operations people learned a lot more about development, and developers learned a lot more about operations. The infamous “wall” between dev and ops is crumbling, and customers, the business, and shareholders are happier for it.

Read more

DevOps Has Reached “Escape Velocity”, CIO’s Need To Get Onboard!

Robert Stroud

In an era where velocity and agility are driving technology management organizations over simple cost reduction, every business must constantly evolve to drive business differentiation. Leveraging practices such as Lean and Agile, smaller changes, automated pipelines and product centric teams, DevOps is transitioning from unicorns and small projects to company-wide initiatives. Companies such as WalmartING and JetBlue to name a few are leveraging DevOps to drive their business transformations and are reaping the benefits or accelerated velocity across the organization. DevOps is a powerful approach available to the CIO to drive velocity and agility, supporting the innovation required to drive business transformation.

 

Unlocking the value requires cultural change

To unlock the promise of DevOps, CIOs must lead and support a cultural change within their technology management organization. As any leader knows, changing institutionalized behavior is the toughest of all management challenges and CIOs are understandably skeptical of new trends.  Despite this, CIOs must recognize when a trend becomes an imperative for survival. DevOps has become this imperative, and CIOs must engender a culture of collaboration and learning and enable their people with the right tools to drive holistic life-cycle automation.  

 

Lean processes are critical to success

Read more

DevOps, Invest For Velocity And Quality!

Robert Stroud

Delivering exceptional customer experiences and product for your business take speed and flexibility. More than ever before, speed and flexibility are required from every part of your organization, business and IT alike. DevOps provides your business leaders, enterprise architects, developers and I&O leaders a philosophy to achieve, not only the velocity that customers desire but also drive innovation and enforces quality. One example is ING. The company is undergoing a major digital transformation in which DevOps is a primary driver supporting their transformation. ING CIO Ron van Kemenade has initiated DevOps as the vehicle to aggressively support ING’s evolving customer needs. At ING, technology is the beating heart of the bank.[i]

DevOps requires a transition from technical silos to product centered teams

Effective DevOps will require the tearing down of the technology based silos within an organization.  Instead, teams need to focus on the products (or service) delivered and be empowered to own the complete lifecycle.  Key performance metrics such as such as availability, the number of features added are used to measure the speed and quality of how these product centered teams work.  In some organizations, the team may even own support of the designed and delivered services.  This integrated product team is a fusion of developers, infrastructure & operations, quality assurance, and release managers into a single team that works on the entire pipeline, from commit to deployment. Existing centers of excellence such as DBA’s or security teams will remain and support the DevOps team; in some cases, they might even be allocated to the team for a particular duration. [ii]

Deconstruct silos of automation and replace with full pipeline automation

Read more

Check Out The New Forrester Wave™ Of Leading DRaaS Providers

Naveen  Chhabra

I am pleased to announce that the new Forrester Wave™: Disaster-Recovery-as-a-Service Providers, Q2 2017 for infrastructure and operations professionals is now live! This Wave evaluation uncovered a market in which four providers — Sungard Availability Services, Bluelock, IBM, and iland — all emerged as Leaders, although their strengths differ. Another five providers — HPE Enterprise Services (now DXC Technology), Recovery Point, Plan B, Daisy, and TierPoint — are Strong Performers. NTT Communications is a Contender.

To evaluate these vendors, we developed a comprehensive set of criteria in three high-level buckets: current offering, strategy, and market presence. The criteria and their weightings are based on past research and user inquiries. In addition to typical user demands, this Forrester Wave™ evaluation also has a few thought-provoking criteria such as the provider’s capability to deliver security services, real-time views through a readiness score, automated change management, and orchestration-led enterprise application recovery.

Read more

A One-Year I&O Transformation

Milan Hanson

Back when I worked in I&O we weren’t very popular. Not personally, mind you, but as a team. Why? Because we seldom satisfied user requests quickly, and sometimes not at all.  We were the defenders of stability, resistant to change.  Just maintaining the technology every day - “keeping the lights on” - took a lot of manual effort.  We chased down a lot of defects, and then we struggled to get fixes created and put into production. Sometimes the fix created a worse problem. It wasn’t a lot of fun, the pressure was grueling, and one by one we moved on to other jobs.

So today when I tell clients about transforming I&O from an under-appreciated cost center to a respected strategic advisor, I understand their skepticism. What does it take? For starters:

  • You have to change the monitoring and analytics technology.
  • You have to change the attitudes of the people within I&O.
  • You have to change the perception of I&O across the organization.

Those are not small changes, and cultural changes move especially slowly. Or do they?

