In this period business demands rapidity in response time.
Edited by Enrico Mingardo, Portfolio & Alliance Manager of Kirey Group
The spread of technologies based on the container world grows continuously with the digital transformation and the adoption of distributed environments with hybrid and multi-cloud architectures.
The reasons are clear: containers accelerate the distribution of applications and facilitate the collaboration of teams, without creating obstacles in the presence of different deployment environments.
Containerization is an enabling element for the adoption of microservices and methodologies such as DevSecOps. DevSecOps has gained over the years growing popularity to combine existing applications with the most modern infrastructures and native cloud apps.
Our customers are increasingly engaged in a phase of bottom-up or top-down experimentation. We help them to understand how to get the best from containerization technologies, microservices and, DevOps. And also to understand what impact these technologies will have on their organization and modus operandi, to create new quality services for production.
Cultural change
DevSecOps remains primarily a cultural approach that involves a complete review of the way services and applications are implemented, monitored, and exercised by all actors in the supply chain: from developers, from security or operations to overseeing that everything in production is delivered correctly.
Those results in a substantial change also in the business processes and the composition of the work teams, which are organized in a different way to be able to create new applications and services. Today it is increasingly necessary that within the work teams, which in the past were separated by specialized silos, there are new skills that are transversal to the entire team. These skills, from security to development, up to operations, sometimes are obtained by involving external subjects, other times learned through continuing training.
Discover more ➡ DevSecOps: security is an integral part of application development
DevOps top-down o bottom-up?
The adoption of DevSecOps by our customers is taking place in two very different ways. Bottom-up, through a field trial, guaranteed nimble and obvious benefits, with the creation of test environments in a few minutes compared to the weeks that it needed in the past. Top-down, instead, starting from the creation of a sort of Internal "innovation hub" and the definition of guidelines that the corporate then shares in the organization.
Kirey Group has followed the customers in both these paths that present advantages and difficulties. When the initiative is born bottom-up, the main complications arise from the organizational point of view. There is a need to govern these very dynamic environments and to be accompanied by a consultant who has the correct expertise.
When initiatives are born top-down, the aspects related to integration with the existing IT are fundamental. Often the need is to use managed services, to have a service available 24 hours a day, even for business-critical applications, and to make use of specific skills from partners who also have an in-depth knowledge of the technologies already adopted by the organization.
These partners also help the organization to expose the entire architecture of microservices in a controlled and resilient way.
In the case of top-down adoption, therefore, the question is no longer how to facilitate adoption but how to achieve the best integration through a trusted partnership.
Service mesh, a trend of increasing importance
In this period, the changes happen quickly, and the business demands rapidity in response time. Therefore, we need tools to facilitate and govern continuous digital transformation. In the field of DevSecOps, one of the key themes is the Service Mesh, which can be considered as a new infrastructure layer that allows the decoupling between applications/services and networks.
The service mesh offers the possibility to increase security and to govern all communications between microservices, today also between multicluster-multi cloud communications. Besides, it allows advanced management of application deployments (blue/green, canary, A/B testing) and the ability to enable observability for all microservices, without leaving dark areas, with uniform metrics and logic.
Finally, the Service Mesh allows you to create lighter code and free from networking logic built ad hoc.
The added value of this type of tool is to allow a continuous, controlled, and secure Digital Transformation. The Service Mesh offers advanced features integrating perfectly with other components such as the API Gateway, Ingress controller, Edge Proxy".
Read more about this ➡ Incontro Devops Italia 2020: Kirey Group sponsor at the Online Event
Towards a 2021 DevSecOps
Today it is hard to say what the market will be like in the coming months, but we can say with certainty that the focus on cost reduction will be more significant than in the past. In this context, the cloud will be increasingly used in all its forms for hybrid architectures on-prem or multi-cloud.
Very often, in the past, we have seen customers implement customized governance solutions in a "self-made" perspective. In recent months, the market has shown us new and enabling solutions, which also require less time spent in maintenance - management solutions designed in a multi-cloud and hybrid perspective.
Surely it will be important to consider their evolution. I can say with certainty that in the future we will deal with complex governance and with architectures that sometimes, as in the insurance sector, will easily reach the Edge.
Such a scenario will demand a partner with competencies in container development, security, management, and monitoring.
Kirey Group has recently created a specific offer line dedicated to DevSecOps to share the strong transversal skills held in the field of security, development, and operations. Kirey Group steadily collaborates with the main vendors in the DevSecOps field to support their customers - especially in the financial and insurance sector - in addressing the next challenges of transformation and getting the most of the opportunities that new technologies will offer them.