Unblocking The Main Thread Solving ANRs and Frozen Frames
Stkisummi18 i taa_s_cybergov_long_version_v2
1. 1
STKI’s IT as a Service
(ITaaS) initiative
For a while" is a
phrase whose
length can't be
measured.At least
by the person
who's waiting.
— Haruki Murakami
STKI’s IT as a Service
(ITaaS) initiative
2. 2
2What is IT as a Service?
IT delivery:
Infrastructure &
Operations as a Service
3. 3
3
IT as a Service Initiative destination
Gaining the adaptive
ability to deliver IT at
the speed of change
Current IT delivery is considered expensive, in-efficient,
rigid, old fashioned and holding back the business
Focused, reliable,
efficient, secure and
responsive IT
operations
ITaaS
4. 4
4
The core of ITaaS has not changed
• Reducing IT costs
• Improving cost transparency
• Streamlining how IT services are
provisioned, governed and managed
• Increasing visibility and control over IT
infrastructure
• Providing speed and scalability
• Increasing ability of strategic innovation
Source: IBM STKI modification
9. 9
How can ITaaS become focused?
By setting up goals and establish metrics!!
10. 10
10
Trek name:
Define ITaaS goals and metrics / measurements
Set availability
reliability metrics
Set IT support
metrics
Set business agility /
responsiveness metrics
Set cyber security
metrics
Set delivery
efficiency metrics
11. 11
11
Availability, service & efficiency metrics are common
Business responsiveness and cyber metrics are much less common
Don’t stay with a metric
too long
12. 12
12
Define role :"business technology availability"
One part of his role :“handle failures"
Measure availability objectively
with user experience tools
14. 14
14
Only "availability minded gatekeeper" can improve ITaaS reliability
The "business technology
availability" person is the "change
& maintenance manager"
16. 16
16
STKI’s DevSecOps measurement manifesto:
sec
ops
dev
Measure productivityquality along with cyber
Measure cyber
Measure ops along
with cyber
17. 17
17
STKI’s DevSecOps measurement manifesto:
sec
ops
dev
Measure productivityquality along with cyber
& ops
Measure cyber along
with ops & dev
productivity
Measure ops along
with cyber & dev
productivity
18. 18
18
Trek name:
Build new Data Center
Set Open API
Re-build integration platform
Set DC new
principles
Build container
infrastructure
Optimize the
foundation
21. 21
21
Hyperscale infrastructure
Based on basic standard HW components setting up specific SW (sometimes
opensource) configuration for large scale computing. Integrator & customer check if this
specific server will work with this specific network HW opensource network OS,
specific disks work with specific storage file system, etc.
22. 22
22
SD-WAN is an acronym for software-defined networking in a wide area network (WAN)
An SD-WAN simplifies the management and operation of aWAN by decoupling (separating) the
networking hardware from its control mechanism.
… allow companies to build higher-performanceWANs using lower-cost and commercially
available internet access, enabling businesses to partially or wholly replace more expensive private
WAN connection technologies such as MPLS
23. 23
23
Set DC new architecture principles:
o Build new technology lab preferably on cloud
o Software defined based (programmable) technology
o Maximize open source business value
o Strive towards immutable infrastructure (servers)
24. 24
24
In a traditional mutable server infrastructure, servers are continually updated and modified in place.
In immutable infrastructure servers are never modified after they're deployed.
If something needs to be updated, fixed, or modified in any way new servers built with the appropriate
changes are provisioned to replace the old ones.
Immutable infrastructure
Source: digitalocean
Pets vs. Cattle
25. 25
25
Internal integration
ESB
External (specific API)
API gateway
Cloud integration
IPaaSadvanced ESB
External partners
API management
developer portal
Standard content definition
Open API standards
Microservices connectivity
Service Mesh
The evolution of integration patterns
26. 26
26
Will API management replace ESB?
It shouldn't – no oorchestration, no transformation, no
adapters ( tech and content), no messaging, no guarantee
delivery, etc,
Still – green filed organizations (enterprises and startups) are
not using ESB at all
29. 29
29
Trek name:
ITaaS Operations, organization and processes
Implement Devops
and automation
Redefine sourcing
and finance
Re-organize
ITaaS
Reshape DC
operations
Retire technologies
and contain technical debt
30. 30
30
Redefine sourcing and finance
co-location, outsourcing, cloud
plan transition from capex to opex
non-perpetual procurement
embrace sourced services
Cloud communications platform for
building SMS, Voice & Messaging
applications on an API
31. 31
31
Re-organize ITaaS: new team for new technologydomain
• New dedicated team (for converged, cloud, devops, etc.) , with skills differentiated, into the same
department
System Network
DC
Storage Cloud
Network
Storage
System
Easy but BAD!!
