Tuesday, August 14, 2018
Friday, August 3, 2018
Tuesday, July 24, 2018
A Complex Enterprise Change: AWS Cloud Transformation Management
“When it comes to cloud adoption, the biggest challenge isn't technology - it's the people and processes that must change and adapt” - Forbes
The impact of cloud adoption will affect not only your application workloads but also your organization, business models, HR and procurement processes. Organizations need to examine the influence cloud adoption has on its people, culture, and processes. Culture can be defined as the values, beliefs, and practices that exist in an organization. Culture is critical when it comes to cloud adoption because it will affect an organization’s management and the economics of its IT services.
“Cultural issues are at the root of many failed business transformations, yet most organizations do not assign explicit responsibility for culture” - Gartner
The first step in influencing cultural change is to identify the values required for the organization’s cloud adoption. Once these values are defined, it is crucial to communicate the new operating behaviors and reinforce them explicitly and implicitly by using a reward system. The last step then becomes hiring or selecting the right individuals that are excited to embrace the change and would align the values that you want to drive.
The obstacles that organizations might face as they embark on the journey to the cloud are:
● Lack of visible and active leadership
● Lack of change management resourcing
● Resistance from project teams, middle-level management and fellow employees resulting from the organization’s inertia to change.
Many IT organizations are not used to driving projects with change management in mind. Organizational change management can be defined as applying tools & processes to the people side of change, to transition from a current state to a future state to successfully achieve a particular outcome.
Successful change across an enterprise does not just happen organically. Organizational change first requires individual changes and its normal to experience some reluctance and resistance to change across an organization. The scope and type of change should inform your change management plan, which comes down to selecting the appropriate toolsets for the job at hand.
There are three types of change efforts, namely:
- Improvement: Focuses in on the changing toolsets.
- Transitional: This change effort focuses mainly on changing both the toolsets and skillsets.
- Transformational: The key difference here is that we are looking at the impact and effect changing toolsets & skillsets has on the changing mindsets.
Across the three change efforts, communication, change & project management, training & change leadership are all required solution drivers. Elements such as training & orientation, organization design, HR strategy & support are necessary elements required for a more robust transformational change.
There are 3 phases to tactically applying change management approach to accelerate your cloud transformation.
In the first phase, your team and senior leadership have to be mobilized. The team to lead the change and build the momentum is formed and referred to as the Cloud Center of Excellence (CCoE). The CCoE can consist of a cloud engineering team and a cloud business office team. The program governance structure is shaped, and it is essential to assess and align the change leadership roles.
The second phase is about defining your vision and engaging your organization. The third and final phase is about implementing your changes. After the selection process, the leaders need to articulate and communicate the vision & roadmap for transitioning into the cloud. At this phase, it is essential for leaders to address how the change would affect the employees in the organizations.
Finally, the last phase is about enabling the capacity and ensuring successful cloud transition into the cloud. The objective of this phase is to align IT organization structure, roles, and processes with the AWS platform and too also ensure that cloud benefits and goals are achieved.
Friday, July 20, 2018
10 Tips for Managing Cloud Costs
1. Monitor spending on a daily basis.
2. Shut down unused or unnecessary instances.
3. Require tags company-wide.
4. Rely on automation rather than manual processes.
5. Consider a standalone cloud cost management tool.
6. Invest in a hybrid cloud management tool if your needs are more complex.
7. Look for a solution with machine learning capabilities.
8. Take a systematic approach to cloud cost management.
9. Watch out for vendor lock-in.
10. Optimize private cloud costs.
2. Shut down unused or unnecessary instances.
3. Require tags company-wide.
4. Rely on automation rather than manual processes.
5. Consider a standalone cloud cost management tool.
6. Invest in a hybrid cloud management tool if your needs are more complex.
7. Look for a solution with machine learning capabilities.
8. Take a systematic approach to cloud cost management.
9. Watch out for vendor lock-in.
10. Optimize private cloud costs.
Evaluation of Cloud Cost Optimization Tools
We’ve looked at a number of cloud cost optimization tools in house and for customers. This is a brief breakdown of some of the characteristics and features of the programs. Please realize that this is a very fast moving part of the industry. If you decision hinges on a single feature, it’s availability may have changed by the time you read this sentence.
