The Doppler Quarterly Special Edition 2019 | Page 67
Source: Damon Edwards
of governing with an iron fist needs to give way to baking controls, policy and gover-
nance into the code. The days of holding multiple weekly review boards for architecture,
security, and governance must be put to bed. These processes and mindsets simply
don’t work in the era of continuous deployment. In this new age, we must trust in our
automation and institute proactive and continuous monitoring to check for ongoing
security and compliance. Manual review by humans just doesn’t scale when multiple
teams are able to perform push-button deployments. We must audit ourselves in real-
time in the new world.
DevOps and Technology
It is here where we finally start focusing on IT automation and the famous CI/CD pro-
cesses. What many call DevOps is just one small piece of the DevOps puzzle. Running
systems in the cloud requires new tooling and methods. Many of the legacy tools we
have used in the past require state and physical infrastructure. We recommend born-in-
the-cloud solutions in the areas of security, monitoring, logging, code repositories, etc.
Providing visibility into system health and application state is crucial in providing high
SLAs in the new world where deployments happen frequently. Much thought needs to
go into building a robust security and monitoring framework that feeds into a central
logging solution and can be accessed through a single pane of glass.
SPECIAL EDITION 2019 | THE DOPPLER | 65