Skip to main content

Posts

Showing posts from 2017

Death to Security Audits and Long Live Compliance

My idea security situation is one that never needs an audit.  It should be proactive and not let you hurt your self or require you follow a "Policy".  The future, especially in cloud environment, should be solutions like Chef Compliance and Dome 9 Security .  I am not saying these solutions are the ones you should pick but they are the ones that in body the principles you should have.  Your environment should be one that never gets audited.   It only tests your security controls.  Even the test could be automated, so that you can prove your compliance is in place and your new admin can't open port 3389 on your firewall or grant god permissions to accounts in your environments. "This will never be us!!"  I hope you don't think this.  As I have said many times, this is a journey of continuous improvement.  Find ways to meet compliance through automation and prevention.

Tired of DevOps

DevOps needs to go away.  It is lasting longer than I thought and that is bad.  DevOps is the way IT should just be, successful IT.  DevOps is like saying we should be good people and care for each other.   It is just something we all know we should do but some do it great and others are bad at it.  IT should just be better by automate everything, have empathy and continuous improvement.  I am pationate about this because DevOps is associated with app dev and ops but all IT should be run this way.   So yes, DevOps should die and IT should just get its act together and be successful.