Self-Serve DevOps in the cloud

Why would a Cybersecurity Professional want to talk about self-serve DevOps, well I have had the opportunity and disadvantage to have worked with an organization that has tried the DevOps “kind of “and cloud move “sort of.” The beauty of the Cloud is made for DevOps and deployment automation, and restricting access to the environment by API’s one of the best things about API’s and the Cloud is that the infrastructure can be abstracted and automated. Since provisioning and deprovisioning a VPC infrastructure can be scripted. Many organizations move to the cloud from on-premise data centers that were dysfunctional at best “Forklift “their infrastructure and their Applications and process to the cloud and quickly find that it will not work In the Virtualized Cloud. Old habits are said to die-hard including bad infrastructure designs and product development. When I talk with organizations that deploy in the cloud that used to deploy on-premise or at a Data Center. Many newly provisioned organizations in the cloud kind of get it. On moving towards a true DevOps give the Developers areas to work in. Do not give the developers Unmanaged and chaotic infrastructure. And yet they would still develop applications the same way they did before the cloud. Developers would deliver the code throw it over to QA, which would then give it to Operations and then stand up the environment to support that application. Here is where Chaos would reign due to the lack of collaboration and communication between the differing silos, back and forth communications were required for Operations to build the infrastructure. And sometimes the development teams would rely on systems that were not in production. Or to make matters worse, the code deployed in the new environment for the first time would introduce new bugs late in the deployment lifecycle. Finding bugs late in the deployment lifecycle caused development teams to prioritize these bugs and create technical debt, by only fixing the critical ones, this technical debt meant that many bugs from previous releases would never make it to the priority list. A dysfunctional development process and siloed teams is not an efficient way to create secure quality product or speed to market. When in Rome do like the Romans, like many organizations that have done it correctly follow the best practices. Operations should empower developers to create their environments but in controlled documented managed fashion. The idea to a cloud deployment is providing self-service infrastructure with the level of governance that your organization needs a cautionary note for you is this Self-service can lead to Chaos inconsistent environments, explosive cost, and inadequate security controls. The best practice for self-service provisioning is to create a standard set of machine images. These machine images represent the standard machine with all of the proper security controls, policies and standardized software packages installed. Developing in the cloud can be very efficient with standardized software packages. For example, I’m a Database developer, and I can select from the standardized software packages a web server running NGINx and a Database server running MySQL. The developer does not have spend any of his or her resources time configuring the environments. The developer just requests an image and a corresponding environment. The environment gets automatically provisioned in a few minutes.