By Renata Budko, Wallarm

Last week I spent a few days in Las Vegas with the great folks at the Gartner IT Infrastructure, Operations & Cloud Strategies Conference.

Gathered for the conference there were experts around the world from analysts to VPs to infrastructure and operations leaders to C-suite executives all looking for insights into cloud, IoT, security, artificial intelligence, automation and machine learning. To me, the mantra is to accelerate innovation in a hybrid world.

Data center as we know it may be going away, with IT infrastructure and operations becoming digital and distributed and using technologies like Cloud, Edge Computing, DevSecOps and AIOps — all cutting across the functional roles of typical infrastructure & operations teams.

There several interesting insights I believe that I learned from talking to the folks at the conference and the sessions themselves.

Renata’s Insight #1: Adoption pattern for new technologies have changed.

Ten years ago new technologies might have been talked about in the boardrooms, but even to get them into labs would take months if not years. Five years ago we saw the rise of the shadow IT — with new cloud technology been tried by the individual teams without the approval from the corporate IT — all in the name of the agility. Today, more than half of the folks I spoke to are adopting the newest tech such as Dockers and Kubernetes in production. These technologies are only three or four years old so seeing them in production in serious IT shops is nothing short of amazing. At the same time the adoption, although prod, has a very low level of penetration. Seems like the new tech adoption has become vertical, project by project and corporate IT has officially adopted the practices first introduced by the shadow IT.

Renata’s Insight #2: Distributed tech doesn’t need to be applied all at once.

When talking about new technologies and architectures, we tend to talk about Microservices-powered applications, based on containers, running in the clouds, managed by something like Kubernetes, probably involving software-defined infrastructure and operated by DevOps professionals. What we often forget is that all these technologies, though better together, have significant independent value. Just deploying dockers and following the idea of “immutable infrastructure” or just incorporating public cloud into the I&O strategy may be a good enough first step.

Renata’s Insight #3: Continuous security is the way forward.

Security processes are changing drastically. The way it was phrased is that security is “shifting left” developers are becoming responsible for incorporating security into the process. With the development and deployment speeding up and becoming continuous, security is helping this process to stay in line, becoming “guarding rail” instead of a gate the code needs to pass through before being deployed. I feel that this is best explained by a diagram Mark Horvath, Sr. Director Analyst has presented during his talk DevSecOps: Continuous Delivery Needs Continuous Security

presentation by Mark Horvath [2]

Renata’s Insight #4: It’s up to the security team to adapt

Now that the security is not just the prerogative of the security teams, making it accessible, understandable and non-blocking is up to the folks in the security teams. Both the vendors and the in-house professionals and becoming the “pit-team”, trainers and coaches in the DevOps environment supplying automation and toolkits that can be used by folks who need the utility of the tools but do not have the bandwidth or the inclination to become experts in security. Traditional security approaches won’t work well with. I feel that this [G3] new DevSecOps approach is probably best described by a quote from Neil McDonald, Gartner Distinguished VP Analyst who noted during his session: DevSecOps: Seamlessly Integrating Security Into DevOps[1]:

Use AST tools and services that are geared for rapid turnaround with high fidelity results. Zero vulnerabilities aren’t possible. Focus on highest severity, highest confidence first.

If you get a chance to attend the Gartner infrastructure conference later this year in Sydney, Sau Paulo or Mumbai, I’d highly recommend it.

Sources:

[1]Gartner, Gartner IT Infrastructure, Operations & Cloud Strategies Conference Presentation, DevSecOps: Seamlessly Integrating Security Into DevOps, Neil MacDonald, 5 December 2018.

[2] Gartner, Gartner IT Infrastructure, Operations & Cloud Strategies Conference Presentation, DevSecOps: Continuous Delivery Needs Continuous Security, Mark Horvath, 3 December 2018.

Leave a Reply

Show Buttons
Hide Buttons