UPDATED 19:00 EDT / DECEMBER 19 2019

CLOUD

Agile enterprise development doesn’t necessarily mean a free pass on governance

When the designers of Monopoly created a “Get Out of Jail Free” card for the iconic board game, the playing tool became synonymous with “getting a free pass.”

As digital innovation steamrolls through the enterprise world, it is increasingly running into historical practice, including rules and regulations governing the proper handling of data and system security. And when organizations embark on a cloud-native, DevOps journey, bypassing controls can lead to trouble down the line.

“They do a proof-of-concept, they do a pilot, and they like the results,” said Charlie Betz (pictured, left), principal analyst at Forrester Research Inc. “But both of those had a ‘get out of jail free card.’ They had a pass to bypass certain regulatory or governance-compliance controls. Now they want to scale it, they want to roll it out across the enterprise, and you can’t give every team a ‘get out of jail free card.’”

Betz spoke with Peter Burris (@plburris), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, at theCUBE’s studio in Palo Alto, California. He was joined by Tobi Knaup (pictured, right), co-founder and chief technology officer of D2iQ Inc., and they discussed tools to ensure enterprise compliance and the risk of creating security vulnerabilities when proper controls are not in place. (* Disclosure below.)

Solution for multi-cluster management

To assist enterprises with meeting complicated governance requirements, D2iQ recently introduced Kommander, a software solution designed to provide federated multi-cluster management and governance for any cloud or on-premises Kubernetes distribution.

“Cloud-native and Kubernetes have seen rapid adoption in the enterprise, and the governance frameworks and tools are just now catching up,” Knaup said. “How can we find this balance of giving developers the things that they want, having them leverage the benefits of cloud-native, but at the same time making the folks that are in charge of governance aware of what’s going on in their enterprise? It’s having a central pane of glass for visibility, knowing what versions you are running.”

Enterprises should be highly motivated to jump on the governance bandwagon based on cybersecurity concerns alone. September marked the two-year anniversary of the massive Equifax breach that exposed the personal information of 147 million people.

The breach was facilitated by exploiting an unpatched web application vulnerability in Apache Struts.

“I understand that developer autonomy is very important, but every time a development team chooses a new technology or a new way to configure an existing technology, that’s an expansion of attack surface,” Betz noted. “I’m very concerned about that, especially as we see things like Equifax. We have to keep our environment secure, well-patched, up-to-date.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: D2iQ Inc. sponsored this segment of theCUBE. Neither D2iQ nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU