It's not pleasant to think about, but the fact is that when we go to work we are expected to do things. But what are the things that need doing? If we can answer that question without hours of meetings or dozens of emails we can finish our work and do...other things. UpGuard's new Tasks feature provides a lightweight project management system designed especially to maintain quality in a rapidly changing environment.
Why build a task management system when there are already plenty of solutions–Jira, Pivotal, Trello, etc.–out there? The reason is that those systems were not built for the needs of DevOps. At best they accommodate infrastructure changes within a workflow that was optimized for development requirements, or are so general that they can sort of work for anyone. Because UpGuard is already a system of record for your system state, it's pretty straightforward to float those changes up to a task management layer so you can move at top speed without compromising on security, compliance, uptime, and all that other good stuff.
UpGuard creates tasks when a node scan detects configuration drift or when a policy fails. Both of those are leading indicators that your infrastructure does not match what you think it is, and that is a leading indicator that something bad is going to happen.
If a detected change matches your expectations, you just close the task. Other people can then find your approval and know that the change was intended. If something is going to take awhile to understand and fix, you can kick it to a more verbose ticketing system to track for the long haul.
The first step is assigning out the tasks. Newly created tasks appear in the unassigned list by default. Assign each task to the person responsible for the asset. There is now no mystery about what needs to be done and who is responsible.
Some of the items will require trivial amounts of work. Your team members can quickly go through and close out the tasks that are the result of planned changes. (For changes that are noise, this is also a useful reminder to add those to an ignore list). The benefit here is that you avoid spending five minutes to create a ticket for a one minute task, but you still get the paper trail that demonstrates every change to your infrastructure was acknowledged and verified. When auditors visit you have documentation for every change.
Closing out tickets is, again, very simple. Each task contains the details needed to understand why it was created. Depending on that information you might need to do anything from update a UpGuard policy to rebuild a server. Once you have addressed the cause of the discrepancy you just click close. All those closed tickets are accessible via UpGuard's API so you can perform additional analysis as needed.
So how do events like 000webhost's massive data breach involving free web hosting providing 000webhost transpire? In a word, negligence. Gross negligence, to be precise.
Read Blog >
Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. For our part, we're offering our full product, including vulnerability assessment, free forever for a user's first ten machines.
Read Blog >