Agile enterprise development doesn’t necessarily mean a free pass on governance
When the designers of Monopoly created a “Get Out of Jail Free” card for the iconic board game, the playing tool became synonymous with “getting a free pass.”
As digital innovation steamrolls through the enterprise world, it is increasingly running into historical practice, including rules and regulations governing the proper handling of data and system security. And when organizations embark on a cloud-native, DevOps journey, bypassing controls can lead to trouble down the line.
“They do a proof-of-concept, they do a pilot, and they like the results,” said Charlie Betz (pictured, left), principal analyst at Forrester Research Inc. “But both of those had a ‘get out of jail free card.’ They had a pass to bypass certain regulatory or governance-compliance controls. Now they want to scale it, they want to roll it out across the enterprise, and you can’t give every team a ‘get out of jail free card.’”
Betz spoke with Peter Burris (@plburris), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, at theCUBE’s studio in Palo Alto, California. He was joined by Tobi Knaup (pictured, right), co-founder and chief technology officer of D2iQ Inc., and they discussed tools to ensure enterprise compliance and the risk of creating security vulnerabilities when proper controls are not in place. (* Disclosure below.)
Solution for multi-cluster management
To assist enterprises with meeting complicated governance requirements, D2iQ recently introduced Kommander, a software solution designed to provide federated multi-cluster management and governance for any cloud or on-premises Kubernetes distribution.
“Cloud-native and Kubernetes have seen rapid adoption in the enterprise, and the governance frameworks and tools are just now catching up,” Knaup said. “How can we find this balance of giving developers the things that they want, having them leverage the benefits of cloud-native, but at the same time making the folks that are in charge of governance aware of what’s going on in their enterprise? It’s having a central pane of glass for visibility, knowing what versions you are running.”
Enterprises should be highly motivated to jump on the governance bandwagon based on cybersecurity concerns alone. September marked the two-year anniversary of the massive Equifax breach that exposed the personal information of 147 million people.
The breach was facilitated by exploiting an unpatched web application vulnerability in Apache Struts.
“I understand that developer autonomy is very important, but every time a development team chooses a new technology or a new way to configure an existing technology, that’s an expansion of attack surface,” Betz noted. “I’m very concerned about that, especially as we see things like Equifax. We have to keep our environment secure, well-patched, up-to-date.”
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: D2iQ Inc. sponsored this segment of theCUBE. Neither D2iQ nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.