Stephen King, vCORE DevOps Engineering Lead | May 7, 2020
The first few months of 2020 have brought unprecedented challenges across the world as societies and organizations grapple with the fallout of a global pandemic.
With the economic pressure rising for many companies, interest is surging in digital transformation initiatives that provide greater agility and flexibility to meet rapidly-shifting market requirements and business needs.
Businesses are changing the way they think about and implement technology to create new processes, customer experiences and future-proof their organizations.
Here are three major trends in digital transformation we’ve seen emerging so far this year:
1. Hybrid & Multi-Cloud
Gartner states that by 2021, 75% of mid-sized and large-scale organizations will have adopted a multi-cloud or hybrid cloud technology strategy1. Advantages of hybrid cloud models include:
- Separating workloads – We’ve seen clients, for regulation purposes, separate their workloads to maintain compliance with standards like GDPR, HIPAA, PCI, SOX, etc. Additionally, they’re maintaining a clear separation between non-critical and mission-critical workloads.
- Ah-hoc & burstable workloads – Spinning up additional resources for short-term projects eases over-investment in on-prem equipment, which is only needed temporarily.
- Cost savings – Running a hybrid cloud strategy is cheaper than running on a single public cloud, especially when running legacy workloads. Hybrid cloud solutions tend to be cheaper than running strictly in a public cloud, while providing the ability to take advantage of cheaper public cloud managed solutions like storage and app services.
- Flexibility – Provides the flexibility necessary to match your actual technology consumption requirements to your needs without being married to your vendor.
Advanced workload and management systems are easing the process of maintaining multiple cloud vendors with on-prem data centers. Tools like Aviatrix for networking, Tanzu for Kubernetes workloads, and vRealize for infrastructure, provide mature toolsets that ease the complexity of managing multiple technology platforms.
DevSecOps marries security and development operations by leveraging continuous integration and continuous delivery (CI/CD) methodologies, making the often-mystical world of security transparent, repeatable, and approachable.
The natural progression is to help eliminate the bottlenecks of traditional information security models and removing the siloed approach to security by promoting teamwork between developers, infrastructure engineers, and security groups.
With the rise of containerization and the increased speed of delivery, the need to scan code and images before, during, and after deployment with logging and metrics becomes imperative.
By tightly weaving security tools like Twistlock, SysDig and Veracode into existing development pipeline, the DevSecOps provides:
- Security teams with greater agility by providing tooling and insight throughout the development process.
- The ability to catch quality assurance issues and code vulnerabilities prior to releases, increasing speed of delivery and reducing downtime.
- An environment that promotes and fosters collaboration and communication between teams rather than an adversarial approach.
Successfully implementing a DevSecOps approach2 requires:
- Compliance monitoring and the ability to audit consistently at any time. You should be able provide reporting for NIST, HIPAA, GDPR, CIS, PCI-DSS and APRA.
- Threat Protection which continuously checks third-party libraries and support systems for CVEs.
- Repository and component scanning provides insight and covers all components of the development pipeline.
- Logging, monitoring and alerting gives everyone involved in the pipeline awareness of platform health and individual applications with guidance to application owners.
- Change Control and Platform Governance – Application life-cycle has well defined standards.
Successful DevSecOp teams have a collection of characteristics that ensure high-level engineering practices, which break down barriers between development, security and operations. They’re able to secure applications in predictable releases, which are transparent and need minimal manual intervention.
3. Automate … EVERYTHING
The key enabler to the success of DevSecOps and hybrid multi-cloud deployments is automation. Pressure to deliver more with less always brings automation into regular discussion.
Agile development, DevSecOps, and a hybrid cloud operating model require speed, agility, and repeatability to support diverse technology needs. Teams continue to field requests for provisioning of systems — regardless of location — in a predictable and repeatable fashion.
Network, infrastructure, and end-to-end environment orchestration evolve with existing toolsets. Terraform, vRealize, Sysdig and Twistlock are regularly discussed as part of DevSecOps pipelines and bringing together operations, security and development.
By creating automated processes, technology delivery teams increased uptime, lower costs, increase speed of delivery, while improving security.
How vCORE Can Help
As businesses evolve, the need for digital transformation strategies, which support diverse outcomes, will continue to be imperative to business success.
Establishing a hybrid or multi cloud model, along with leveraging automation and DevSecOps, represent necessary steps to drive down costs and support innovation.
As a leader and driver of innovation, vCORE provides an extensive lab and suite of technologies for our clients, who can use those tools prior to implementation while having expert technologists available to help improve outcomes.
If you would like to see what vCORE can do for you or have any questions please reach out here.
More from the vCORE Technology Blog
Maintaining Compliance in the Cloud
Accelerate with Cloud Automation
Five Questions with vCORE Cloud Technical Director Brent Piatti