UpGuard Blog

Cyber Resilience: What It Is and Why You Need It


The way businesses handle the risks posed by their technology is changing. As with anything, adaptability is survivability. When the techniques, methods, and philosophies of the past aren’t working, the time has come to find something better to replace them. Cyber resilience is a set of practices and perspectives that mitigate risk within the processes and workflow of normal operations in order to protect organizations from their own technology and the people who would try to exploit it. This includes all forms of cyber attacks, but also applies to process errors inside the business that put data and assets in danger without outside help.

Filed under: devops, cyber risk, cyber resilience, devsecops

Monitoring AWS with UpGuard: Instances, Load Balancers, and Security Groups

So I've finally gotten the go-ahead from higher-ups to join the twenty-first century and use cloud hosting. Now I need to prove that running in AWS is not just easier than maintaining our own farm, but more stable and secure. To do this, I need to be able to monitor each of my instances for configuration drift, ensure that they are properly provisioned, and maintain visibility into dependencies like load balancers and security groups. Fortunately, UpGuard provides all of this information, so even if something were to go wrong I could catch it before someone else does.

Filed under: AWS, devops, Cloud Computing, upguard

2016 DevOps Year in Review

At the start of 2015, Gartner predicted that DevOps adoption would evolve from a niche to mainstream enterprise strategy, resulting in 25% of Global 2000 companies drinking its Kool-Aid by 2016. And while the hype—tempered by the realities of implementation—has more or less died down as of late, the methodology's value to enterprises is no longer a debatable matter. Here are some highlights from 2016 detailing how the year panned out for DevOps and its practitioners.

Filed under: devops, enterprise, cybersecurity

How Risky Partners Increase Your Cyber Risk Exposure

This is not an opener for a sex-ed public service announcement, but in fact the million-dollar question for today's enterprise CISOs and CROs: which vendor in the supply chain will prove to be the riskiest bedfellow? With 63% of all data breaches caused directly or indirectly by third party vendors, enterprise measures to bolster cyber resilience must now include the evaluation of partners' security as part of a broader cyber risk management strategy. Easier said than done: most third parties are unlikely to admit to their security shortcomings, and—as it turns out—even if they did, most firms wouldn't believe them anyway.

Filed under: devops, enterprise, cybersecurity

Why Rugged Devops Is Important for Enterprise Cyber Resilience

DevOps has proven to be more than just an industry buzzword, but as the term starts to gain widespread use in modern software development parlance, an emerging successor has begun to take hold: Rugged DevOps, also known as SecDevOps/DevSecOps. RSA Conference (RSAC) 2016 dedicated a track to the emerging practice earlier this year, so it's likely to become as prevalent as its predecessor by next year's end—especially since RSAC plans to highlight the methodology again in 2017.

Filed under: devops, enterprise, cybersecurity

10 DevOps Communities to Follow If You Need to Get Things Done

Chances are you’ve browsed to an online IT community looking for information about a technology. But taking full advantage of them means understanding how they work and what they can do for you. Interaction with a tech community usually happens for one of three reasons:

Filed under: DevOps Resources, devops

Introducing Friction-Free DevOps from Docker and… HP?

As you may recall, earlier last month HP completed its division into two parts: an enterprise focused products/services entity—HP Enterprise (HPE)—and a personal computing/printing firm known as HP, Inc. CEO Meg Whitman gave a nod to DevOps-enabled organizations such as Vimeo and Uber at the initial announcement of the split half a year ago at HP’s Discover conference, presumably setting the course for a newly DevOps-focused HPE in helping companies scale ideas to valuation. How does an IT giant go about transforming itself from an aged enterprise monolith to an agile, open, service-oriented solutions provider for today's business IT environments?

Filed under: devops, HP, docker

DevOps Year in Review 2015

There can be absolutely no question anymore that DevOps isn't just a fad—it's here to stay, it's a big deal, and it's coming to the enterprise. Speakers from relatively new companies like SurveyMonkey and Docker took the stage at the 2015 DevOps Enterprise Summit in San Francisco alongside old standards like IBM and General Electric to prove that the transition to a DevOps culture in established enterprises is not only possible, but probably inevitable.

Filed under: devops, upguard

Grokking The DevOps Toolchain

Methodologies and frameworks may come and go, but at the end of the day—tools are what make the IT world go 'round. DevOps is no exception: as the term/practice/movement/[insert-your-descriptor-here] rounds its 6th year since entering public IT vernacular, a bounty of so-called DevOps tools have emerged for bridging development and operations, ostensibly to maximize collaborative efficiencies in the IT and service delivery lifecycle. Subsequently, a common issue these days is not a dearth of competent tools, but how to integrate available tooling into one cohesive toolchain.

Filed under: devops

Inside Microsoft’s Open Source And DevOps Initiatives For The Enterprise

Polylithic, vendor-neutral, platform agnostic. Microsoft may not exactly come to mind when hearing these descriptors, but it will soon enough—if recent developments are any indication. And despite the software behemoth's DevOps zeitgeist purveyance as of late, open source initiatives have always been alive and well inside Redmond’s hallowed walls.

