LS
Uploaded byLeon Stigter
203 views

Data Driven Decisions in DevOps

The document discusses the evolving landscape of DevOps, emphasizing the importance of automated CI/CD pipelines and deployment efficiencies. It highlights the challenges organizations face in adapting to new technologies while ensuring security, cost management, and performance metrics are adhered to during deployments. Additionally, it introduces the concept of continuous verification as a means to improve deployment processes and enhance operational effectiveness.

Embed presentation

Confidential │ ©2020 VMware, Inc. Data Driven Decisions in DevOps Add More To Your Pipelines Leon Stigter Product Manager @VMware July 2nd, 2020
2Confidential │ ©2020 VMware, Inc. Technology Is Changing Rapidly @retgits | @MyDevSecOps
3Confidential │ ©2020 VMware, Inc. Changing Technology Means Changing Infrastructure @retgits | @MyDevSecOps
4Confidential │ ©2020 VMware, Inc. Changing Infrastructure Changing Means Rethink How You Deploy… @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 5 2020 stack Gone are the “simple” days of centralized stacks Application Architectures Are Changing 2000’s stack App Database Webserver Environment App Environment Cache Database Logs @retgits | @MyDevSecOps
6Confidential │ ©2020 VMware, Inc. “Amazon.com does 136,000 fully automated deployments per day” Ken Exner, Director AWS Dev Resources Source: https://techbeacon.com/devops/going-big-devops-how-scale-continuous-delivery-success @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 7 Applications Are The New Unit of Measure For Ops AWS does 136,000 fully automated deployments every day, but… Ø Less than 50% of organizations has CI/CD pipelines Ø Less than 6% has fully automated CI/CD pipelines Deployments @retgits | @MyDevSecOps
8Confidential │ ©2020 VMware, Inc. “I really want to spend my day sitting in front of screens watching DevOps pipelines…” - No one ever… @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 9 Who am I? Ø Product Manager, turned Developer Advocate, turned Product Manager again… Ø Passionate about Serverless, Containers, and all things Cloud Ø I love dadjokes, cheesecake, and Go @retgits Leon Stigter, Product Manager App Toolkit go.retgits.com/mydevsecops @retgits | @MyDevSecOps
10Confidential │ ©2020 VMware, Inc. “Y’all only do VMs at VMware, right?” - Pretty much everyone, ever @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 11 We deeply care about building apps, for example with the Kubernetes ecosystem… @retgits | @MyDevSecOps
12Confidential │ ©2020 VMware, Inc. But I’m Not Here To Sell You Things… @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 13 Let’s get back to DevOps @retgits | @MyDevSecOps
14Confidential │ ©2020 VMware, Inc. “software deployment” should be high quality and repeat-able as it “leaves the factory” @retgits | @MyDevSecOps
15Confidential │ ©2020 VMware, Inc. “Efficiency comes through the (re)use of common components” @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 16 CI/CD Pipelines are the vehicle for deployment @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 17 Most operations checks are done post deployment Re-deploy @retgits | @MyDevSecOps Cost Security Utilization Performance
Confidential │ ©2020 VMware, Inc. 18 Continuous Verification “A process of querying external system(s) and using information from the response to make decision(s) to improve the development and deployment process.” @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 19 Increase Efficiency And Reduce Operational Overhead Traditional Pipeline Extending Pipeline(s) External Actor External Actor Continuous Verification @retgits | @MyDevSecOps
20Confidential │ ©2020 VMware, Inc. “Automating your entire pipeline, including cost and governance, gives you more time to spend on the beach” #BeachOps @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 21 “A process of querying external system(s) and using information from the response to make decision(s) to improve the development and deployment process.” ØContinuous Security (environment validations, deployment security, etc) ØCost and Resource Management in CI/CD ØImage Verification ØAuthorization (normalized IAM/RBAC between AWS, Azure, GCP, and on prem) ØApplication performance and SLA Continuous Verification What is it? @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 22 Continuous Verification Scenario Do we have capacity & budget in the project/account/etc? Do we follow best practices and security guidelines for accounts and permissions? Look at performance stats in test/dev environment Are my dependencies secure? @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 23 Answering questions, like A)Will this deployment exceed the budget now? B) Is there enough capacity for resources in EC2, RDS, etc. below the utilization budget? C) What are the optimal resources (i.e. rightsized EC2 instance, RI, etc) to use for this deployment? D) Is the deployment running within budget with the right resources and are there recommendations? Because money is important… Cost @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 24 Clair Vulnerability scans EC2 security group - port 22 is publicly accessible S3 Bucket or Blob Storage is open to the world Database instances (RDS / S3) are not encrypted User has active keys but has not rotated them AWS VPC Flow logs / Azure Network Security Group Flow Logs - “What’s happening in my cloud network?” AWS Cloud Trail / Azure Activity Log - “Who, when and what CRUD operations were performed on which services in the account?” AWS Guard Duty / Azure Advanced Threat Protection - “That looks sketchy !!” Avoids data exposure to anonymous users/applications Prevents privileged escalation and unauthorized access to resources Ensures compliance with regulations like PCI, HIPPA Security Safety matters to everyone Pre Deployment Post Deployment Why In A Pipeline?
Confidential │ ©2020 VMware, Inc. 25 Open Source Security Source: State of Open Source Security Report 2020, Snyk
Confidential │ ©2020 VMware, Inc. 26 Answers questions, like: Does my K8s cluster have enough capacity to deploy this new app Where are the bottlenecks in my architecture Are the spikes in CPU usage normal How can I visualize which path traffic takes through my architecture Is there latency issues on my app using high volume traffic generation Can the database scale and support the needed capacity The User experience matters too! Performance Checks
Confidential │ ©2020 VMware, Inc. 27 Let’s Go See That in Action… @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 28 One Small Disclaimer… I’m about to use tools that I’m comfortable with, you should use tools that you choose… @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 29 Recap Do we have capacity & budget in the project/account/etc? Do we follow best practices and security guidelines for accounts and permissions? Look at performance stats in test/dev environmentAre my dependencies secure? @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. Thank You @retgits The awesome icons in this deck are made by Freepik and Flat Icons from www.flaticon.com retgits.com go.retgits.com/ mydevsecops

