Technology conference season is in full swing, with so many events going on that even large ones like PuppetConf and Amazon Re:Invent have been forced to overlap. While part of the UpGuard team traveled to Las Vegas, two of us stayed in San Francisco for a different style of conference. Far from the madding crowds of general interest vendor-backed extravaganzas, we presented at FinDEVr, a conference with a few hundred people and a sharp focus: improving the technology of financial services.
Chatting with other presenters, I was struck by the variety of solutions drawn together under one roof. We were there to talk about the problems UpGuard addresses– maintaining secure and operational infrastructure– and as far as I could tell there was no one doing anything remotely similar. From behavioral metrics to internal app stores to democratizing access to private equity, every conversation highlighted the diversity of technological needs for financial services.
We also heard a variety of use cases from the developer-centric audience. The stories we usually use to describe what we do– like diffing the state of two nodes to debug a stopped service– resonated well, but so did other situations that tend toward the developer end of devops. For example, one developer evangelist asked about using UpGuard to compare Ruby gems across environments. FinDEVr was the first time I'd been asked that question but it was a perfect use case for the platform.
UpGuard tracks changes due to all package installers and can diff them between environments.
To judge by the number of people coming up to talk to us later in the day, Alan Sharp-Paul's presentation "Integrity in the Age of DevOps" struck a chord with the audience. One woman looked at the title of his talk and said bluntly "devops and integrity– isn't that a contradiction?" She's right that most businesses today must choose between safety and speed, but that can't remain the case. To thrive in age of digital transformation, both are critical to ensure competitive success. In fact, one could argue that not only are speed and security not mutually exclusive, they are mutually dependent. Security needs agility to keep up with the pace of the threat environment, and the business needs security to mitigate the risk of data breach to an acceptable level. That's a crude summary of Alan's talk, which you can watch in full below.
Suffice to say, at a conference dedicated to innovation in fintech, the importance of aligning speed and integrity was a message that many were waiting to hear, and we were proud to be among the many presenters showing how that can become a reality.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.