Filed under: devops, Microsoft

DevOps and Integrity at FinDEVr San Francisco

Technology conference season is in full swing, with so many events going on that even large ones like PuppetConf and Amazon Re:Invent have been forced to overlap. While part of the UpGuard team traveled to Las Vegas, two of us stayed in San Francisco for a different style of conference. Far from the madding crowds of general interest vendor-backed extravaganzas, we presented at FinDEVr, a conference with a few hundred people and a sharp focus: improving the technology of financial services.

Filed under: devops

Can DevSecOps Save The U.S. Government From Certain InfoSec Doom?

Though the widely publicized failure of the ObamaCare website (a.k.a Healthcare.gov) back in October of 2013 has all but faded from memory, the public sector’s persistent lag in technological innovation coupled with recent calamitous data breaches means there is no shortage of press fodder for critics. What will it take for the U.S. government to transcend its current dearth of agility and innovation?

Filed under: devops, infosec, IT security

Why Security Needs DevOps: OpenSSL and Beyond

On March 18, 2015, system administrators and developers received ominous news: two high severity vulnerabilities in OpenSSL would be announced the next day. Since Heartbleed, OpenSSL had been on a bad streak, and it looked like things were only going to get worse. Operations, development, and security teams braced for impact and then– it wasn't really that bad.

Filed under: security, devops, IT security

Can DevSecOps Save The Healthcare Industry?

The Ponemon Institute just released some unsurprisingly bleak findings in its annual study on healthcare data privacy/security, including data showing deliberate criminal attacks now accounting for most medical data breaches. The report goes on to illustrate how the healthcare industry— sitting on a treasure trove of valuable data— is ill-equipped to counter these attacks. Perhaps forward-thinking enterprise healthcare leaders should start considering DevSecOps as a viable strategy for surviving the perils of the information age.

Filed under: devops, IT security

3 Steps for Integrating Security into DevOps

The fate of CSO John in The Phoenix Project is a good parable for illustrating the dynamic and often conflicted relationship between Security and IT Operations. Security can either become a separate, obscure, and increasingly irrelevant group that everyone else resents–sounds pretty good, huh?–or it can be integrated into broader framework of the development cycle. Security John goes through a mental breakdown before finally understanding how to adapt and survive, but it doesn't have to be that hard.

Filed under: security, devops, cso

Declarative vs. Imperative Models for Configuration Management: Which Is Really Better?

As a group of concepts, DevOps has converged on several prominent themes including continuous software delivery, automation, and configuration management (CM). These integral pieces often form the pillars of an organization’s DevOps efforts, even as other bigger pieces like overarching best practices and guidelines are still being tried and tested. Being that DevOps is a relatively new paradigm - movement - methodology - [insert your own label here], standards around it have yet to be codified and set in stone. Organizations are left to identify tools and approaches most suitable for their use cases, and will either swear by or disparage them depending on their level of success.

Filed under: developer, devops, sysadmin

DevOps: Who Does it Best?

In theory, DevOps is good for every business. But if there's one thing I've learned from talking to people in the DevOps community, it's that theory doesn't always translate perfectly to reality. Theory is an advertisement; reality is a data set. That's why UpGuard partnered with Microsoft to sponsor a DevOps study from Saugatuck Technology.

Filed under: devops

Configuration Drift: The Cost of Complexity

Imagine this — you're rolling out a new version of your web app. Works great in the dev environment, and it's been signed off on in staging, so it gets rolled out to production. Things seem fine, so you call it a night.

Then the support requests begin flooding in. Something's broken somewhere, and it's not immediately obvious how. Performance monitor shows the machines are running well, so it can't be that. Ah well, better crack one of those neon-colored energy drinks, it's time to roll back and log into these machines to look through logs and config files for a potential cause. "How could this be happening," you ask, "I mean... these machines are all configured the same, right?"

Filed under: devops

Trip Report: DevOpsDays Boston 2014

"Did you really just say 'thought leader'?"

Everyone laughed. The open space topic we'd gathered to discuss was "DevOps as an Echo Chamber." The room was full of people who wanted faster, more stable deployments, and none of them were getting help from the DevOps blog-industrial complex.

Filed under: devops

Schrodinger's DevOps - Why You Need Visiblity Before Automation

So a cat walks into a bar. No, that’s not right. He walks into a box. The cat gets bombarded with radiation. It used to be a bar but a lot of people died from the radiation so they turned it into a box. Is the cat dead or alive?

Filed under: devops, automation

What Are the Minimum Requirements for DevOps?

I was perusing through Twitter-land recently and ran across a tweet talking about a DevOps meetup in the Los Angeles area that was underway. And it went on to denote that the first opening question posed to the entire group was: What are the minimum requirements for DevOps? Huh?~!

