Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

[DSC Europe 22] How to enable enterprises for DevSecOps without fighting the silos - Sebastian Kister

Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio

Eche un vistazo a continuación

1 de 17 Anuncio

[DSC Europe 22] How to enable enterprises for DevSecOps without fighting the silos - Sebastian Kister

Descargar para leer sin conexión

We will look at people, processes, and tools and elaborate on a success story on how to create a DevSecOps structure in big enterprises that is structured in silos. This talk will give hands-on strategic input for managers, platform owners, and developers on how to enhance strong business KPIs that overcome silos and plan-build-run organizations bottom-up through tech and culture.

We will look at people, processes, and tools and elaborate on a success story on how to create a DevSecOps structure in big enterprises that is structured in silos. This talk will give hands-on strategic input for managers, platform owners, and developers on how to enhance strong business KPIs that overcome silos and plan-build-run organizations bottom-up through tech and culture.

Anuncio
Anuncio

Más Contenido Relacionado

Más de DataScienceConferenc1 (20)

Anuncio

[DSC Europe 22] How to enable enterprises for DevSecOps without fighting the silos - Sebastian Kister

  1. 1. to reduce friction and boost time-to-market Transformation hands-on – a culture beyond SLA and T&C Sebastian Kister Product Team Lead: Kubernetes Competence Center, AUDI AG DSC Summit, Belgrade 18.11.2022
  2. 2. 2 How might cultural change help us build products that matter and deliver faster?
  3. 3. 3 Our vision: Unleash the beauty of sustainable mobility
  4. 4. 4 #1: Consistently customer We want Audi to become the company with the most satisfied customers. Our mission: We act purposefully, systematically and with our full efforts – in other words, consistently. That is why our mission is „Consistently Audi“
  5. 5. 5 Cloud Journey 2017 2019 2023 2021 2020 2022 Cloud Foundatinos …. Proprietary Kubernetes Adaption on AWS Inner Source Model of Contributions to Kubernetes CNCF Partnership More Cloud Providers Cloud Strategy and GroupIT Alignments 40+ Platforms few standards Platform Agnostic Group Service Integration Openshift 3, Openshift 4, Rancher, KubeADM, Kubika, Cloudfoundry, Mesos, EKS, AKS and many more Platform Mergers Platform EoL Platform Definition Kubernetes Competence Center KUBIKA Another Cloud Provider
  6. 6. 6 Why we enforce a Security First Strategy Attacks on Infrastructure Most attacks are aiming to hijack the many ressources of an enterprise for their own means, e.g. crypto mining. Processual Friction A huge portion that delays the time to market of applications is the processual friction in regard of application and container security. Data Protection Data protection and data loss prevention is a key goal in both infrastructure and application side. Innovation readiness The higher the interface security the more flexible applications can move data between systems thus and innovate without boundaries.
  7. 7. 7 People, Processes, Tools and Priorities Developer Lifecycle Manager / Process Guy Operations Team
  8. 8. 8 People, Processes, Tools and Priorities Developer Lifecycle Manager / Process Guy Operations Team Responsibilities - builds features - builds bug fixes - delivers new software version Best case: - automates pipeline - automates deployment Responsibilities - account inflation at cloud provider - cluster deployment in VPC - namespace provision per project - backup & restore cluster - upgrades cluster - incident management on infrastructure level 2nd and 3rd Lvl - IT Security for clusters and cloud accounts - manage platform services like load balancers, firewalls - provide scanning possibilities for images, runtime etc. - provide logs, monitoring possibilities - provide alerting, policies a.m.m Responsibilities - organise a runtime: app deployment to K8s Endpunkt - Backup & Restore - Manage Version Upgrades - Incident Management: organise 1st Lvl, 2nd Lvl, 3rd Lvl - change management - integrate in process tool landscape for budgets (PRE-Tool) and dependencies (PlanningIT) - organise the IT Security Assessment application side
  9. 9. 9 People, Processes, Tools and Priorities Developer Lifecycle Manager / Process Guy Operations Team Responsibilities - builds features - builds bug fixes - delivers new software version Best case: - automates pipeline - automates deployment Responsibilities - account inflation at cloud provider - cluster deployment in VPC - namespace provision per project - backup & restore cluster - upgrades cluster - incident management on infrastructure level 2nd and 3rd Lvl - IT Security for clusters and cloud accounts - manage platform services like load balancers, firewalls - provide scanning possibilities for images, runtime etc. - provide logs, monitoring possibilities - provide alerting, policies a.m.m Responsibilities - organise a runtime: app deployment to K8s Endpunkt - Backup & Restore - Manage Version Upgrades - Incident Management: organise 1st Lvl, 2nd Lvl, 3rd Lvl - change management - integrate in process tool landscape for budgets (PRE-Tool) and dependencies (PlanningIT) - organise the IT Security Assessment application side Processes Hand Over Specificat. Hand Over Specificat.