package
|
direct cloud support
|
import data support
|
deployment method
|
cost aggregation
|
shared access
|
RI calcs.
|
cap. planning
|
general monitoring
|
project breakdown
|
price basis
|
AWS, GCE
|
no, on roadmap for enterprise
|
SaaS
|
yes
|
yes
|
yes- premium product
|
cost monitoring only
|
AWS and GCE tags
|
free, premium $240 up to $200k spend
| ||
AWS, Google, Azure
|
yes, using Dropbox
|
SaaS, AWS install
|
yes
|
yes, via email
|
yes
|
no
|
cost report/daily email
|
yes,can split cost as well as gather
|
free for the basic cost monitor with a tiered pricing for more functions.
| |
AWS, Rackspac, Azure, more...
|
SaaS
|
yes
|
yes
|
yes
|
organization, application, environment (production, test, development)
|
free basic tier
| ||||
EC2, CloudStack, Eucalyptus, HP, Logicworks, OpenStack, RackSpace, Terremark, vCloud Director
|
no
|
Saas, on-premise
|
yes
|
yes
|
yes
| |||||
AWS/EC2
|
SaaS
|
yes
|
yes
|
yes
|
yes
|
no
|
yes by tag
|
three tiers, free/pro/ent - pro based on cloud spend tracked
| ||
AWS, Heroku, VMWare private clouds
|
VMware Vsphere, Citrix XenServer, Microsoft HyperV or Private Cloud platforms like vCloud Director, OpenStack or CloudStack
|
SaaS
|
in enterprise
|
in enterprise
|
alerts
|
yes
|
scales on spend tracked
| |||
AWS, AWS GovCloud
|
no
|
SaaS
|
yes
|
yes
|
yes
|
yes
|
alerts based on thresholds, regualr scans of "best-practices"
|
yes
|
tiered fixed cost based on total spend tracked
|
Column key:
package - Name of the package.
URL - click the name of the package (link)
direct cloud support - The clouds that it can track costs on it’s own without any data munging by you.
import data support - Can it import records from outside sources, such as munged data or private clouds which might not be directly accessible.
deployment method - Where does the code run?
cost aggregation - Does it aggregate basic costs?
shared access - Does it support more than one user logging in? DOes it support reporting to more than one person?
RI calculations - Does it do modeling to determine where Reserved Instances would save money? (RIs are pre-purchased computing available in AWS).
cap. planning
general monitoring - Does the product do any type of alerting other than cost based? (on example: unused but paid for storage)
project breakdown - Can the product do cost breakdown by projects or groups of resources?
price basis - What is the basic concept by which they charge?
Thursday, May 17, 2018
SecOps: The Next Stride for DevOps
Security has always been a big concern for valuable things and IT is no exception. IT as a whole is trying to push security left in the development cycle—trying to involve it in every step of the development cycle. And just when development and operations teams are getting used to the “esprit de corps” we call DevOps, I think it’s time we add the third musketeer: security.
What is SecOps?
SecOps is a collaboration between security and operations teams, just like development and operations teams collaborate on DevOps front. SecOps is a set of practices organizations need to follow, processes they need to execute and tools they need to use to ensure the security of their application environment. SecOps is making sure organizations do not sacrifice security to attain set performance and uptime indexes.
In a typical development cycle—requirements gathering, design, development, testing, implementation or deployment and maintenance—security normally is introduced in the later stages, somewhere between testing and deployment or even later. But SecOps is all about making sure to introduce aspects around security much earlier or at each stage of the software development life cycle (SDLC).
I know what you are thinking: This is going to complicate things and increase the time to delivery. This is where operations and development teams need to join forces to uncomplicate the things and make it time efficient practice. Next thing you must be thinking of is, Why so much hassle? Think of it the other way. Wouldn’t it save more time when you address the security concerns at much earlier stages than at the time of delivery or implementation? All it takes is an amalgamation of the security group, development team and operations team; a little bit of planning; and a whole lot of execution.