Filed under: devops

I Got a New DevOps Job....Now What?!

DevOps still lacks a commonly accepted definition, as discussed recently in the blog post The Problem with Defining DevOps. Kind of obvious in retrospect, but this really complicates meaningful usage of the word, particularly when used outside of the DevOps community.

Filed under: devops

Guest Blog: DevOps is Not Difficult, It’s Common Sense

You know what, I am starting to despair of the IT industry, just a little bit.

I’ve been working in IT for just over 20 years - I was very lucky to ride the greatest wave we’ve seen, the dawn of the Internet (I worked for the largest corporate ISP in the world, UUNET, from early 1996 to 2001), and I’ve worked in the slowest, most immobile companies you can imagine (Investment Banks). And in the last 5–10 years I’ve seen less and less common sense be applied. And now we have this word that nobody can truly define. And it’s creating even more silliness. People are spending energy, lots of energy, debating this phrase and its definition (the irony of this post is not lost on me).

Filed under: devops

The Problem with Defining DevOps

There's an old idea in Hollywood— if you can't pitch an idea in one sentence, it's too complicated. The term "DevOps" is about 5 years old, and the community still has no consensus on what that word really means, even though it's full of thought leaders who'll claim to be able to tell you.

Filed under: devops

5 Steps to Implementing DevOps Where Agile Rules [infographic]

DevOps is a relatively new concept in comparison to Agile development, so it should come as little surprise that IT enterprises have a myriad of experiences and instances of Agile approaches. And there is no need to throw everything out and start over - both Agile and DevOps are complimentary. But what if after careful deliberation inside of your enterprise you've decided to evolve from Agile to DevOps? How can you ensure that you keep all the good things that Agile provided yet apply some of the learnings from the early adopters of DevOps principles? Building a DevOps state of mind requires more than giving developers root, installing a configuration management tool, using a source code repository, and proclaiming ‘yes, we’re a DevOps shop.” At the end of the day all aspects of the people, process, technology continuums get impacted by DevOps. Here are 5 key steps to work through when implementing DevOps in an IT enterprise where Agile rules:

Filed under: Agile, devops

DevOps Requires New Job Skills & Roles

The rise of DevOps teams is upon us. The most recent State of DevOps survey found that 16% of respondents were part of a DevOps department with 55% of respondents self-identifying as DevOps engineers or systems engineers. Interesting. And if you simply Google ‘DevOps jobs’ you get over 4.5 million hits. So like it or not, this DevOps thing is going mainstream.

Filed under: devops

S**t I Heard at the DevOps Summit

Just like just a few years ago when we were in the early days of the cloud, we’re in the early days of DevOps. The DevOps Summit had by my estimation 50-100 people talking DevOps this year and I would imagine this will exponentially increase over the next few years as this topic continues to turn IT on it’s head. It is the shiny new toy for Enterprise IT! I was thankful to have the opportunity to be there and hear some of the best and brightest. Here are a few of the things I heard.

Filed under: devops

2014 State of DevOps: DevOps Going Mainstream in the Enterprise

Puppet Labs just released the 2014 State of DevOps Report. The research team interviewed companies from multiple industries and various sizes, from startups to global firms with over 10,000 employees and had over 9,200 respondents in all. The report shows us that not only is DevOps working within the enterprise, but it is also driving higher employee satisfaction.

Filed under: puppet, devops

UpGuard Launches IT Automation Partner Ecosystem

Here at UpGuard, we like to look at DevOps through the lenses of Collaboration and Automation. Almost all vendors in the DevOps space focus on the latter. We've written about how this creates Zero Sum DevOps and how these 'pockets of automation' can lead to silos of expertise around specific tools which is counter to DevOps principles to begin with. Furthermore, we've have talked about how there are 3 Reasons IT automation tools suck at collaboration.

Filed under: IT automation, devops

No Silver Bullet for DevOps

DevOps is awesome. Or at least the promises being made with DevOps are: faster deployments….more stability, resiliency & availability….save tons of money through automation….and make IT more relevant to the business. I definitely can understand why there is such tremendous interest in DevOps. Break me off a piece of that!

Filed under: IT automation, devops

Why Enterprises Struggle with IT Automation

It goes without saying that automation in the enterprise is critical to keeping up with today’s dynamic business demands. Unfortunately, automation isn't a set-it-and-forget-it process. You need to carefully monitor the environment to know exactly how much to automate and when to adjust for environment changes. To exasperate the issue, the concept of DevOps is still confusing to many and some still inappropriately equate DevOps to automation. But that isn’t stopping leading enterprises to create automation initiatives, have DevOps skunkworks projects popping up, and to name whole teams DevOps for the sake of it

Filed under: IT automation, devops

5 Dysfunctions of a DevOps Team: Team Assessment

For the past 3 months I've been publishing a series of posts around DevOps culture and lessons learned from Patrick Lencioni’s leadership book The Five Dysfunctions of a Team - A Leadership Fable. As much information as is contained here, the reality remains that teamwork ultimately comes down to practicing a small set of principles over a long period of time. DevOps success is not a matter of mastering subtle, sophisticated theory, but rather embracing common sense with uncommon levels of discipline and persistence. 

