What is DevSecOps
Building blocks, execution, and AWS resources for best practices
Artius IT Breakdown
It’s time to break IT (information technology) down “Artius IT Style!” With so many buzzwords in the computer world, it can be a mind numbing experience when a business owner hears a word like “DevSecOps.” Artius ITwants to draw the simplest connection from what you know as a business owner to what information technology enthusiasts know from being nerds. This post will follow the “techie-speech is to a normal-day-example” method, in which we will use techie buzzwords and draw connections to common business principles. So let’s do it. Let’s break it down Artius IT Style.
Development, Security, Operations
Let’s start out by drawing similarities between an internet environment to a B&M (brick-and-mortar) business. The actual building space for a B&M its their physical/real location on earth. The infrastructure they actually work in on a day to day basis is their real-world environment. Besides managing the resources that help them stay in business, B&M businesses also offer products and services for their target customers. So the entire B&M environment is a product as well as a service that sells additional products and services. B&M companies normally have a method of developing a product or service that involves many different teams. Each team is usually given a certain amount of access to the company’s information, so that the respective team can properly complete the part of product development they are responsible for. Think about the supply and demand nature your business for a second. Demand drives supply. You have to understand demand. To be profitable, you’ll want to keep up with the change in demand, and create better features for your product.
You’re not the only one in your industry. Other people are competing for a share of the market. Business can be war, so you’ll need to protect your environment, and product, from the conception of the product to the day you stop making the product. Once you release your product you’ll constantly want to know how your clients are reacting. You’ll want to use all the information related to the product and customers to figure out how to improve. You want to do all of this faster than your competition. You also want to save time and money when frequently testing new products and product features.
We are about to get into the techie portion of DevSecOps. Remember that we are using the B&M businesses to give you a reference point for what happens when you get on the internet aka “The Information Highway.” At the core of DevSecOps is the concept that “Businesses want operations that securely develop products.” Since it is all about the bottom line, business owners should have as much knowledge as possible to be as profitable as they can. Remember the words, “Build. Test. Deploy. Repeat.”
Why Profitability Depends on DevSecOps
Let’s switch our conversation to the internet environment. The digital world is the virtual space that companies occupy. It is like a traditional B&M business, but on steroids. Even though you can’t be god, think about being able to play god when it comes to your B&M business. What would every customer experience be like? What knowledge would you want to possess? The internet gives you the ability to interact with your clients through a virtual environment. Software is the connector that businesses use to reach their customers online so that the customers will purchase their real world products and services.
When it comes to your virtual space, software is your main product and service. Because clients aren’t able to physically feel your product or service, you’ll have to interact with your customers through your website, or application. So if asked “Why are you online?” The sensible answer would be, “Because you want your clients to enter into your virtual space, and eventually pay you money for your real product or service.” Whether at a B&M physical store, or an online environment, It’s all about the bottom line. Yet your bottom line depends on your DevSecOps practices for software. Developing a logical way for different teams to communicate and manage the different operations of your software development is the backbone of the DevSecOps mindset.
Establishing DevSecOps In Your Company
DevSecOps is more of a best-practices culture of streamlining software products and services. It tears down barriers in communication that prevent different teams from operating efficiently. Imagine if all the non-management employees in a B&M business instantly knew how to deal with customer requests without having to speak to the research and development team or upper management. Imagine if you knew what threats were in your B&M store and how to automatically eliminate those threats without taking time away from customers. What if every customer interaction was tracked and analyzed so you could continuously provide that customer with improved services? How valuable would that be to you as a business owner? Well, in the virtual environment you are able to meet your clients needs like never before. Developers of you virtual space should adopt a DevSecOps model that optimizes productivity, strengthen the reliability of my virtual space’s infrastructure, and improve the quality of services and products for my clients. Everyone responsible for the development of my products should have a high level of ownership throughout the life of my product.
The Right Tools Make The Difference
To comply with DevSecOps best practices, I will need the right tools. Since we are talking about building the best virtual business space, we need to look at the software that will be used as tools for building. The right tools will help us streamline any other software development along the way. Proper tooling also will help you manage the infrastructure of your digital presence. Use tools that will allow you to make frequent and small updates. The frequent and small updates make it possible to evolve products for the joy of our customers. There are less risks in deploying smaller software packages because the time to fix small problems is less than the time it takes to fix large problems. Think about building a Legos spaceship. One Lego part on the wing of the spaceship is easier to change that a whole spaceship. This principle is called “microservice architecture.” Build fast and small. Be flexible when you develop. Use independent projects. You’ll be able to reduce the overhead of updating your product later on after you assess how your customers interacted.