33. 33
33Re-organize ITaaS: combine old teams for delivering new
technologydomain
System Network DC Storage
Production
faults
Sizing-
architecture
DR
Cloud
Challenging but GOOD!!
41. 41
41
The CI/CD (devops) team
Use the existing team that builds/refreshes
test environments as the foundation for
CICD team
Delivery Dev
Devops
Team
43. 43
43
Trek name:
Zero ticketing
Improve self
service
Introduce bots and
virtual agent
Auto-Detect + notification
to the user for action
needed
Auto-Detect + auto
resolution
Improve system
reliability & self healing
44. 44
44
Wow!!
Don’t need to
look for
specific
solution
Don’t need to
wait
Automation, Self Service and User happiness
☺
Support by 2nd & 3rd level
Support by 1st level
Self Service : ITSM/Portal/Search
Self Service : (Virtual Assistant -
Chatbot) or by other tools
Auto-Detect + notification to the
user + automated resolution
Auto-Detect &
Auto-Healing
ITSTKI
modifications
Too long, too
many people in
the process
Need to wait
for support
Do we have
support?
45. 45
45User uploads a screenshot
of an error (ocr…)
Known error is matched
with a solution
AyTee suggests a solution
IT
47. 47
47
Dynamic Automation integrates into existing ITSM tools to automate use
cases on platforms, database, middleware apps, network, and storage
47
Event
Management
System (e.g.
Netcool)
Incident Ticketing
System (e.g. ICD,
ServiceNow,
Remedy)
Integration
Services
IBM Dynamic
Automation
Jump host*
Unix
Intel
Client Devices
Managed
Server #2
Managed
Server #1
Dynamic Automation
“Virtual Engineer”
(System
Administrator)
Escalate to
Human EngineersYes No
Remediate
Diagnose
Virtual engineers behave
very much like a human
system administrator.
Escalate it to a
human system
administrator to
complete the
resolution.
48. 48
48
ITaaS
DC co-location
racks over blades
rack scale architecture
sw packages delivered on
containers
SD-WAN
GPU
Intent based
networking
immutable
infrastructure
(servers)
Open source
NVME storage
49. 49
Market presence / perception
Localsupport
EMC
IBM
Kaminario
NETAPP
HDS
All storage vendors have AFA
offerings
HPE
Vendors to watch:
E8storage (NVME)
Purestorage
All Flash Array (AFA)- Israeli market enterprise presence 1Q118
50. 50
Market presence / perception
Localsupport
50
Nutanix
VMWARE (vsan)
Vendors to watch:
HDS
Netapp
Fujitsu
The leading
brand in the
deal. Other
related brands
(servers,
hypervisor) are
not listed
HPE
DellEMC
CISCO
HCI hyper converged- Israeli market enterprise presence 1Q118
51. 51
Market presence / perception
Localsupport
51
Redhat
IBM
Pivotal
Application Platform as a Service (APaaS) on prem option-
Israeli market enterprise presence 1Q118
52. 52
Market presence / perception
Localsupport
52
Dell EMC
IBM
Veritas
HPE
Commvault
Actifio*
Vendors to watch:
Cloud backup alternatives
VEEAM*
Acrserve *
Rubrick*
* Not really apples to
apples
Enterprise Backup/data protection SW - Israeli
market enterprise presence 1Q118
53. 53
53
Pini’s model for technology selection/forecasting adoption:
2 new technologies
giving the same benefit and cost (effort) the same.
q: which technology should I choose?
a: the technology that has better chances to catch!!
so, how can I forecast technology adoption?
Internet companies-
startups
How many developers (company size) will benefit this now technology?
The smaller number wins!!
