SlideShare a Scribd company logo

Automated Governance

John Willis
John Willis

This document provides an overview of automated governance and DevSecOps. It discusses using automated governance to reduce audit time, increase efficacy, shorten feedback loops, and enable trust. Automated governance can enforce policies to block vulnerabilities and misconfigurations. The remainder of the document discusses industry trends and outlines a reference architecture for implementing DevSecOps automated governance across development, non-production, and production stages.

Technology
1 of 45
Download to read offline
An Overview Automated Governance John WIllis Global Transformation Office 1
2 Outline ● Global Transformation Overview ● DevSecOps ● Automated Governance
GTO
● Strategy review ● Industry trends ● Progress monitoring ● Leadership 4 GTO Guiding Coalition Platform - Coalition Jabe Bloom Sr Dir, Global Transformation CSTO, CTO SocioTechnical Systems | Speaker Critical Irritant | Transition Designer Andrew Clay Shafer VP, Global Transformation Founder: Puppet, DevOpsDays, Author Web Operations IT Optimizer | Change Agent Founder | Organizer Kevin Behr Sr Dir, Global Transformation Author, Phoenix Project, Visible Ops CIO, CTO IT Strategist | Speaker Enterprise CXO Advisor John Willis Sr Dir, Global Transformation Author, DevOps Handbook, Beyond the Phoenix Project CIO, CTO IT Strategist | Founder Speaker | Author @littleidea @kevinbehr @botchagalupe @cyetain
● Reduce Audit Time ● Increase Audit Efficacy ● Shorten Feedback Loops ● Local Authority ● Minimize Handoffs ● Enable Trust 5 Automated Goverance Enforce and Audit Policy Block critical vulnerabilities Block misconfigured infrastructure Audit and Control
6 DevSecOps Dojo ● Increase collaboration and innovation ● Shared Responsibility Model ● Cloud/Platform Enablement ● Templates, Models, and Pipelines ● Automated Governance ● Outcome Based Metrics ● Chaos Engineering ● Skills Liquidity Enablement Platform - Adopt
● Common Devops Metrics ○ Lead Time ○ Deploys ○ MTTR ○ Change Success ● Advanced Devops Metrics ○ Flow Metrics ○ Change failure rate by team ○ Change failure rate by work type7 Delivery Metrics Platform - Adopt
8 Economic Impact Analysis ● Consistency ● Toil ● Risk ● Testing ● Automation
9 Economic Impact ● Waste: ○ Possibly >30% (on a 450m budget) $135M wasted on general processing. ● Consistency: ○ Another 10% to 15% on lost opportunity cost (low or no automation) $45m to $67M ● Risk: ○ Negative Risk ROI.
DevSecOps
● DevOps Automated Governance ● Automated Cloud Governance 11 Industry Working Groups
Minimum Viable Security Posture
Changing Subjective attestation into Objective attestation
The Trusted Software Supply Chain 15 TRUSTED CODE REPOS CCB RAPID ATO OPENSHIFT SOFTWARE FACTORY • Che • Github • Cucumber • Junit • Sonarqube • Fortify • AtomicScan • Anchore • Twistlock AUTOMATED QUALITY REQ • Jira DEV UNIT TEST CODE QUAL SEC SCAN INT TEST QA UAT PROD • Sysdig • EFK CM CS Service Mesh
● Reduce Audit Time ● Increase Audit Efficacy ● Shorten Feedback Loops ● Local Authority ● Minimize Handoffs ● Enable Trust 16 Objective Evidence and Closed Feedback Loops Enforce and Audit Policy Block critical vulnerabilities Block misconfigured infrastructure Audit and Control