More Related Content

PPTX
Aaron Swain at VMware Tanzu Public Sector Connect 2021
byVMware Tanzu
 
PPTX
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
byVMware Tanzu
 
PDF
Service Mesh: Two Big Words But Do You Need It?
byDevOps.com
 
PPTX
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
byVMware Tanzu
 
PPTX
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
byInfostretch
 
PPTX
Secure Data Sharing in OpenShift Environments
byDevOps.com
 
PDF
DevOps in the Real World: Know What it Takes to Make it Work
byVMware Tanzu
 
PDF
Digitální transformace: zabezpečení agilních prostředí
byMarketingArrowECS_CZ
 
Aaron Swain at VMware Tanzu Public Sector Connect 2021
byVMware Tanzu
 
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
byVMware Tanzu
 
Service Mesh: Two Big Words But Do You Need It?
byDevOps.com
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
byVMware Tanzu
 
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
byInfostretch
 
Secure Data Sharing in OpenShift Environments
byDevOps.com
 
DevOps in the Real World: Know What it Takes to Make it Work
byVMware Tanzu
 
Digitální transformace: zabezpečení agilních prostředí
byMarketingArrowECS_CZ
 

What's hot

PDF
Getting Security in the Loop: Building Balanced Teams
byVMware Tanzu
 
PPTX
Containers: Give Me The Facts, Not The Hype - AppD Summit Europe
byAppDynamics
 
PDF
Spring Cloud Kubernetes: An Easier Path from Idea to Production
byVMware Tanzu
 
PPTX
A Leader’s Guide to DevOps Practices and Culture
byVMware Tanzu
 
PPTX
Infrastructure less development with Azure Service Fabric
bySaba Jamalian
 
PDF
Stability anti patterns in cloud-native applications
byAna-Maria Mihalceanu
 
PPTX
From Monolith to Microservices – and Beyond!
byJules Pierre-Louis
 
PPTX
Application Security in the Cloud - Best Practices
byRightScale
 
PDF
Developers Are Users, Too
byVMware Tanzu
 
PPTX
OPS Executive insights Webinar - Accenture
byVMware Tanzu
 
PDF
Dockercon 2015 - Faster Cheaper Safer
byAdrian Cockcroft
 
PDF
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
byVMware Tanzu
 
PPTX
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
byVMware Tanzu
 
PDF
Operational Transformation: Teachers’ Journey from App Servers to VMware Tanzu
byVMware Tanzu
 