  10. 10. 10 People, Processes, Tools and Priorities Developer Lifecycle Manager / Process Guy Operations Team Responsibilities - builds features - builds bug fixes - delivers new software version Best case: - automates pipeline - automates deployment Responsibilities - account inflation at cloud provider - cluster deployment in VPC - namespace provision per project - backup & restore cluster - upgrades cluster - incident management on infrastructure level 2nd and 3rd Lvl - IT Security for clusters and cloud accounts - manage platform services like load balancers, firewalls - provide scanning possibilities for images, runtime etc. - provide logs, monitoring possibilities - provide alerting, policies a.m.m Responsibilities - organise a runtime: app deployment to K8s Endpunkt - Backup & Restore - Manage Version Upgrades - Incident Management: organise 1st Lvl, 2nd Lvl, 3rd Lvl - change management - integrate in process tool landscape for budgets (PRE-Tool) and dependencies (PlanningIT) - organise the IT Security Assessment application side Processes Hand Over Specificat. Hand Over Specificat. Continuous Integration Platforms Process Management Tools Platform Tools AQUA AQUA NGINX … …
  11. 11. 11 People, Processes, Tools and Priorities Developer Lifecycle Manager / Process Guy Operations Team Responsibilities - builds features - builds bug fixes - delivers new software version Best case: - automates pipeline - automates deployment Responsibilities - account inflation at cloud provider - cluster deployment in VPC - namespace provision per project - backup & restore cluster - upgrades cluster - incident management on infrastructure level 2nd and 3rd Lvl - IT Security for clusters and cloud accounts - manage platform services like load balancers, firewalls - provide scanning possibilities for images, runtime etc. - provide logs, monitoring possibilities - provide alerting, policies a.m.m Responsibilities - organise a runtime: app deployment to K8s Endpunkt - Backup & Restore - Manage Version Upgrades - Incident Management: organise 1st Lvl, 2nd Lvl, 3rd Lvl - change management - integrate in process tool landscape for budgets (PRE-Tool) and dependencies (PlanningIT) - organise the IT Security Assessment application side Processes Continuous Integration Platforms Process Management Tools Platform Tools AQUA AQUA NGINX … …
  12. 12. 12 People, Processes, Tools and Priorities Developer Lifecycle Manager / Process Guy Operations Team Responsibilities - builds features - builds bug fixes - delivers new software version Best case: - automates pipeline - automates deployment Responsibilities - account inflation at cloud provider - cluster deployment in VPC - namespace provision per project - backup & restore cluster - upgrades cluster - incident management on infrastructure level 2nd and 3rd Lvl - IT Security for clusters and cloud accounts - manage platform services like load balancers, firewalls - provide scanning possibilities for images, runtime etc. - provide logs, monitoring possibilities - provide alerting, policies a.m.m Responsibilities - organise a runtime: app deployment to K8s Endpunkt - Backup & Restore - Manage Version Upgrades - Incident Management: organise 1st Lvl, 2nd Lvl, 3rd Lvl - change management - integrate in process tool landscape for budgets (PRE-Tool) and dependencies (PlanningIT) - organise the IT Security Assessment application side Processes Continuous Integration Platforms Process Management Tools Platform Tools AQUA AQUA NGINX OCP OCP Automation Enablement
  13. 13. 13 It‘s all about passionate people and being there for your users Passionate People Strong (Open Source) Community Customer Success Management = Happy Users Great Products (Security First)
  14. 14. 14 It‘s all about passionate people and being there for your users Passionate People Strong (Open Source) Community Customer Success Management = Happy Users Great Products (Security First)
  15. 15. 15 It‘s all about passionate people and being there for your users Passionate People Strong (Open Source) Community Customer Success Management = Happy Users Great Products (Security First)
  16. 16. 16 Transformation is not always the best way to create results responsibility competence
  17. 17. Thank you sebastian.kister@audi.de linkedin.com/in/sebastian.kister Kubernetes Competence Center CNCF Partnership Contact