Automated Governance
2015 2018 2019
• Universal artifact metadata • Metadata API • Strong access controls • Rich query-ability Audit and Govern the Software Supply Chain
● Reduce Audit Time ● Increase Audit Efficacy ● Shorten Feedback Loops ● Local Authority ● Minimize Handoffs ● Enable Trust 22 DevOps Automated Governance Enforce and Audit Policy Block critical vulnerabilities Block misconfigured infrastructure Safe Cloud Usage
Devops automated Governance Reference Architecture Development Non Prod Deploy PackageBuild Prod Deploy Dependency Mgmt Artifact Repo Common Control 1. Access Control 2. Audit Train/log 3. Everything source control 4. Usage policies Common Actors 1. Auditor, Risk/Compliance Office 2. (system) 3. Tools Admin
Source Code Repository Stage
Build Stage
Dependency Management Stage
Package Stage
Artifact Stage
Prod Stage
Stage Control Example Control Source Integration Elements Source Code Repo Pull Request GitHub Webhook pull_request repository Source Code Repo Peer Review GitHub Webhook actor pull_request repository Source Code Repo Unit Test SonarQube Pipeline new_coverage Source Code Repo Clean Dependency Artifactory Pipeline dependency source Source Code Repo Information Leakage GitHub Webhook (custom) Source Code Repo Static Code Analysis Muse Webhook pull_request repository
Stage Control Example Control Source Integration Elements Build Build Definition Jenkins & GitHub Pipeline Peer Review Checkout Build Immutable Build Jenkins Pipeline TBD Build Upstream Approved Dependency Artifactory Jenkins TBD Build Unit Test SonarQube Jenkins TBD Build Linting SonarQube Jenkins TBD Build Static Security Analysis Checkmarx Jenkins TBD
Stage Control Example Control Source Integration Elements Package Trusted Dependency Store Artifactory Jenkins TBD Package License Check Artifactory Jenkins TBD Package Vulnerability Scan Aqua Jenkins TBD Package Trusted Authority Artifactory Jenkins TBD Package Versioning Artifactory Jenkins TBD Package Usage Policy Artifactory Jenkins TBD
Stage Control Example Control Source Integration Elements Production Deploy Trusted Sources Artifactory Jenkins TBD Production Deploy Trusted Configurations GitHub Jenkins TBD Production Deploy Intrusion Detection TBD Jenkins TBD Production Deploy Monitoring & Alerting Elastic, PagerDuty Jenkins TBD Production Deploy Change Management ServiceNow Jenkins TBD Production Deploy Secrets Management Vault Jenkins TBD Production Deploy Unauthorized Change Detection Jenkins Jenkins TBD Production Deploy Production Access Control Vault Jenkins TBD Production Deploy Deployment Strategy Jenkins, Helm Jenkins TBD
Policy as Code • Human Readable (YAML) • Machine Interpreted • Version Controlled • Models Attestations and Enforcement
Policy As Code
Event Driven Architecture
Automated Data Pipeline with Objective Compliance Platform is a Secure and Auditable Control Point Inspection based on policy Enforcement by Policy Attestation Datastore Policy as Code Subjective to Objective
Cloud Automated Governance
Cloud Automated Governance
linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat Thank you jwillis@redhat.com @botchagalupe 45