Filed under: devops

5 Dysfunctions of a DevOps Team: Inattention to Results

This is the fifth in a series of posts around DevOps culture and lessons learned from Patrick Lencioni’s leadership book The Five Dysfunctions of a Team - A Leadership Fable.

Filed under: devops

Top 5 DevOps Reading List

It is almost summertime, so time to dust off your reading material and cozy up with a good book. Recently I asked our expert panel from our most recent DevOps webcast what was their number one resource they would recommend to a friend if they wanted to brush up on the ins-and-outs of Enterprise DevOps. And in truth, they had a hard time narrowing it down to just a few. But if you're looking to stock up your bookshelf on all things DevOps then you can't go wrong with this list of the Top DevOps Reading List.

Filed under: devops

Changing Org Structures for the Sake of DevOps?

As it has been said many times: DevOps is not a technical problem, it is a business problem. The struggle for a large, entrenched Enterprise IT shops can't be underestimated and the legacy factor has to be dealt with (aka. why fix something that isn't broken). However, there is mounting evidence to suggest that independent, discrete teams are in fact becoming more common in these large Enterprises. While the fully-embedded model (sometimes called NoOps because there is no visible/distinct Ops team) that the unicorns have deployed work for them, a more discrete team to learn how to 'do DevOps' makes a lot of sense for the larger Enterprise.

Filed under: culture, devops, enterprise

DevOps Buzzword Bingo

For those of you who follow us more regularly here at UpGuard, you're preconditioned to know that we have a wicked sense of humor and love to have a good time. This week anoints ChefConf as the center of the DevOps universe as it brings together the who's who of thought leaders and practitioners. We thought it might be fun to play a friendly game of DevOps Buzzword Bingo during the event to entertain those in attendance and keep you on the edge of your seat waiting to fill out your card.

Filed under: #ChefConf, chef, devops

Q&A with Mike Kavis on Enterprise DevOps and Driving Organizational Change

I recently had the opportunity to sit down with Mike Kavis (@madgreek65), VP/Principal Architect at Cloud Technology Partners, in preparation for a webcast we’re hosting next week and asked him a few questions. He was kind enough to entertain my line of questioning and provide some of his thoughts. If you don’t know Mike, you should, but here is what you need to know...

Filed under: devops, enterprise

5 Dysfunctions of a DevOps Team: Avoidance of Accountability

This is the fourth in a series of posts around DevOps culture and lessons learned from Patrick Lencioni’s leadership book The Five Dysfunctions of a Team - A Leadership Fable.

Filed under: devops

DevOps Pushes Agile to IT's Limits

Many large enterprises over the last decade made a deliberate shift to an agile development process as a response to the ever-changing demands of the business. One key tenet of the agile development process is to deliver working software in smaller and more frequent increments, as opposed to the the “big bang” approach of the waterfall method. This is most evident in the agile goal of having potentially shippable features at the end of each sprint.

Filed under: Agile, devops

DevOps Stats for Doubters

If you do not feel you have a good handle on all the ways DevOps can benefit your enterprise and bring positive return on investment, you are not alone. While the concept of DevOps dates far back to 2009 (prehistoric times in our world!), the evolution and implementation of the procedures and tools that facilitate its use are still evolving. As has been discussed countless times - DevOps is not something you buy, it is something you do. And in order to 'do DevOps' you need to connect it to your business in a meaningful way to ensure long-term success. But let's pretend for a moment (shouldn't be hard to imagine) that your non-technical resources / upper-level management is holding out on making any changes that bring you closer to the DevOps principles of collaboration, culture and communication. How do you get them to invest in DevOps in your enterprise?

Filed under: devops

DevOps Pioneer joins UpGuard Advisory Board

The UpGuard team is thrilled to announce the addition of Kevin Behr (@kevinbehr) to UpGuard's advisory board. You may know Kevin from his pioneering work he and Gene Kim (@RealGeneKim) have collaborated on over the last decade. Behr has over 25 years of experience in business management, technology and thought leadership as a Chief Information Officer, Chief Technology Officer, and Chief Operations Officer. In addition to his leadership roles in public and private companies, Behr also co-founded the IT Process Institute with Gene Kim, and served as its President for the first five years. Behr is the author of five renowned books, most noteworthy as the co-author of The Visible Ops Handbook and The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win.

Filed under: phoenix project, devops

What DevOps can learn from Mainframe Developers

I have a confession to make. My first job in IT wasn't as a rails developer in a hot startup. It wasn't managing cloud infrastructure. It didn't involve cool open source projects or cutting edge technology. Quite the opposite in fact. My first job was a graduate trainee analyst programmer at an Australian Funds Manager. What was I trained on? ADABAS NATURAL. Yep, I was a mainframe developer. 