Notas del editor

  • My name is Sebastian Kister, I‘ve been a musician, a teacher, an author and most of all a product lead in start ups for more than 10 years. Before Audi I led an IP Television app ecosystem from the first customer to 1,25 million customers only in Germany. At Audi I currently lead the Kubernetes Competence Center and the partnership with the cloud native computing foundation as well as having pushed to introduce the process to open source Audi intellectual property; thus Audi employees are being able to contribute to open source projects as well. I always fight the status quo, push the boundaries and battle comfort zones. As evangelist for enterprise transformation I do focus on people first actually.
  • For decades Audi built breathtaking premium vehicles.
    Our goal is to transfer this customer excitement and satisfaction to our digital service portfolio.
    But how do we achieve this goal coming from 3-5 year product cycles in the classical car engineering ecosystem, entering a world of high speed disruptive innovation and fast changing customer expectations?
  • The entire automotive industry is part of radical change. e-mobility, autonomous driving and sustainability to fight the climate change are significant game changers.
    The Audi Group is in the process of redefining itself for the future and playing an instrumental role in shaping the transformation as we head into a new age of mobility.
    Unleash the beauty of sustainable mobility in the context of our session means what we defined in our first and most important goal 'Consistently customer':

  • That means for us:
    We want to be the most progressive premium brand with the best customer experience and fascinating customer-relevant innovations.
    In today’s world, the capability to adapt quickly to new things has evolved to become a core competence. That applies to people as well as to companies. A high degree of flexibility is important for companies to participate in defining the speed at which new technologies are developed, and thus stay a step ahead of the competition.
  • Our journey to the cloud started 2017 and created a wild growth of platforms in the many business units and companies of the Audi Group peaking with more than 40 platforms in 2020. The following year our team succeeded to create a complementary portfolio with the VW Group ranging from bare metal and public cloud infrastructure on Openshift 4 as well as cloud native control planes EKS and AKS. Out of one of those teams we‘ve created the Kubernetes Competence Center to have a couple of people focussing on reducing something that I call the „responsibility competence gap“. I will focus more on that in keynotes later this year.
  • The importance of security first strategies lies in the most obvious data protection and to prevent hijacking of our infrastructure. Maybe not as obvious is that we see secure platforms as a driver of innovation and a minimizer of processual friction that would otherwise delay time to market tremendously. Both are business goals and thus create value add.
  • To further elaborate on that, let me tell you about our people, processes and tools.
  • Our developers build software. Internally we have Lifecycle Managers who orchestrate the processes and pay out the external development teams. At the other end is the runtime located where the software should run which the developers previously build. This favours creating silos.
  • Looking at the processes there is no real end2end responsibility, we face two major friction walls that can loop endlessly in the infamous ticket bonanza between the silos.
  • Tools already make the hand overs easier through automated security for example. Aqua can also be used by software suppliers to pre-scan their containers before they deliver the container to the company and the infrastructure.
  • But to really eliminate the friction walls we need to leverage the benefits of end2end responsibility even if there is no real end2end responsibility by contracts or absolute power. I call it a culture beyond SLAs and T&Cs.
    If it‘s not us in the runtime, in fact one END of the end2end responsibility, then who can do it. We go all the way to the developer and enable them to use our tools and to automate everything so we receive secure and approvable containers.
  • This leaves us with the necessity of teaching security and security tools to our customers projects but that scales way better than the friction walls did before. That way the projects can almost auto-deliver literally anything into the clusters once they have been enabled. So their 2nd 3rd and 4th project has a time to market of literally a couple of days instead of months. We force them into having success and that makes them happy in the end.
  • So now we have happy users and successful customers. Do that 20 times and you receive what?
  • Exactly, we can build communities with them. Which again scale much better than your ticket bonanza that you were used to previously. Throw a message in the platform slack channel and somebody will be there and help because they are either interested in the problem themselves or they have already solved it in their project. We got passionate people all over the place, successful and happy users sharing their knowledge cross project, cross brand, cross enterprise in communities and as we all know… passionate people in the end are building again…
  • Great products.
  • Competence is the ability and willingness to perform something
  • To further elaborate on that, let me tell you about our people, processes and tools.

×