SecOps + Containers
Containerization is slowly but steadily moving from an alternative to full virtualization to a serious platform for running your applications. Containers have some obvious advantages including scalability and flexibility, and this solves most of the problems related to resources in case of application development. Reduced size; reduced time to provision application environment and testing; platforms including Docker, Solaris Zones, BSD Jails; and orchestration platforms including Kubernetes, CoreOS Fleet, Amazon ECS and OpenShift make containers a more preferred option for application development environments.
This increased traction toward containerization points to the increased need to concentrate on security aspects. Here are some best SecOps practices for container environment you and your organizational teams can follow:
- Authentic sources and images: Always check for authenticity of container images. There are various tools such as Docker’s security scan. With Docker Cloud and Docker Hub you can scan images to check for potential security vulnerabilities. Most images are built from some base image and not built from scratch, so there is always a threat with the used images.
- Vulnerability management tool: There are tools available in the market to analyze container image formats and libraries for threats before you actually start using them.
- Follow benchmarks and hardening guidelines: Always make sure you do the checks and follow hardening guidelines for containers, images, hosts and platforms before you start with production. There are few standards and benchmark checks for containers such as CIS’s Docker security benchmark, PCI compliance checklist, etc.
- Periodic auditing: Regular auditing of your application environment can help you save yourself from the future troubles. Moreover, automation of auditing process can help in detection of unused images and containers.
- Use of management frameworks: Use frameworks that can automate behavior profiling and control all the users, authorize the access to the containers, images and hosts.
- Security built in to container engine systems and third-party security solutions: Third-party vendors have a number of applications for container security in addition to security systems of container management platforms.
Dev + Sec + Ops
With the continuously increasing business demands for new applications and software, and new practices and development trends such as DevOps, Agile, cloud, automation, CI/CD and others, traditional security needs to upgraded in the new paradigm. Thankfully, some of these practices facilitate the security. Consider CI/CD as an example: Continuous integration requires continuous integration tools, or what we call build servers. Some popular examples are Jenkins, TeamCity, GitLab CI, Travis CI, Bamboo, Go CD, CircleCI and Codeship. The best SecOps practice is to check and fix vulnerabilities at early stages as a part of CI/CD workflow. Integration between authentication, scanning, management tools and CI/CD pipeline tools could be the best possible solution to your security-related problems. Some easy-to-implement solutions can include automated security testing, static code analysis, authentication checks and login tracking.
SecOps enable organizations in lifecycle management, analysis of security threats, incident management, optimizing and measuring the effectiveness of security controls, reduced breach response time, reduced security risks and increased business security. The basic principle on which SecOps works is Avoid, Analyze, Respond, Review, Repeat. By analyzing the security events and data, you can build incident response plans to avoid future unwanted events.
Frameworks and Tools
Now that you have a clear understanding of why you need your security, development and operations teams to work together, let’s see what tools and frameworks you can use.
- Docker-native tools: If you are using Docker as a platform then you can use few security tools provided by Docker itself for the security of production environment: Docker Bench and Docker Notary. Docker Bench is a script that checks common best practices around deploying Docker containers in production. Docker Notary enables you to check whether content is from a trusted publisher.
- Chef: Chef provides different tools including Inspec to automate security testing.
- Puppet: Puppet provides security compliance and policy defining frameworks.
- Ansible: Ansible provides system tracking, setting up firewall rules, user lockdown and compliance automation solutions.
- CoreOS Clair: CoreOS Clair is an open-source project for vulnerability analysis in applications and Docker containers.
- SaltStack: SaltStack can help in orchestration and automation of security practices solutions for containers.
This is just a look at some of the most popular ones. If you want, there are a number of others that can look after the security of your application environment.
The main motive behind implying SecOps practices in any organization is involving security team at all possible stages to remove any ambiguity in any stage of development rather than security team providing analysis reports to the operations team and then sitting back and enjoying the show. When these teams perform in a synergistic manner, the business focus can be shifted to other important things.
Subscribe to:
Posts (Atom)