To succeed with the cloud, you need real governance

Most enterprises don’t have a well-developed governance approach for the cloud, not even an idea of a technology solution.

Enterprises are overwhelmed these days with other technology changes, including not just the move to cloud but devops, machine learning, and whatever other shiny objects pop up out of the market.

I view governance as the consistent enforcement of policies to place limits on how, when, why, and for what purpose a resource such as data, processes, APIs, storage, or compute is used. The best way to think about governance is as a series automated guardrails, in the form of policies, that keep you from running off a curvy road.

To read this article in full or to leave a comment, please click here

Powered by WPeMatico

Devsecops: Add security to complete your devops process

As seen in a recent DigiCert report, an overwhelming majority of companies believe that an integrated security and devops team makes sense. In fact, 98 percent of survey 300 US respondents (a third from IT or security) are either planning to or have alreafy launched such an effort.

This is good, if unsurprising, news. For years, I’ve been saying devops is really devsecops, and so have many others. Most enterprises are now following that lead.

But it took years to get here. Why? If you don’t have people, tools, and processes focused on security, you’re not providing systemic security at platform, application, and the data levels. Enterprises are now getting hip to this fact.

To read this article in full or to leave a comment, please click here

Powered by WPeMatico