Recommended

DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
DevOps Indonesia
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Amazon Web Services
 
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
Sonatype
 
Observability For Modern Applications
Observability For Modern ApplicationsObservability For Modern Applications
Observability For Modern Applications
Amazon Web Services
 
Cloud Native Engineering with SRE and GitOps
Cloud Native Engineering with SRE and GitOpsCloud Native Engineering with SRE and GitOps
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
 

Recommended

DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
DevOps Indonesia
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Amazon Web Services
 
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
Sonatype
 
Observability For Modern Applications
Observability For Modern ApplicationsObservability For Modern Applications
Observability For Modern Applications
Amazon Web Services
 
Cloud Native Engineering with SRE and GitOps
Cloud Native Engineering with SRE and GitOpsCloud Native Engineering with SRE and GitOps
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
Platform engineering 101
Platform engineering 101Platform engineering 101
Platform engineering 101
Sander Knape
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
 
Devops as a service
Devops as a serviceDevops as a service
Devops as a service
Saravanan Subburayal
 
SRE (service reliability engineer) on big DevOps platform running on the clou...
SRE (service reliability engineer) on big DevOps platform running on the clou...SRE (service reliability engineer) on big DevOps platform running on the clou...
SRE (service reliability engineer) on big DevOps platform running on the clou...
DevClub_lv
 
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessAppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Robert Grupe, CSSLP CISSP PE PMP
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Cheah Eng Soon
 
DevOps Best Practices
DevOps Best PracticesDevOps Best Practices
DevOps Best Practices
Giragadurai Vallirajan
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
Hendri Karisma
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and How
DevOps.com
 
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Adrian Todorov
 
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConShifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Tom Stiehm
 
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation SlidesDevops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
SlideTeam
 
Copilot to Cover: Why AI can't replace developers with robots, but can make l...
Copilot to Cover: Why AI can't replace developers with robots, but can make l...Copilot to Cover: Why AI can't replace developers with robots, but can make l...
Copilot to Cover: Why AI can't replace developers with robots, but can make l...
Andy Piper
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services
 
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKSMigrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Weaveworks
 
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Vietnam Open Infrastructure User Group
 
Modernize Development with Agile Engineering Practices
Modernize Development with Agile Engineering PracticesModernize Development with Agile Engineering Practices
Modernize Development with Agile Engineering Practices
CollabNet
 

More Related Content

What's hot

DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
Platform engineering 101
Platform engineering 101Platform engineering 101
Platform engineering 101
Sander Knape
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
 
Devops as a service
Devops as a serviceDevops as a service
Devops as a service
Saravanan Subburayal
 
SRE (service reliability engineer) on big DevOps platform running on the clou...
SRE (service reliability engineer) on big DevOps platform running on the clou...SRE (service reliability engineer) on big DevOps platform running on the clou...
SRE (service reliability engineer) on big DevOps platform running on the clou...
DevClub_lv
 
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessAppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Robert Grupe, CSSLP CISSP PE PMP
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Cheah Eng Soon
 
DevOps Best Practices
DevOps Best PracticesDevOps Best Practices
DevOps Best Practices
Giragadurai Vallirajan
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
Hendri Karisma
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and How
DevOps.com
 
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Adrian Todorov
 
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConShifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Tom Stiehm
 
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation SlidesDevops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
SlideTeam
 
Copilot to Cover: Why AI can't replace developers with robots, but can make l...
Copilot to Cover: Why AI can't replace developers with robots, but can make l...Copilot to Cover: Why AI can't replace developers with robots, but can make l...
Copilot to Cover: Why AI can't replace developers with robots, but can make l...
Andy Piper
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services
 
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKSMigrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Weaveworks
 

What's hot (20)

DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
Platform engineering 101
Platform engineering 101Platform engineering 101
Platform engineering 101
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
 
Devops as a service
Devops as a serviceDevops as a service
Devops as a service
 
SRE (service reliability engineer) on big DevOps platform running on the clou...
SRE (service reliability engineer) on big DevOps platform running on the clou...SRE (service reliability engineer) on big DevOps platform running on the clou...
SRE (service reliability engineer) on big DevOps platform running on the clou...
 
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessAppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
DevOps Best Practices
DevOps Best PracticesDevOps Best Practices
DevOps Best Practices
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and How
 
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...
 