PPTX
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
byDevOps.com
 
PDF
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
byVMware Tanzu
 
PDF
Cloud Native Runtime Platform
byVMware Tanzu
 
PPTX
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
byDevOps.com
 
PDF
7 Virtues of a Next-gen ADC
byAvi Networks
 
PDF
DevOps for Highly Regulated Environments
byDevOps.com
 
Getting Security in the Loop: Building Balanced Teams
byVMware Tanzu
 
Containers: Give Me The Facts, Not The Hype - AppD Summit Europe
byAppDynamics
 
Spring Cloud Kubernetes: An Easier Path from Idea to Production
byVMware Tanzu
 
A Leader’s Guide to DevOps Practices and Culture
byVMware Tanzu
 
Infrastructure less development with Azure Service Fabric
bySaba Jamalian
 
Stability anti patterns in cloud-native applications
byAna-Maria Mihalceanu
 
From Monolith to Microservices – and Beyond!
byJules Pierre-Louis
 
Application Security in the Cloud - Best Practices
byRightScale
 
Developers Are Users, Too
byVMware Tanzu
 
OPS Executive insights Webinar - Accenture
byVMware Tanzu
 
Dockercon 2015 - Faster Cheaper Safer
byAdrian Cockcroft
 
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
byVMware Tanzu
 
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
byVMware Tanzu
 
Operational Transformation: Teachers’ Journey from App Servers to VMware Tanzu
byVMware Tanzu
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
byDevOps.com
 
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
byVMware Tanzu
 
Cloud Native Runtime Platform
byVMware Tanzu
 
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
byDevOps.com
 
7 Virtues of a Next-gen ADC
byAvi Networks
 
DevOps for Highly Regulated Environments
byDevOps.com
 

Similar to Data Driven Decisions in DevOps

PPTX
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
byTriNimbus
 
PPTX
Achieving DevSecOps Outcomes with Tanzu Advanced - Spanish
byVMware Tanzu
 
PDF
Continuous Verification in a Serverless World
byLeon Stigter
 
PPTX
BsidesMCR_2016-what-can-infosec-learn-from-devops
byJames '​-- Mckinlay
 
PPTX
DevSecOps: Key Controls to Modern Security Success
byPuma Security, LLC
 
PDF
Integrating Security into your Development Pipeline
byDevOps.com
 
PDF
Be DevOps Ready
byMalinda Kapuruge
 
PPTX
Are your DevOps and Security teams friends or foes?
byReuven Harrison
 
PDF
DevOps on AWS: A Practical Introduction
byaledsage
 
PDF
The What, Why, and How of DevSecOps
byCprime
 
PDF
Security for AWS: Journey to Least Privilege
byLacework
 
PPTX
Security for AWS : Journey to Least Privilege (update)
bydhubbard858
 
PPTX
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
byMartin Klie
 
PDF
DevOps Pragmatic Overview
byMykola Marzhan
 
PPTX
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 
PPTX
Secure DevOPS Implementation Guidance
byTej Luthra
 
PDF
Compliance Superpowers - Ben Blair, Chicago
byAWS Chicago
 
PPTX
SecDevOps: The New Black of IT
byCloudPassage
 
PPTX
Agility and Control from AWS [FutureStack16]
byNew Relic
 
PDF
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
byDaniel Oh
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
byTriNimbus
 
Achieving DevSecOps Outcomes with Tanzu Advanced - Spanish
byVMware Tanzu
 
Continuous Verification in a Serverless World
byLeon Stigter
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
byJames '​-- Mckinlay
 
DevSecOps: Key Controls to Modern Security Success
byPuma Security, LLC
 
Integrating Security into your Development Pipeline
byDevOps.com
 
Be DevOps Ready
byMalinda Kapuruge
 
Are your DevOps and Security teams friends or foes?
byReuven Harrison
 
DevOps on AWS: A Practical Introduction
byaledsage
 
The What, Why, and How of DevSecOps
byCprime
 
Security for AWS: Journey to Least Privilege
byLacework
 
Security for AWS : Journey to Least Privilege (update)
bydhubbard858
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
byMartin Klie
 
DevOps Pragmatic Overview
byMykola Marzhan
 
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 
Secure DevOPS Implementation Guidance
byTej Luthra
 
Compliance Superpowers - Ben Blair, Chicago
byAWS Chicago
 
SecDevOps: The New Black of IT
byCloudPassage
 
Agility and Control from AWS [FutureStack16]
byNew Relic
 
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
byDaniel Oh
 

More from Leon Stigter

PDF
Thinking Stateful Serverless
byLeon Stigter
 
PDF
Test driving event-driven apps on kubernetes with kind, tekton, and knative
byLeon Stigter
 