Filed under: devops

5 Dysfunctions of a DevOps Team: Lack of Commitment

This is the third in a series of posts around DevOps culture and lessons learned from Patrick Lencioni’s leadership book The Five Dysfunctions of a Team - A Leadership Fable.

Filed under: devops

Enterprise DevOps & the Cloud

There has been plenty of discussion as of late regarding whether the DevOps movement has left the “enterprise” behind, plus where automation and the cloud fits in DevOps. There is more and more evidence that automation creates less collaboration and shows signs of a turf war between the chasm of tools that are needed to ‘do DevOps’. In the spirit of trying to address and debunk some of these myths, we asked Kevin Behr, the co-author of The Phoenix Project: A Novel and the VisibleOps Handbook to join us in a discussion about some of the trends plaguing enterprise IT as they struggling to align legacy IT infrastructure to business goals while becoming more agile.

Filed under: IT automation, cloud, devops, enterprise

Zero Sum DevOps - IT Automation as a Collaboration Killer

Anyone who has been following what we're doing at UpGuard knows that we like to keep things simple. With this in mind, we like to look at DevOps through the lenses of Collaboration and Automation. Almost all vendors in this space focus on the latter. Why is this? Well, automation tool vendors do it by definition. In reality the collaboration angle is avoided by vendors because it is hard. If you're looking to the market for assistance in "doing" DevOps then you'll be drowning in offers for help with automation. Help with collaboration? Not so much.

Filed under: IT automation, devops

You're Doing DevOps Wrong. Automation in the Enterprise.

Automation. If you're somewhere on the DevOps spectrum then it's surely good for what ails ya. The answer to all your problems. For many it defines their DevOps journey, its destination representing the promised land of stable environments, consistent builds and silent pagers. 

Filed under: IT automation, devops, enterprise

PowerShell Desired State Configuration (DSC) with UpGuard

Going from nothing to automation using one of the many tools available can be a daunting task. How can you automate systems when you’re not even 100% sure how they’ve been configured? The documentation is months out of date and the last guy to configure anything on that box has since left the company to ply his trade somewhere that will more fully appreciate his Ops cowboy routine.

Filed under: guardrail, dsc, desired configuration state, devops, powershell, Windows

Liquifying your Infrastructure with UpGuard and Docker Containers

One of the easiest ways to build applications programmatically into containers through Docker is to use a Dockerfile. Dockerfiles are the Makefiles of the Docker world. A ton of blog posts and tutorials have sprung up over the last few months about how to set up Docker, or how to set up a LAMP stack and even a LEMP stack in Docker.

Filed under: devops, docker, upguard, lamp

5 Dysfunctions of a DevOps Team: Fear of Conflict

This is the second in a series of posts around DevOps culture and lessons learned from Patrick Lencioni’s leadership book The Five Dysfunctions of a Team - A Leadership Fable.

Filed under: devops

10 Things I Hate About DevOps

DevOps and I sort of have a love/hate relationship. DevOps is near and dear to our heart here at UpGuard and there are plenty of things that I love about it. Love it or hate it, there is little doubt that it is here to stay. I've enjoyed a great deal of success thanks to agile software development and DevOps methods, but here are 10 things I hate about DevOps!

Filed under: devops

5 Dysfunctions of a DevOps Team: Absence of Trust

DevOps is a human problem and a leadership problem. Building a DevOps culture requires more than giving developers root, installing a configuration management tool, using a source code repository, and proclaiming ‘yes, we’re a DevOps shop.” At the end of the day all aspects of the people, process, technology continuums get impacted by DevOps. However, there is little doubt that the people aspect has the most to gain (and the biggest challenges) for anyone who is considering, or already on, the journey to becoming a DevOps ninja.

Filed under: devops

10 Things I Love About DevOps

It is no secret that we here at UpGuard love DevOps and we're not ashamed of it. I know that opinions vary as to what exactly DevOps is or isn't, but the more important part of the movement is whether we as individuals want to push the limits of what we thought was impossible only just a few years ago. We've been 'doing DevOps' for some time and have a cautionary tale to tell as well, but we believe that DevOps can be transformational for IT enterprises and advocate for organizations to activate DevOps in their businesses. I know how we all love lists, so here is my Top 10 Things I Love About DevOps:

Filed under: devops

DevOps and Kanban - Match Made in Heaven

I always love going into those meeting rooms where there are different color post-it notes all over the room that looks like a 3M sales rep threw up everywhere. For the longest time I just considered it one of those strange things R&D did. Then one day I was extremely early for a meeting and actually got to spend some time studying what was cluttered all over the glass wall and I began to realize there was a definite method to the madness. This Kanban board concept wasn't just for the engineers, it was for everyone to see where work was being performed and its status. I loved the visual nature of it, and the fact that I could get accurate information without reading release notes or technical requirements documents was refreshing.