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConShifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
 
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation SlidesDevops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
 
Copilot to Cover: Why AI can't replace developers with robots, but can make l...
Copilot to Cover: Why AI can't replace developers with robots, but can make l...Copilot to Cover: Why AI can't replace developers with robots, but can make l...
Copilot to Cover: Why AI can't replace developers with robots, but can make l...
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
 
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKSMigrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
 

Similar to Automated Governance

Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Vietnam Open Infrastructure User Group
 
Modernize Development with Agile Engineering Practices
Modernize Development with Agile Engineering PracticesModernize Development with Agile Engineering Practices
Modernize Development with Agile Engineering Practices
CollabNet
 
Training Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptxTraining Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptx
Nashet Ali
 
SplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for Devops
Splunk
 
GitLab's Acquisition Strategy & Approach
GitLab's Acquisition Strategy & ApproachGitLab's Acquisition Strategy & Approach
GitLab's Acquisition Strategy & Approach
Eliran Mesika
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdf
ssuser31375f
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software Delivery
Anand Chauhan
 
A Roadmap to Enterprise Quality
A Roadmap to Enterprise QualityA Roadmap to Enterprise Quality
A Roadmap to Enterprise Quality
Jeff Bramwell
 
SanDiego_DevOps_Meetup_9212016
SanDiego_DevOps_Meetup_9212016SanDiego_DevOps_Meetup_9212016
SanDiego_DevOps_Meetup_9212016w2fong
 
SanDiego_DevOps_Meetup_9212016-v8
SanDiego_DevOps_Meetup_9212016-v8SanDiego_DevOps_Meetup_9212016-v8
SanDiego_DevOps_Meetup_9212016-v8Rajwinder Singh
 
DevOps Powered by Splunk
DevOps Powered by SplunkDevOps Powered by Splunk
DevOps Powered by Splunk
Splunk
 
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CDDevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
DevOps_Fest
 
DevOps in Practice
DevOps in PracticeDevOps in Practice
DevOps in Practice
Derek Chen
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Vimal Suba
 
The Era of Intelligent Testing
The Era of Intelligent TestingThe Era of Intelligent Testing
The Era of Intelligent Testing
mabl
 
Change management in hybrid landscapes
Change management in hybrid landscapesChange management in hybrid landscapes
Change management in hybrid landscapes
Chris Kernaghan
 
DevOps: The Future of Software Development
DevOps: The Future of Software DevelopmentDevOps: The Future of Software Development
DevOps: The Future of Software Development
Opsta
 
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
Kellton Tech Solutions Ltd
 
Infrastructure as Code for Network
Infrastructure as Code for NetworkInfrastructure as Code for Network
Infrastructure as Code for Network
Damien Garros
 
ALM with TFS: From the Drawing Board to the Cloud
ALM with TFS: From the Drawing Board to the CloudALM with TFS: From the Drawing Board to the Cloud
ALM with TFS: From the Drawing Board to the Cloud
Jeremy Likness
 

Similar to Automated Governance (20)

Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
 
Modernize Development with Agile Engineering Practices
Modernize Development with Agile Engineering PracticesModernize Development with Agile Engineering Practices
Modernize Development with Agile Engineering Practices
 
Training Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptxTraining Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptx
 
SplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for Devops
 
GitLab's Acquisition Strategy & Approach
GitLab's Acquisition Strategy & ApproachGitLab's Acquisition Strategy & Approach
GitLab's Acquisition Strategy & Approach
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdf
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software Delivery
 
A Roadmap to Enterprise Quality
A Roadmap to Enterprise QualityA Roadmap to Enterprise Quality
A Roadmap to Enterprise Quality
 
SanDiego_DevOps_Meetup_9212016
SanDiego_DevOps_Meetup_9212016SanDiego_DevOps_Meetup_9212016
SanDiego_DevOps_Meetup_9212016
 
SanDiego_DevOps_Meetup_9212016-v8
SanDiego_DevOps_Meetup_9212016-v8SanDiego_DevOps_Meetup_9212016-v8
SanDiego_DevOps_Meetup_9212016-v8
 
DevOps Powered by Splunk
DevOps Powered by SplunkDevOps Powered by Splunk
DevOps Powered by Splunk
 
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CDDevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
 
DevOps in Practice
DevOps in PracticeDevOps in Practice
DevOps in Practice
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
 
