Using Cloud Automation to Destroy Command-and-Control Bureaucracy (and Free Your Engineers)
Set your engineers free from the worry and time drain of constantly monitoring the security of their code so they can freely innovate.
Join the DZone community and get the full member experience.Join For Free
Enterprise IT is a wild and complex beast. There a million different things that can go wrong.
In the face of the constant threat of bugs, security vulnerabilities, and simple human error, the traditional enterprise reacted by fiercely locking down what engineers can do. A direct consequence of this command-and-control framework is the slow, enervating bureaucracy that stifles enterprise innovation.
This has historically been justified by the seeming opposition of security and innovation in the software development world: you can either go fast, or go safely. Not both!
But this framework emerged before the advent of cloud, when the traditional data center approach was centered around an assortment of manual workflow processes. The cloud brings with it a much broader potential for automation, opening possibilities for a new framework that provides development teams with an environment that meets critical security standards automatically. Security becomes part of the software development process, rather than an awkward addendum.
The key point is this: using cloud automation, rather than controlling what engineers do, you can control the impact of what engineers do.
The command-and-control framework can then be abandoned, leaving the engineers free to play and innovate, without risking bugs, security vulnerabilities, and human error.
How Cloud Automation Creates Secure, Stable Environments
The cloud has created the foundation for a flexible, automatable software development model. Not only has it provided a platform that fosters innovation, but it has also enabled organizations to rapidly transform their business models. With cloud services, enterprises have the freedom to take a diverse set of services and link them together to form innovative solutions, applications, and business processes.
When you deploy in the cloud, the only kind of infrastructure that you can come in contact with is code. It is typically all scriptable, and access to the API is part of the package. Full automation in such an environment is more natural than manual configuration and hands-on control.
By creating Infrastructure-as-Code templates, you can define your security posture and any compliance requirements in a human- and machine-readable language. Configurations can then be automatically deployed, tested, monitored and reported on across your entire IT estate.
Once you have defined your "ideal state" for infrastructure, "copy-and-paste" automated monitoring systems ensure that any infrastructure that diverges from this can be identified and either be repaired or killed and spun up again.
Going from patching machines manually to patching your entire estate automatically at the push of a button with pre-baked scripts, for example, is like moving onto a different plane of effectiveness altogether. And it works at all points in the SDLC: during development (preventing known issues) or in production (reacting to emerging issues).
In this way, the necessary controls can be baked into your software delivery pipeline to ensure the security and productivity of your entire software delivery process.
A PlayPen for Engineers
Put a kid in a playpen and it can do what it wants! You know that safe limits have been set, removing the need to constantly monitor the child.
Equally, as engineers and developers are no longer bound by manual workflow processes to get their solutions deployed, they can move fast while staying secure.
You control the parameters of the playpen, so the engineers can get on with their work without needing to be controlled or audited. Stifling bureaucracy is then much diminished, giving them the autonomy and freedom they need to do good work.
Automation is the Key to Innovation in a Cloud-First World
Even though security and innovation may be opposing forces in traditional IT, they co-exist and complement each other in a cloud-first world.
By introducing a high level of automation, you can give your engineering and development teams the freedom to experiment and innovate. In addition to providing a safe environment for your development teams, automation also offers other business benefits. It increases efficiency, gives you the ability to deploy standardized configurations, and quickly provision resources on demand.
When a million things can go wrong, it’s paradoxically more important than ever that you can just trust your engineers to get on with things. Automation is a necessary part of creating a playpen for them to innovate!
Opinions expressed by DZone contributors are their own.