PDF
Building Event-Driven Workflows with Knative and Tekton
byLeon Stigter
 
PDF
Every Talk Has To Be Unique @ DevRel Meetup
byLeon Stigter
 
PPTX
Continuous Verification in a Serverless World
byLeon Stigter
 
PDF
Trusting Your Ingredients @DevOpsDays Columbus 2019
byLeon Stigter
 
PDF
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
byLeon Stigter
 
PDF
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
byLeon Stigter
 
PDF
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
byLeon Stigter
 
PDF
Building a Kubernetes Powered Central Go Modules Repository
byLeon Stigter
 
PDF
Refactoring to Go modules: why and how
byLeon Stigter
 
PDF
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
byLeon Stigter
 
PDF
Data Driven DevOps
byLeon Stigter
 
PDF
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
byLeon Stigter
 
PDF
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
byLeon Stigter
 
PDF
The Art of Deploying Artifacts to Production With Confidence
byLeon Stigter
 
PDF
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
byLeon Stigter
 
PDF
Project Flogo: An Event-Driven Stack for the Enterprise
byLeon Stigter
 
PDF
The Road to a Cloud-First Enterprise
byLeon Stigter
 
PDF
Building serverless apps with Go & SAM
byLeon Stigter
 
Thinking Stateful Serverless
byLeon Stigter
 
Test driving event-driven apps on kubernetes with kind, tekton, and knative
byLeon Stigter
 
Building Event-Driven Workflows with Knative and Tekton
byLeon Stigter
 
Every Talk Has To Be Unique @ DevRel Meetup
byLeon Stigter
 
Continuous Verification in a Serverless World
byLeon Stigter
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
byLeon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
byLeon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
byLeon Stigter
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
byLeon Stigter
 
Building a Kubernetes Powered Central Go Modules Repository
byLeon Stigter
 
Refactoring to Go modules: why and how
byLeon Stigter
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
byLeon Stigter
 
Data Driven DevOps
byLeon Stigter
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
byLeon Stigter
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
byLeon Stigter
 
The Art of Deploying Artifacts to Production With Confidence
byLeon Stigter
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
byLeon Stigter
 
Project Flogo: An Event-Driven Stack for the Enterprise
byLeon Stigter
 
The Road to a Cloud-First Enterprise
byLeon Stigter
 
Building serverless apps with Go & SAM
byLeon Stigter
 

Recently uploaded

PDF
Building With Gemini: Hands-On AI for Developers
byhemish04082005
 
PDF
Job Interview for Global Federal Government MD Panel Presentation
byafnupe09
 
PPTX
EMR Software for Pulmonology Clinics Why EasyClinic Supports Accuracy, Contin...
byEasy Clinic
 
PPTX
Google Trips Data Scraping for Tourism & Demand Analysis.pptx
byWeb Data Crawler
 
PDF
HTML 5 CSS 3 DEVELOPMENT TECHNOLOGY.pdf
bydavidjohansen1597
 
PPTX
Build Smarter with Google: A Workshop on MediaPipe, Firebase, Gemini and Anti...
byvanshikaprakash05
 
PDF
Salesforce Agentforce Service Agent​.pdf
byRobert Mark
 
PDF
Mitr Sarthi: A Smart ERP for Modern Manufacturers
byGamavis Software Solutions
 
PPTX
Dreamforce ‘25 Tour: Boost Productivity with AI-Assisted API Development
byPriya Shaw
 
PDF
DSD-INT 2025 Modelling cold water infiltration with the Groundwater Energy (G...
byDeltares
 
PDF
2026 Social Media Trends_ Must-Know Strategies for Dubai Business Owners.pdf
byMAQ MAQ
 
PDF
DSD-INT 2025 Flexible quadtree submodelling with MODFLOW 6 - Case Hegewarren ...
byDeltares
 
PDF
Cloud Engineering Services | Infysion Technologies
bysolutioninginfysion
 
PDF
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
PDF
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
PPT
Data Structure & Algorithm Lec- HeapSort.ppt
bypanhra1
 
PPTX
Odoo vs SAP – Which ERP Is Better for Growing Businesses?
bySatishKumar2651
 
PDF
From Sound Workflow Nets to LTLf Declarative Specifications
byLucaBarbaro3
 
PDF
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 
PPTX
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 
Building With Gemini: Hands-On AI for Developers
byhemish04082005
 
Job Interview for Global Federal Government MD Panel Presentation
byafnupe09
 
EMR Software for Pulmonology Clinics Why EasyClinic Supports Accuracy, Contin...
byEasy Clinic
 