Filed under: devops

Gmail outage reminds us that IT automation is not enough

So you do a bit of IT automation. Maybe you throw in some functional testing for that IT automation too. You have monitoring. You have a top notch engineering team. You're doing enough then, right? Nothing could go wrong?

Filed under: configuration management, devops

DevOps: Quantity over Quality

My mom used to tell me 'quality over quantity' back in high school when I was dating girls. Of course that meant that I completely ignored her and would date a girl if she was breathing. What in the hell would you expect an awkward 17 year old boy to do?! I've heard that same sentence used in lots of other ways too: when writing, when speaking, when eating, when working out, and so on. What does that have to do with DevOps? As I continue on my journey through the DevOps movement, it seems to me that we have a bit of a conflict here - the goal is to release at a higher velocity (quantity) with well tested code (quality). Is this really possible? I know that some of the 'high-performers' like Amazon, Etsy, Flickr and Netflix are proving that it can be accomplished, but I keep wondering if slowing down can actually help us deliver more extraordinary things.

Filed under: devops

DevOps vs. Bitcoin - Which is More Polarizing?!

We've all been hearing a lot of chatter in the media, in tech-geek circles and everywhere else you go in your daily life about Bitcoin. There was a really interesting OpEd piece in the NY Times yesterday from Marc Andreessen entitled Why Bitcoin Matters that essentially anoints Bitcoin as the greatest invention since the wheel. If you still are not clear as to what Bitcoin is, I would highly suggest watching this video that does an effective job of describing it. So if Bitcoin is the greatest invention of all time, why is it so hard for everyone to understand it, why does it have different definitions depending on who is talking, and why in the hell don't I own any?!

Filed under: devops

Don't put security in DevOps, turn DevOps into security

I've been thinking a lot lately about the intersection of DevOps and Information Security. I'm definitely not the first to have considered the implications, but I am undoubtedly a complete cynic when it comes to InfoSec and how it can align itself to the DevOps movement. Why am I cynic you may ask? Well, I spent almost 10 years in the security/governance arena interacting with CISOs and their teams trying to help them 'reduce risk' and 'pass audits', but I've watched countless organizations fail miserably. What is the main reason why? Because the business fails to see the value of security and doesn't understand it. Better said - the business invests in what the business understands.

Filed under: security, devops

Getting Big Fast: DevOps Lessons Learned from the Dropbox Outage

You may have already heard (or experienced) that Dropbox suffered an outage late last week that took the popular file-sharing service offline for 2.5 hours with some services being out the entire weekend. It was recently reported by Dropbox on their blog that they were trying to upgrade some servers' operating systems Friday evening in "a routine maintenance episode" when a buggy script caused some of the updates to be applied to production servers, a move that resulted in the maintenance effort being anything but routine.

Filed under: devops

Achieving Your DevOps Zen State

Many of the darlings of the technology universe have adopted DevOps as their approach, are pushing boundaries once thought untouchable and realizing tangible business benefits as a result. The 2012 State of DevOps Report states that high-performing DevOps shops can ship code 30x faster with 50% fewer failures.

Filed under: devops

DevOps Conferences Reference Site

Interested in attending an upcoming DevOps conference? This is a good reference.

Filed under: devops

4 Steps To Make Your DevOps Initiative Successful [infographic]

We all know that DevOps is the glimmer in our executive's eye, the savior that will solve world hunger, and the most important thing to happen since the wheel was invented. But all joking aside, there is little doubt of the business benefits it can bring to organizations big & small. So now what?! You've decided (or been told) that DevOps is critical to your 2014 success, but where do you start and what are the foundational elements you must work through before claiming victory? Here are 4 prerequisites for DevOps success that you can use as your blueprint to making sure you achieve your business objectives.

Filed under: devops

State of DevOps: InformationWeek Nails It

Michael Davis over at InformationWeek just wrote a compelling article on DevOps and some of the mixed results that people are understandably getting into. There are a number of very interesting results that he shares as part of their DevOps survey including:

Filed under: devops

2013 DevOps Year in Review

Wow! 2013 is over, done, kaput. It's hard to believe. Time flies when you're having fun (or building a business). Now is the time to look back though and reflect on what 2013 meant for DevOps, myself and UpGuard. This post will by no means be exhaustive. It's written through my eyes and based on my experience, and my head has been down working for large chunks of the year. I'll add an additional warning that it will be a little tongue in cheek. I make no apologies for that ;)

Filed under: devops

Comparing Containers and Generating Dockerfiles with UpGuard

Tonight I gave a talk on comparing containers and generating Dockerfiles. Instead of providing the slides, which are pretty lame by themselves, I thought I'd write up the talk in a proper context. UpGuard has a number of use cases, one of which highlighted for the talk was migrating the configuration of environments from one location to another. Traditionally we have helped some of our customers scan their configuration state and generate executable tests based on those configuration items as well as allow scanned configuration from multiple machines to be compared.

Filed under: guardrail, devops, docker

DevOps vs The Enterprise [video]


A tongue in cheek look at the history of DevOps and the Enterprise.