54. 54
54
54
Cloud technologies and
processes are part of ITaaS
practice enabling true hybrid
cloud
Focused, reliable, efficient, secure and responsive to business
needs
Zero ticketing
Supporting development
57. 57
57
It’s well known that so many
companies get hacked
Yet many executives believe it
will not affect them
Even the largest and most
prestigious ones
58. 58
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
5858
Cyber’s Problematic Reputation
“Cyber is holding us back from achieving all other initiatives”
59. 59
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
5959
Cyber governance initiative destination
Striking a balance between
the business needs and cyber,
risk & compliance needsCyber, governance & compliance are crucial for the survival of organizations
But they are also holding organizations back in many ways.
Executives don’t fully comprehend the importance of cyber security and their
personal responsibility.
61. 61
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
61
61
Demonstrate CEO
BOARD their cyber
responsibility
Determine business cyber
main principles
Allocate cyber budget,
head count & org.
structure
Trek name:
Zero trust security: Get top management on board
62. 62
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6262
Source: STKI staffing report
Number of Employees/ Cyber personnel
Implement STKI’s market data &
best practices to receive
appropriate budgets and personnel!
63. 63
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
63
Build risk & cyber multi-
year program
Build cyber resilience
program
Trek name:
Design a Cyber Governance Plan
Design holistic cyber
measurement program
Use “Israel National Cyber
Directorate” guidance and tools
64. 64
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6464
Israel National Cyber Directorate guidance
will boost cyber security in Israel!
Especially for non-regulated enterprises
Non-regulated CISO
I don’t have enough
budget and resources
I can’t explain this to the
CEOBoard
66. 66
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
66
66
Organizations that want to participate in the betta program can contact tora@pmo.gov.il
67. 67
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
67
Don’t forget to secure the ENTIRE supply chain!
68. 68
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
68
STKI expects new regulation based on Israel National
Cyber Directorate guidance in several industries
Take a deep breath.We’ve only just started.
69. 69
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6969
Of boards are not trained to
deal with cyber security incidents!
Source: Einat Meyron cyber resilience consultant & The Cyber Security Source - 2017
70. 70
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
7070
CEO board member nightmare:
One Innocent phone call
73. 73
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
7373
Leverage the similarities between BCP & Cyber Resilience
BCP
(Business
Continuity Plan)
Cyber
Resilience
And make them work together in collaboration
74. 74
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
7474
Trek name:
Adopt to changing regulations
Keep up with existing
regulations
Look as GDPR
becomes standard
Implement Privacy
Protection Regulation
75. 75
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
7575
GDPR Hype
GDPR is searched more
than Cyber Security
GDPR
Cyber Security
77. 77
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
7777
What does GDPR mean to our business? A lot!
The right to data portability allows individuals to obtain and reuse their
personal data for their own purposes across different services.
It allows them to move, copy or transfer personal data easily from one IT
environment to another in a safe and secure way, without hindrance to usability
78. 78
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
78
It will also change many processes and interaction methods.
Example first engagement with client and his consent to continue with the process:
79. 79
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
7979
Consent Management
One of the new tools needed to maintain compliance
80. 80
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
8080
Some organizations will have to appoint a DPO under
GDPR law
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-officers/
The first point of contact for supervisory
authorities and for individuals whose data is
processed
Informs and advises the organization and its employees
about their obligations to comply with GDPR and other
data protection laws
Monitors compliance with GDPR and other data
protection laws, including managing internal data
protection activities
Advises on data protection impact assessments
Trains staff and conducts internal audits.
81. 81
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
8181
source: konfidas
GDPR and Israeli privacy act are touching the same areas
82. 82
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
8282
Eventually, it will come… So be prepared
83. 83
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
8383
Trek name:
Cyber Security Operations
Enforce patches
Applying to new devices
(watches, pumps, cars, etc.)
Embrace new technologies and
prepare for new vulnerabilities
Re-adjust cyber security program
Embrace
DevSecOps
Automate Cyber
Operations and Use
AIML
85. 85
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
8585
DevSecOps tools - Embed SDLC (Secure Dev. life cycle) tools
into CICD:
• Static analysis tools
• Dynamic scanning (auto pen. tests)
• Embed operations data (logs, customer inputs) with security inputs
86. 86
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
86
Cyber governance
GDPR, Israel
privacy law:continue
GDPR, Israel
privacy law: start
Blockchain based
identity
DPO - data privacy
officer
Anonymization for cloud
Blockchain based
general tools
(DBMS, etc.)
Cloud security
tools
Cloud tokenization