Google Trips Data Scraping for Tourism & Demand Analysis.pptx
byWeb Data Crawler
 
HTML 5 CSS 3 DEVELOPMENT TECHNOLOGY.pdf
bydavidjohansen1597
 
Build Smarter with Google: A Workshop on MediaPipe, Firebase, Gemini and Anti...
byvanshikaprakash05
 
Salesforce Agentforce Service Agent​.pdf
byRobert Mark
 
Mitr Sarthi: A Smart ERP for Modern Manufacturers
byGamavis Software Solutions
 
Dreamforce ‘25 Tour: Boost Productivity with AI-Assisted API Development
byPriya Shaw
 
DSD-INT 2025 Modelling cold water infiltration with the Groundwater Energy (G...
byDeltares
 
2026 Social Media Trends_ Must-Know Strategies for Dubai Business Owners.pdf
byMAQ MAQ
 
DSD-INT 2025 Flexible quadtree submodelling with MODFLOW 6 - Case Hegewarren ...
byDeltares
 
Cloud Engineering Services | Infysion Technologies
bysolutioninginfysion
 
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
Data Structure & Algorithm Lec- HeapSort.ppt
bypanhra1
 
Odoo vs SAP – Which ERP Is Better for Growing Businesses?
bySatishKumar2651
 
From Sound Workflow Nets to LTLf Declarative Specifications
byLucaBarbaro3
 
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 

Data Driven Decisions in DevOps

  • 1.
    Confidential │ ©2020VMware, Inc. Data Driven Decisions in DevOps Add More To Your Pipelines Leon Stigter Product Manager @VMware July 2nd, 2020
  • 2.
    2Confidential │ ©2020VMware, Inc. Technology Is Changing Rapidly @retgits | @MyDevSecOps
  • 3.
    3Confidential │ ©2020VMware, Inc. Changing Technology Means Changing Infrastructure @retgits | @MyDevSecOps
  • 4.
    4Confidential │ ©2020VMware, Inc. Changing Infrastructure Changing Means Rethink How You Deploy… @retgits | @MyDevSecOps
  • 5.
    Confidential │ ©2020VMware, Inc. 5 2020 stack Gone are the “simple” days of centralized stacks Application Architectures Are Changing 2000’s stack App Database Webserver Environment App Environment Cache Database Logs @retgits | @MyDevSecOps
  • 6.
    6Confidential │ ©2020VMware, Inc. “Amazon.com does 136,000 fully automated deployments per day” Ken Exner, Director AWS Dev Resources Source: https://techbeacon.com/devops/going-big-devops-how-scale-continuous-delivery-success @retgits | @MyDevSecOps
  • 7.
    Confidential │ ©2020VMware, Inc. 7 Applications Are The New Unit of Measure For Ops AWS does 136,000 fully automated deployments every day, but… Ø Less than 50% of organizations has CI/CD pipelines Ø Less than 6% has fully automated CI/CD pipelines Deployments @retgits | @MyDevSecOps
  • 8.
    8Confidential │ ©2020VMware, Inc. “I really want to spend my day sitting in front of screens watching DevOps pipelines…” - No one ever… @retgits | @MyDevSecOps
  • 9.
    Confidential │ ©2020VMware, Inc. 9 Who am I? Ø Product Manager, turned Developer Advocate, turned Product Manager again… Ø Passionate about Serverless, Containers, and all things Cloud Ø I love dadjokes, cheesecake, and Go @retgits Leon Stigter, Product Manager App Toolkit go.retgits.com/mydevsecops @retgits | @MyDevSecOps
  • 10.
    10Confidential │ ©2020VMware, Inc. “Y’all only do VMs at VMware, right?” - Pretty much everyone, ever @retgits | @MyDevSecOps
  • 11.
    Confidential │ ©2020VMware, Inc. 11 We deeply care about building apps, for example with the Kubernetes ecosystem… @retgits | @MyDevSecOps
  • 12.
    12Confidential │ ©2020VMware, Inc. But I’m Not Here To Sell You Things… @retgits | @MyDevSecOps
  • 13.
    Confidential │ ©2020VMware, Inc. 13 Let’s get back to DevOps @retgits | @MyDevSecOps
  • 14.
    14Confidential │ ©2020VMware, Inc. “software deployment” should be high quality and repeat-able as it “leaves the factory” @retgits | @MyDevSecOps
  • 15.
    15Confidential │ ©2020VMware, Inc. “Efficiency comes through the (re)use of common components” @retgits | @MyDevSecOps
  • 16.
    Confidential │ ©2020VMware, Inc. 16 CI/CD Pipelines are the vehicle for deployment @retgits | @MyDevSecOps
  • 17.
    Confidential │ ©2020VMware, Inc. 17 Most operations checks are done post deployment Re-deploy @retgits | @MyDevSecOps Cost Security Utilization Performance
  • 18.