The Era of Intelligent Testing
The Era of Intelligent TestingThe Era of Intelligent Testing
The Era of Intelligent Testing
 
Change management in hybrid landscapes
Change management in hybrid landscapesChange management in hybrid landscapes
Change management in hybrid landscapes
 
DevOps: The Future of Software Development
DevOps: The Future of Software DevelopmentDevOps: The Future of Software Development
DevOps: The Future of Software Development
 
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
 
Infrastructure as Code for Network
Infrastructure as Code for NetworkInfrastructure as Code for Network
Infrastructure as Code for Network
 
ALM with TFS: From the Drawing Board to the Cloud
ALM with TFS: From the Drawing Board to the CloudALM with TFS: From the Drawing Board to the Cloud
ALM with TFS: From the Drawing Board to the Cloud
 

More from John Willis

Devops Long Strange Trip
Devops Long Strange Trip Devops Long Strange Trip
Devops Long Strange Trip
John Willis
 
I Got 99 Problems and a Bash DSL Ain't One of Them
I Got 99 Problems and a Bash DSL Ain't One of ThemI Got 99 Problems and a Bash DSL Ain't One of Them
I Got 99 Problems and a Bash DSL Ain't One of Them
John Willis
 
Math is cool
Math is coolMath is cool
Math is cool
John Willis
 
The 7 deadly diseases of DevOps 2019
The 7 deadly diseases of DevOps 2019The 7 deadly diseases of DevOps 2019
The 7 deadly diseases of DevOps 2019
John Willis
 
Next Generation Infrastructure - Devops Enterprise Summit 2018
Next Generation Infrastructure - Devops Enterprise Summit 2018Next Generation Infrastructure - Devops Enterprise Summit 2018
Next Generation Infrastructure - Devops Enterprise Summit 2018
John Willis
 
swampUP - 2018 - The Divine and Felonious Nature of Cyber Security
swampUP - 2018 - The Divine and Felonious Nature of Cyber SecurityswampUP - 2018 - The Divine and Felonious Nature of Cyber Security
swampUP - 2018 - The Divine and Felonious Nature of Cyber Security
John Willis
 
Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018
John Willis
 
Devops - A Long Strange Trip It's Been
Devops - A Long Strange Trip It's BeenDevops - A Long Strange Trip It's Been
Devops - A Long Strange Trip It's Been
John Willis
 
DevopsdaysNYC - Almost 10 Years - What A Strange Long Trip It's Been
DevopsdaysNYC - Almost 10 Years - What A Strange Long Trip It's BeenDevopsdaysNYC - Almost 10 Years - What A Strange Long Trip It's Been
DevopsdaysNYC - Almost 10 Years - What A Strange Long Trip It's Been
John Willis
 
You build it - Cyber Chicago Keynote
You build it - Cyber Chicago KeynoteYou build it - Cyber Chicago Keynote
You build it - Cyber Chicago Keynote
John Willis
 
Art of the Possible - Serverless Conference NYC 2017
Art of the Possible - Serverless Conference NYC 2017 Art of the Possible - Serverless Conference NYC 2017
Art of the Possible - Serverless Conference NYC 2017
John Willis
 
Why Executives Can't Change
Why Executives Can't Change Why Executives Can't Change
Why Executives Can't Change
John Willis
 
Devops Kaizen - DevopsDays Dallas 2017
Devops Kaizen - DevopsDays Dallas 2017 Devops Kaizen - DevopsDays Dallas 2017
Devops Kaizen - DevopsDays Dallas 2017
John Willis
 
Evolve 2017 - Vegas - Devops, Docker and Security
Evolve 2017 - Vegas - Devops, Docker and Security Evolve 2017 - Vegas - Devops, Docker and Security
Evolve 2017 - Vegas - Devops, Docker and Security
John Willis
 
Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source
John Willis
 
Alibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker EnterpriseAlibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker Enterprise
John Willis
 
