When one can see the edges, DevOps can be both a beautiful
thing as well as a beautiful experience.
Like all beautiful things or experiences, the beauty is
found and defined at the edges. The iPhone, the Chris Craft, the steep cliff. All beautiful because of their edges and
because of the edges of the experience. The feel in the hand. The wind in the
hair. The looks from others.
But to see the edges and be safe, you have to have vision. The vision to
see what it is or express what it can be so it can be formed in the mind of
others. No one talks about an iPhone by focusing on what it is not. No one hangs off the edge of a mountain because of what it is not.
No one has ever been successful at DevOps by having a vision around what it
is not.
So, Good DevOps differentiates from Just DevOps because of the
edges that keep great code fast, stable and secure. There is a lot of white
space there. That's just tactics. But that’s not all. Once the vision is conceived, that vision needs
to translate to getting everyone else onboard and to the finish line.
There is a lot to worry about. The worries have nothing to
do with what’s in the name. Adding “sec” to “devops” alone won’t make the executive
team sleep better at night anymore than making performance important by adding
“perf” to DevOps.
It’s the edges, the feel, not the name.
Your edges will be defined in the least obvious places. Sometimes the most obscure.
In the
tools. And the handling of legacy code. And the processes. And the standards.
And the identification of inadequate controls.
And the questions you ask….
What if we encourage
identification of edges that are “vague” instead of “good”?
Or defined an edge at
the automated promotion of code which differentiated among good code, bad code,
or insecure code and did that in an equally automated way?
Or created a edge of balanced
CI/CD and automated testing without neglecting either?
Good practice everywhere is a basis for securing anything. Vision
certainly doesn’t come from indecision. Safely enabling the business has to be purposeful and decisive.
Indecision blurs the edges of DevOps enough
for vagueness to incrementally rot those edges away. Then, no matter the vision, you won’t end up
with a thing of beauty. You’ll just end
up with a thing.
And who wants to do all that work for just a thing?
Follow me on Twitter for discussion and the latest blog
updates: @Opinionatedsec1. Or, start your own discussion using
#crazygoodcyberteams on twitter or Linkedin and I'll read it.
SEE ALSO
No comments:
Post a Comment