Filed under: devops, enterprise

It's Time We Talked About DevOps

There's a certain something in the air within the DevOps community right now. The movement is, to a certain extent, becoming a victim of its own success. For where there is buzz in tech, there is money. And where there is money, there are recruiters, there is marketing, there are misinformed and over-simplified tech articles and, let's face it, there are carpetbaggers galore.

Filed under: devops

If the Phoenix Project had UpGuard

At UpGuard we've got many decades of experience in large enterprises and are very familiar with the sorts of problems that arise in those sorts of environments. Even for those who have lived through it though, it can be hard to explain to people who haven't. That's why we require all our new employees to read The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win by Gene Kim, Kevin Behr and George Spafford. It does a great - and surprisingly entertaining - job of describing these issues. It also explains how the lessons learnt from years of Lean Manufacturing apply directly to IT. We know that no tool is a silver bullet, but if the employees at Parts Unlimited had UpGuard then it may have been an entirely different story. I've chosen some key excerpts from the book so that we could see how things may have been different.

Filed under: guardrail, phoenix project, devops

What does QA Mean for DevOps?

What is Quality Assurance? Well in time honoured fashion I shall quote directly from wikipedia:

Quality assurance (QA) refers to the engineering activities implemented in a quality system so that requirements for a product or service will be fulfilled

What does this mean for DevOps though? Well the end product is the software or application being provided so most people focus on its requirements when talking QA and DevOps.

Filed under: devops

Top 6 Resources for ITSM Professionals

Information Technology Service Management (ITSM) may not have the sex appeal of Agile or the buzz of DevOps, but it lays a crucial foundation for each within the Enterprise today. So, whether you consider it a necessary evil or the only way to run your IT department, here are a few resources that may come in handy.

Filed under: Agile, devops, ITIL

Is the DevOps Movement Leaving the Enterprise Behind?

When I attended the DevOpsDays event in Mountain View (well, Santa Clara really) a couple of months ago I started writing a blog post on my impressions. I was a bit distracted at the time though after having had a minor twitter spat with a well known DevOps proponent on the first morning. I won't go into any detail here other than to say that it was sparked after I made a comment that I felt "DevOps" vendors need to be doing more to ease the transition for large Enterprises.

Filed under: devops, enterprise

6 DevOps Myths to Avoid

We are very excited about the growth of DevOps. But as adoption rises, there will be varying perceptions about DevOps. Seeing it already happening, it’s important that we clear out any myths about DevOps before they become reality.

Filed under: IT automation, configuration, devops, enterprise

DevOps Lessons for CIOs

There is no doubt that the DevOps movement has gone mainstream. When even IBM and HP are dedicating sites to it there is no longer any question. If we were to place it on the Gartner Hype Cycle even the most devoted proponents would have to admit that it’s rapidly approaching the “Peak of Inflated Expectations”. What does this mean for you as a CIO? Should you steer clear of the movement entirely until things calm down a bit? Not at all. Should you be cautious in your approach to “implementing” DevOps though? Absolutely.

Filed under: ebook, devops, CIO

The Adventures of DevOps Dave - Don't Believe the Hype

Filed under: devops, DevOps Dave

Misconfigurations: The Hidden IT Project Killer

There's a hidden killer lurking below the surface of every Enterprise IT project. No, it's not Kevin, that sysadmin who spends a disturbing amount of time in the bathroom each day. It's not even that 400 page requirements document, although from a conservationist's point of view the PM's insistence on reprinting it every few days can't be doing the world too much good. So what is it? Well, let me give you a clue:

Filed under: configuration, devops, misconfiguration

The Adventures of DevOps Dave: Declaring Success in Enterprise DevOps

Filed under: devops, DevOps Dave

ITIL Guide to DevOps - eBook

You're never safe in Enterprise IT. Just when you feel you've gotten a handle on the last hot topic you're hit with another. SOA, BPM, Agile, ITIL; You feel like screaming "Enough!" but you know resistance is futile. Gartner have said it's important so you know full well that you'll be asked to "do" it by management.

Filed under: ebook, devops, ITIL

The Adventures of DevOps Dave: The DevOps Team

Filed under: devops, DevOps Dave

Weekly Recap - Google I/O, the Expanding Cloud, Configuring CERN, and More

After taking a week off, the weekly updates are back! Here's some of the news that interested us over the past week:

Filed under: google, puppet, cloud, devops

5 Tools to Aid DevOps

Converging IT development and operations into DevOps have come a long way, and yet, the two should have grown together like Siamese twins. Developers need sysadmins as much as sysadmins need developers. Collaboration is the way winning software and infrastructure are built. And that's all the market wants: effective systems with which to run businesses. DevOps can claim substantial ground today, thanks to the persistence of players from both sides of the sysadmin-developer divide. While the segment is still evolving, various tools have been developed to help the Devs and the Ops collaborate more effectively.