The I&O team at Dixons Carphone, a UK technology retailer, transformed in a year. Yes, one year. With a motto of “say yes more,” Dixons Carphone I&O went all-in on customer focus and agile operations:

  • Rather than using a lengthy RFP process, monitoring technology proven effective in one business unit was extended across the organization.
  • Rather than focusing on technology health, the focus was shifted to customer experience.
  • Rather than focusing solely on the needs of consumer customers, attention was also given to the needs of internal users, line-of-business managers, and executives.
Read more

A Spring Break Conversation Topic With Your College Kid

Eveline Oehrlich

I don’t know about you, but this spring break is different in my family. My daughter, who has almost finished her first year at a liberal-arts college, came back for spring break with the big question “Mom, what major should I choose?” Of course, as an analyst in technology and — not to brag, but as a professional who has had many roles in IT (programmer, systems administrator, and computer and information systems analyst — my first initial thought was to suggest that she look into computer information systems or computer science. She has the ability; she is an excellent STEM student. So I told her that I would do some research and get back to her.

Here is what I found: According to the United States Bureau Of Labor Statistics, the employment of computer and information technology occupations is projected to grow 12% from 2014 to 2024, which is faster than the average (8%) for all occupations. I quickly put together a table summarizing the majority of professions and found the following:

  • The highest-growth jobs in computer and information technology are in designing solutions and systems helping organizations to operate more efficiently and effectively (computer systems analysts), with a 21% growth rate.
  • The second-highest growth is in jobs to address specific topics, such as information security analyst (18%), computer support specialist (12%), and software developer (17%).
  • Medium growth rates are in jobs that design, build, and support specific technologies, such as computer network architects (9%) and computer systems administrators (8%).
  • Programming jobs, including computer programmers, are declining (–8%); hardware engineering jobs are growing slowly (3%).
Read more

Sysadmins: You're All Developers Now

Chris Gardner
In a past life I was a system administrator, or "sysadmin". I enjoyed it, but even in those halcyon days of remoting into servers and driving to the office at 2 AM (hoping the server room wasn't on fire), I knew I had a limited shelf life. It wasn't until years later that I fully understood why:
 
Administrators are babysitters. The era of tech babysitters is over.
 
In the age of the customer, admins need to be just as dynamic as their developer brethren. That means a hard shift to software-defined infrastructure. It also means using the same tools and processes that accelerate business technology.
 
In other words, you need to become a developer.
 
Read more

Traditional I&O Is Dead - The DevOps Phoenix Rises

Eveline Oehrlich

If you already belong to a high-performing DevOps organization and you are working on leveraging opensource for monitoring to drive feedback loops, or delivering better security with DevSecOps, or making sure you are understanding continuous testing then you don’t need to read the following – you can stop now.

However, if you are facing the challenges that your app dev team is developing faster than you can deliver or you realize that ITIL does not help you in increasing your speed and quality of deployment or your manual deployment capability do not scale or human error has caused some outage…don’t delay your shift your operating model towards DevOps. Our DevOps vision report gives I&O leader’s guidance on how to modify the operating model to focus on velocity and quality to deliver “great” customer experiences.

Products not functional silo’s for customer obesession

The first transition is one of focusing on products not functional IT silos. Developers, operations, QA teams and release teams should be merged into a single team around the product.  This team is accountable for the complete pipeline from ideation to delivery and depending on the culture, support as well.

Evaluate your success, based on the five critical DevOps metrics.

Read more

Yes, Cloud Is Still Safe Despite The AWS Outage - UPDATE

Dave Bartoletti

UPDATE 2016-03-02:

Less than 48 hours after the failure, AWS has published a detailed analysis of what went wrong. As we'd hoped, the analysis is extremely transparent, direct, and outlines the actions AWS is taking to mitigate the risk of future failure. If you don't have time to read the details, here's the lowdown:

  • As we expected (see below), the inititating event was a human error. An authorized admin executed a script to take some parts of S3 off line, but took more than needed off line at once. The user was authorized and the script worked, but it should have had additional safety checks (limits).
  • Restarting such a large subsystem took longer than expected. A restart of this magnitude had not been tested recently. As a key part of the S3 system in the affected region, the restart delay caused the S3 APIs to become unavailable.
  • The AWS Service Health Dashboard admin console could not be updated because it, too, depended on S3 in the affected region.

What It Means:

Our original advice for AWS customers below stands: check your apps for dependence on a single S3 region. In addition,

  • Test your operational scripts. Do you have a maintenance script you have't run for a while? Check is now for limits.
  • Isolate your monitoring tools from your production systems. You can't monitor a system from the inside while it's failing.
  • Think big in your DR and availability planning. Test a larger failure than usual. Rare events over a long enough period of time...are no longer rare.
Read more

DevOps, No Longer Just For “Unicorns”

Robert Stroud

The born-digital “unicorn” companies such as Etsy, Google and Netflix, are pioneers of modern DevOps, but BT leaders at companies of all ages, sizes, and types are now eagerly pursuing the same principles.[i] The pressure for speed and quality is DevOps becoming pivotal for all organizations. For example, KeyBank is leveraging DevOps to quickly deliver business new customer capability using streamlined coordination between application development and operations. DevOps is allowing KeyBank to shorten delivery time by up to 85% and reduce defects by at least 30%.  According to a 2016 State of DevOps report, high performers are twice as likely to exceed their organization’s profitability, market share, and productivity goals.[ii]

Understand Your Company's Requirements For Modern Service Delivery

Read more