    Confidential │ ©2020VMware, Inc. 18 Continuous Verification “A process of querying external system(s) and using information from the response to make decision(s) to improve the development and deployment process.” @retgits | @MyDevSecOps
  • 19.
    Confidential │ ©2020VMware, Inc. 19 Increase Efficiency And Reduce Operational Overhead Traditional Pipeline Extending Pipeline(s) External Actor External Actor Continuous Verification @retgits | @MyDevSecOps
  • 20.
    20Confidential │ ©2020VMware, Inc. “Automating your entire pipeline, including cost and governance, gives you more time to spend on the beach” #BeachOps @retgits | @MyDevSecOps
  • 21.
    Confidential │ ©2020VMware, Inc. 21 “A process of querying external system(s) and using information from the response to make decision(s) to improve the development and deployment process.” ØContinuous Security (environment validations, deployment security, etc) ØCost and Resource Management in CI/CD ØImage Verification ØAuthorization (normalized IAM/RBAC between AWS, Azure, GCP, and on prem) ØApplication performance and SLA Continuous Verification What is it? @retgits | @MyDevSecOps
  • 22.
    Confidential │ ©2020VMware, Inc. 22 Continuous Verification Scenario Do we have capacity & budget in the project/account/etc? Do we follow best practices and security guidelines for accounts and permissions? Look at performance stats in test/dev environment Are my dependencies secure? @retgits | @MyDevSecOps
  • 23.
    Confidential │ ©2020VMware, Inc. 23 Answering questions, like A)Will this deployment exceed the budget now? B) Is there enough capacity for resources in EC2, RDS, etc. below the utilization budget? C) What are the optimal resources (i.e. rightsized EC2 instance, RI, etc) to use for this deployment? D) Is the deployment running within budget with the right resources and are there recommendations? Because money is important… Cost @retgits | @MyDevSecOps
  • 24.
    Confidential │ ©2020VMware, Inc. 24 Clair Vulnerability scans EC2 security group - port 22 is publicly accessible S3 Bucket or Blob Storage is open to the world Database instances (RDS / S3) are not encrypted User has active keys but has not rotated them AWS VPC Flow logs / Azure Network Security Group Flow Logs - “What’s happening in my cloud network?” AWS Cloud Trail / Azure Activity Log - “Who, when and what CRUD operations were performed on which services in the account?” AWS Guard Duty / Azure Advanced Threat Protection - “That looks sketchy !!” Avoids data exposure to anonymous users/applications Prevents privileged escalation and unauthorized access to resources Ensures compliance with regulations like PCI, HIPPA Security Safety matters to everyone Pre Deployment Post Deployment Why In A Pipeline?
  • 25.
    Confidential │ ©2020VMware, Inc. 25 Open Source Security Source: State of Open Source Security Report 2020, Snyk
  • 26.
    Confidential │ ©2020VMware, Inc. 26 Answers questions, like: Does my K8s cluster have enough capacity to deploy this new app Where are the bottlenecks in my architecture Are the spikes in CPU usage normal How can I visualize which path traffic takes through my architecture Is there latency issues on my app using high volume traffic generation Can the database scale and support the needed capacity The User experience matters too! Performance Checks
  • 27.
    Confidential │ ©2020VMware, Inc. 27 Let’s Go See That in Action… @retgits | @MyDevSecOps
  • 28.
    Confidential │ ©2020VMware, Inc. 28 One Small Disclaimer… I’m about to use tools that I’m comfortable with, you should use tools that you choose… @retgits | @MyDevSecOps
  • 29.
    Confidential │ ©2020VMware, Inc. 29 Recap Do we have capacity & budget in the project/account/etc? Do we follow best practices and security guidelines for accounts and permissions? Look at performance stats in test/dev environmentAre my dependencies secure? @retgits | @MyDevSecOps
  • 30.
    Confidential │ ©2020VMware, Inc. Thank You @retgits The awesome icons in this deck are made by Freepik and Flat Icons from www.flaticon.com retgits.com go.retgits.com/ mydevsecops