Filed under: ALM, devops, SDN

The Cloud and DevOps

I recently came across this article about DevOps. I’ve seen a lot of “DevOps explained” articles and blog posts, but this one stood out to me, both because it was well-written and because it made me think more about why DevOps is important to cloud computing.

Filed under: cloud, devops, Software Defined Networking, SDN

Weekly Recap - #ChefConf, Security, Cloud, and More

Conference season continues this week, notably with Opscode's #ChefConf in San Francisco (which is going on as I'm typing this up). Here's the latest from #ChefConf and other IT news that interested us this week.

Filed under: #ChefConf, chef, devops, Cloud Computing

DevOps and Test Automation

Since a key aspect of DevOps is to ensure that deployments are made continuously, as well as effectively, the need to for having tests in place is pretty obvious – untested and faulty code has the potential to mitigate the benefits of DevOps.

Filed under: devops, deployment testing, test automation

5 Important Skills for Automation Experts to Have

IT testing automation is an important concern of businesses, and a growing field in which IT professionals are able to make a name for themselves. If you are not already involved in automated IT testing, here are a few of the most important skills to have when holding an automation related position.

Filed under: IT automation, chef, configuration management, puppet, devops, ITIL

Weekly Recap - Devopsdays London, the Woz, Open Networking Summit, and More

With Devopsdays London recently concluded and the Open Networking Summit having just wrapped up, here's some of IT news that interested us this week.

Filed under: devops, NASA

Weekly Recap – Cloud Computing, SDN, DevOps, and More

Here’s some of the news we came across that interested us this week

The Open DayLight Project – A pretty big development for Software-Defined Networking:

Filed under: configuration management, cloud, devops, SDN

10 Sample DevOps Interview Questions

You finally got that interview for an awesome DevOps Engineering Job with Company X, congratulations! Company X is pretty smart (or at least, hopefully) for realizing they need a “DevOps guy” (or gal).

Filed under: devops, interview

Techno Arms Dealers & High Frequency Traders

Today represents the hottest time to be in financial markets - nanosecond response times, the ability to affect global markets in real time, and lucrative spot deals in dark pools being all the rage. For companies who do business in these times, it is a technical arms race, worthy of a Reagan era analogy.

Filed under: ALM, High Frequency Trading, SDLC, configuration management, devops, HFT

Introducing DevOps where ITIL rules - The Enterprise

Those of us who haven't worked in the Enterprise probably don't know a lot about ITIL (Information Technology Infrastructure Library). ITIL may even be a source of amusement for them. C'mon, they would say, how much practical use can you get from a methodology that is defined through a set of books that is actually referred to as a "library"?

Filed under: devops, ITIL, enterprise

Where Can I Learn More About DevOps?

In this blog, we're constantly covering and discussing the concept of DevOps. At this point, most folks in departments related to a company's infrastructure (i.e. Developers, System Administrators) have some understanding of this idea. But where do these people learn about this relatively new and young concept?

Filed under: Quora, Intern, Reddit, DZone, devops, LinkedIn

What is DevOps (really)?

DevOps is a concept that has materialized fairly recently, yet is already adored by so many people. Obviously, the fact that it bridges the chasm between software development and operations is pretty exciting, but there seems to be something extra that people love. So without throwing around too many corporate buzzwords (besides “DevOps”, of course), what could that extra something something be?

Filed under: culture, devops

DevOps Dave: Devs and Ops in Trench Warfare

Still fighting the good fight...

Filed under: operations, devops, DevOps Dave

DevOps Dave: Buried in Logs

Back by popular demand!

Filed under: devops, DevOps Dave

Configuration Testing in the Enterprise

Many enterprise network workers are now adopting automation technology as a means of completing operational tasks, and of creating a more efficient environment within an IT enterprise. One of the advantages of adopting IT automation is that it helps to deliver optimal IT management, without the need for any significant capital investment.

Filed under: configuration testing, cloud, devops, Legacy systems, Configuration Drift

DevOps for High Frequency Trading

There are two constants in the world of High Frequency Trading (HFT): massive volumes of data, and the need for programs that process this data and act on it at blistering, fast speeds. These systems change frequently as the needs of the companies using them change and as the rules and regulations of market organizations and governments change. The potential for market instability is a big concern for both companies and regulatory bodies, and major incidents occurring in the market simply due to algorithm errors have put a sharp focus on the quality and performance of HFT software. The DevOps philosophy can provide serious advantages to HFT companies, and this article will take a look at some of the main issues and concerns of the business and summarize it with how DevOps can help.

Filed under: High Frequency Trading, devops, HFT

DevOps Dave: The Adventures of a DevOps Professional in the Enterprise

OK, so I was supposed to be blogging this weekend but I was bored of blogging so I instead decided to combine two things I'm terrible at, illustration and comedy, and do a comic instead. I deserve to be punished for this so please, flame away :)

Filed under: chef, puppet, devops, DevOps Dave, enterprise