Continuously integrate and deliver products to your clients. Use an automatic method of releasing your products. Use computer code to build your virtual space that builds your software products and services. Think about how a McDonald’s uses a blueprint to build other McDonald’s. Everytime a McDonald’s goes up the architect does not use a brand new blueprint. The way McDonald’s look depends on a template given to contractors from a McDonald’s building department. This template is used for several different McDonald’s franchises, slightly modified from store to store. The contractors manage the configuration of the entire building from a set of rules given to them ahead of time. A virtual DevSecOps environment should be setup with the same mentality, and should also be built to be responsive to the frequent changes that it’s software components and resources will go through because of the feedback being received from customers.
B&M business have to keep maintenance and also track the status of all resources under their roof. Similarly, you have to monitor and log the performance and resource usage of your virtual DevSecOps environment. How healthy is your virtual space? Is there any bottle neck in any of the operational environments that build your product? What processes do you have in place to log and react to bugs in your software? If bugs were in your B&M how would you get rid of them? When would you call an exterminator, and who? How long would you be out of service? Monitoring and logging your virtual space gives your customers faster and more reliable updates.
AWS DevSecOps World
TBS DevSecOPS on AWS
These are the philosophies, practices, and tools specific to AWS (Amazon Web Services) DevSecOps environment.
AWS CodePipeline addresses CI/CD (Continuous Integration/ Continuous Delivery) to merge codes from different developers into single place where it can be automatically built, tested and ran. CodePipeline helps developers improve software quality and release products, and product updates, through the faster ability to debug and validate microservices. CodePipeline sends code to a testing/deployment space within the DevSecOps loop. Once the code is given the green light from predetermined policy, policy which can be automated as code, the code goes on to a testing environment. Eventually the testing results in production.
Amazon ECS and AWS Lambda are the tools for developing with a microservices mentality. Applications can be split into smaller components and services. This happens through carving out space on AWS servers through their EC2 resources and Lambda API calls. Different languages can be used to program each resource. Microservices are normally setup through writing HTTP based APIs. This would be like a contractor making different phone calls to different material companies to construct a B&M business.
CloudFormation is the template tool that allows you to successfully build, manage, and replicate the blueprint of your virtual environment. Unlike a B&M, your virtual building time is minutes, whereas your B&M would take months. If you mess up in your virtual building design, you can tear down your environment within seconds and try again within seconds. Now you are starting to understand the power of virtual environments. They are easily scalable. Grow or shrink according to customer demand. Manage your entire configuration through programming languages. Your operating systems, where you host your virtual environments, the tasks each microservice performs, are all easily manageable through automating tasks. AWS OpsWorks and ECS (Elastic Container Services) helps you save time on managing your virtual space’s configuration.
AWS Config and Config Rules help you enforce compliance and governance regulations that your industry is held accountable to. Imagine if a B&M restaurant was automatically compliant with all of their health codes. With AWS Config you can write policy as code to monitor and enforce compliance. You can code in IAM (Identity and Access Management) within you Config Rules to make sure that the right people and groups have the right authorization to access certain information. Find out which part of your virtual environment is non-compliant, and code rules to get that part up to par. This is a huge advantage with AWS DevSecOps, it is easy to code in self fixes. Imaging if your B&M business could automatically fix the roof, or a defective product before it reached customers.
Amazon CloudWatch and AWS CloudTrail create the log that is the input for the configuration rules. They are AWS DevSecOps tools that analyze your virtual environment on a 24/7 basis. That is like having the best security guards for your B&M business. This security guard can tell you about your customers experience and how well your environment is performing. You’ll be able to get to the root cause of any problems in your virtual world. The DevSecOps workflow is designed to be extremely fast. CloudTrail and CloudWatch keeps up with the incredible speed.
Continuous Communication & Collaboration
No matter how good your tools are, you will not have a successful product if your teams don’t have a way of successfully communicating their operations to each other. Constant communication and collaboration is critical to good DevSecOps culture. Each company is different, but a method of information sharing needs to be in place. Having chat apps, project tracking apps, and well-documented archives is important. Each part of the company needs to have the same type of speed in accessing the required information to develop the product. Whether its HR, R&D, Communications Dept. all parts need to align with the owners intent. This will help the whole company have a clearly defined mode of operating when it comes to their corporate brand.
AWS DevSecOps is all about rapidly and reliably deploying innovative products for customers through effective and orderly tooling. Save time by automating manual jobs. Manage complex environments at any scale. Keep up with the fast nature of the information technology world as it pertains to your industry. Use Artius IT to build a DevSecOps environment on AWS for you company today. Contact Tor for more information.