Breaking Bad Equilibrium - Devops Connect 2017 RSAC
Breaking Bad Equilibrium - Devops Connect 2017 RSACBreaking Bad Equilibrium - Devops Connect 2017 RSAC
Breaking Bad Equilibrium - Devops Connect 2017 RSAC
John Willis
 
Breaking Bad Equilibrium - Devops Connect 2016 LA
Breaking Bad Equilibrium - Devops Connect 2016 LABreaking Bad Equilibrium - Devops Connect 2016 LA
Breaking Bad Equilibrium - Devops Connect 2016 LA
John Willis
 
All daydevops 2016 - Turning Human Capital into High Performance Organizati...
All daydevops 2016 - Turning Human Capital into High Performance Organizati...All daydevops 2016 - Turning Human Capital into High Performance Organizati...
All daydevops 2016 - Turning Human Capital into High Performance Organizati...
John Willis
 
Turning Human Capital into High Performance Organizational Capital
Turning Human Capital into High Performance Organizational CapitalTurning Human Capital into High Performance Organizational Capital
Turning Human Capital into High Performance Organizational Capital
John Willis
 

More from John Willis (20)

Devops Long Strange Trip
Devops Long Strange Trip Devops Long Strange Trip
Devops Long Strange Trip
 
I Got 99 Problems and a Bash DSL Ain't One of Them
I Got 99 Problems and a Bash DSL Ain't One of ThemI Got 99 Problems and a Bash DSL Ain't One of Them
I Got 99 Problems and a Bash DSL Ain't One of Them
 
Math is cool
Math is coolMath is cool
Math is cool
 
The 7 deadly diseases of DevOps 2019
The 7 deadly diseases of DevOps 2019The 7 deadly diseases of DevOps 2019
The 7 deadly diseases of DevOps 2019
 
Next Generation Infrastructure - Devops Enterprise Summit 2018
Next Generation Infrastructure - Devops Enterprise Summit 2018Next Generation Infrastructure - Devops Enterprise Summit 2018
Next Generation Infrastructure - Devops Enterprise Summit 2018
 
swampUP - 2018 - The Divine and Felonious Nature of Cyber Security
swampUP - 2018 - The Divine and Felonious Nature of Cyber SecurityswampUP - 2018 - The Divine and Felonious Nature of Cyber Security
swampUP - 2018 - The Divine and Felonious Nature of Cyber Security
 
Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018
 
Devops - A Long Strange Trip It's Been
Devops - A Long Strange Trip It's BeenDevops - A Long Strange Trip It's Been
Devops - A Long Strange Trip It's Been
 
DevopsdaysNYC - Almost 10 Years - What A Strange Long Trip It's Been
DevopsdaysNYC - Almost 10 Years - What A Strange Long Trip It's BeenDevopsdaysNYC - Almost 10 Years - What A Strange Long Trip It's Been
DevopsdaysNYC - Almost 10 Years - What A Strange Long Trip It's Been
 
You build it - Cyber Chicago Keynote
You build it - Cyber Chicago KeynoteYou build it - Cyber Chicago Keynote
You build it - Cyber Chicago Keynote
 
Art of the Possible - Serverless Conference NYC 2017
Art of the Possible - Serverless Conference NYC 2017 Art of the Possible - Serverless Conference NYC 2017
Art of the Possible - Serverless Conference NYC 2017
 
Why Executives Can't Change
Why Executives Can't Change Why Executives Can't Change
Why Executives Can't Change
 
Devops Kaizen - DevopsDays Dallas 2017
Devops Kaizen - DevopsDays Dallas 2017 Devops Kaizen - DevopsDays Dallas 2017
Devops Kaizen - DevopsDays Dallas 2017
 
Evolve 2017 - Vegas - Devops, Docker and Security
Evolve 2017 - Vegas - Devops, Docker and Security Evolve 2017 - Vegas - Devops, Docker and Security
Evolve 2017 - Vegas - Devops, Docker and Security
 
Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source
 
Alibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker EnterpriseAlibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker Enterprise
 
Breaking Bad Equilibrium - Devops Connect 2017 RSAC
Breaking Bad Equilibrium - Devops Connect 2017 RSACBreaking Bad Equilibrium - Devops Connect 2017 RSAC
Breaking Bad Equilibrium - Devops Connect 2017 RSAC
 
Breaking Bad Equilibrium - Devops Connect 2016 LA
Breaking Bad Equilibrium - Devops Connect 2016 LABreaking Bad Equilibrium - Devops Connect 2016 LA
Breaking Bad Equilibrium - Devops Connect 2016 LA
 
All daydevops 2016 - Turning Human Capital into High Performance Organizati...
All daydevops 2016 - Turning Human Capital into High Performance Organizati...All daydevops 2016 - Turning Human Capital into High Performance Organizati...
All daydevops 2016 - Turning Human Capital into High Performance Organizati...
 
Turning Human Capital into High Performance Organizational Capital
Turning Human Capital into High Performance Organizational CapitalTurning Human Capital into High Performance Organizational Capital
Turning Human Capital into High Performance Organizational Capital
 

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 

Recently uploaded (20)

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 

Automated Governance

  • 1. An Overview Automated Governance John WIllis Global Transformation Office 1
  • 2. 2 Outline ● Global Transformation Overview ● DevSecOps ● Automated Governance
  • 3. GTO
  • 4. ● Strategy review ● Industry trends ● Progress monitoring ● Leadership 4 GTO Guiding Coalition Platform - Coalition Jabe Bloom Sr Dir, Global Transformation CSTO, CTO SocioTechnical Systems | Speaker Critical Irritant | Transition Designer Andrew Clay Shafer VP, Global Transformation Founder: Puppet, DevOpsDays, Author Web Operations IT Optimizer | Change Agent Founder | Organizer Kevin Behr Sr Dir, Global Transformation Author, Phoenix Project, Visible Ops CIO, CTO IT Strategist | Speaker Enterprise CXO Advisor John Willis Sr Dir, Global Transformation Author, DevOps Handbook, Beyond the Phoenix Project CIO, CTO IT Strategist | Founder Speaker | Author @littleidea @kevinbehr @botchagalupe @cyetain
  • 5. ● Reduce Audit Time ● Increase Audit Efficacy ● Shorten Feedback Loops ● Local Authority ● Minimize Handoffs ● Enable Trust 5 Automated Goverance Enforce and Audit Policy Block critical vulnerabilities Block misconfigured infrastructure Audit and Control
  • 6. 6 DevSecOps Dojo ● Increase collaboration and innovation ● Shared Responsibility Model ● Cloud/Platform Enablement ● Templates, Models, and Pipelines ● Automated Governance ● Outcome Based Metrics ● Chaos Engineering ● Skills Liquidity Enablement Platform - Adopt
  • 7. ● Common Devops Metrics ○ Lead Time ○ Deploys ○ MTTR ○ Change Success ● Advanced Devops Metrics ○ Flow Metrics ○ Change failure rate by team ○ Change failure rate by work type7 Delivery Metrics Platform - Adopt
  • 8. 8 Economic Impact Analysis ● Consistency ● Toil ● Risk ● Testing ● Automation
  • 9. 9 Economic Impact ● Waste: ○ Possibly >30% (on a 450m budget) $135M wasted on general processing. ● Consistency: ○ Another 10% to 15% on lost opportunity cost (low or no automation) $45m to $67M ● Risk: ○ Negative Risk ROI.
  • 11. ● DevOps Automated Governance ● Automated Cloud Governance 11 Industry Working Groups
  • 13.
  • 14. Changing Subjective attestation into Objective attestation
  • 15. The Trusted Software Supply Chain 15 TRUSTED CODE REPOS CCB RAPID ATO OPENSHIFT SOFTWARE FACTORY • Che • Github • Cucumber • Junit • Sonarqube • Fortify • AtomicScan • Anchore • Twistlock AUTOMATED QUALITY REQ • Jira DEV UNIT TEST CODE QUAL SEC SCAN INT TEST QA UAT PROD • Sysdig • EFK CM CS Service Mesh
  • 16. ● Reduce Audit Time ● Increase Audit Efficacy ● Shorten Feedback Loops ● Local Authority ● Minimize Handoffs ● Enable Trust 16 Objective Evidence and Closed Feedback Loops Enforce and Audit Policy Block critical vulnerabilities Block misconfigured infrastructure Audit and Control
  • 19.
  • 20. • Universal artifact metadata • Metadata API • Strong access controls • Rich query-ability Audit and Govern the Software Supply Chain
  • 21.
  • 22. ● Reduce Audit Time ● Increase Audit Efficacy ● Shorten Feedback Loops ● Local Authority ● Minimize Handoffs ● Enable Trust 22 DevOps Automated Governance Enforce and Audit Policy Block critical vulnerabilities Block misconfigured infrastructure Safe Cloud Usage
  • 23. Devops automated Governance Reference Architecture Development Non Prod Deploy PackageBuild Prod Deploy Dependency Mgmt Artifact Repo Common Control 1. Access Control 2. Audit Train/log 3. Everything source control 4. Usage policies Common Actors 1. Auditor, Risk/Compliance Office 2. (system) 3. Tools Admin
  • 30. Stage Control Example Control Source Integration Elements Source Code Repo Pull Request GitHub Webhook pull_request repository Source Code Repo Peer Review GitHub Webhook actor pull_request repository Source Code Repo Unit Test SonarQube Pipeline new_coverage Source Code Repo Clean Dependency Artifactory Pipeline dependency source Source Code Repo Information Leakage GitHub Webhook (custom) Source Code Repo Static Code Analysis Muse Webhook pull_request repository
  • 31. Stage Control Example Control Source Integration Elements Build Build Definition Jenkins & GitHub Pipeline Peer Review Checkout Build Immutable Build Jenkins Pipeline TBD Build Upstream Approved Dependency Artifactory Jenkins TBD Build Unit Test SonarQube Jenkins TBD Build Linting SonarQube Jenkins TBD Build Static Security Analysis Checkmarx Jenkins TBD
  • 32. Stage Control Example Control Source Integration Elements Package Trusted Dependency Store Artifactory Jenkins TBD Package License Check Artifactory Jenkins TBD Package Vulnerability Scan Aqua Jenkins TBD Package Trusted Authority Artifactory Jenkins TBD Package Versioning Artifactory Jenkins TBD Package Usage Policy Artifactory Jenkins TBD
  • 33. Stage Control Example Control Source Integration Elements Production Deploy Trusted Sources Artifactory Jenkins TBD Production Deploy Trusted Configurations GitHub Jenkins TBD Production Deploy Intrusion Detection TBD Jenkins TBD Production Deploy Monitoring & Alerting Elastic, PagerDuty Jenkins TBD Production Deploy Change Management ServiceNow Jenkins TBD Production Deploy Secrets Management Vault Jenkins TBD Production Deploy Unauthorized Change Detection Jenkins Jenkins TBD Production Deploy Production Access Control Vault Jenkins TBD Production Deploy Deployment Strategy Jenkins, Helm Jenkins TBD
  • 34.
  • 35. Policy as Code • Human Readable (YAML) • Machine Interpreted • Version Controlled • Models Attestations and Enforcement
  • 38.
  • 39. Automated Data Pipeline with Objective Compliance Platform is a Secure and Auditable Control Point Inspection based on policy Enforcement by Policy Attestation Datastore Policy as Code Subjective to Objective
  • 42.
  • 43.
  • 44.