4 questions to ask before launching a data protection strategy

Eric Vanderburg

The process of making sure your business is prepared to protect its data from ransomware and other disasters depends largely on the characteristics of your specific computing environment, such as the type of data you have and how it is stored. To begin the process of implementing or optimizing a data protection plan, you need to gain a full understanding of how data is used within your organization and what needs to be protected the most. Start by asking yourself these four questions:

1. What data do I have?
The first thing to do is take an audit of the different types of data you have. For example, you might have marketing materials, financial records, employee information, customer information, operational data, strategic business information and analyst reports. Gaining a full understanding of the organization’s data landscape will help you prioritize what needs to be protected most.

2. Where is it stored?
After you know what data you have, take a look at where the data is located. The locations of data can be discovered by directly analyzing each machine via automated data inventory tools, which enumerate the files, index their key terms, and categorize them along with their location.  Files containing sensitive data or other data matching criteria can be classified further.

3. Who has access to it?
The next thing to ponder is who has access to the data.  Not only is this a core security question but it is key to limiting the scope of a ransomware or hack attack. Consider which users have access and which roles they hold in the organization. Mentally walk through what the impact if one of those users was the victim of ransomware—or if their credentials were stolen and then used to steal customer data.  Make sure employees only have access to the data they need to do their jobs effectively.

4. How is it backed up?
backup and recovery system is an essential component of any data protection plan. In addition to ransomware, a high-quality backup and recovery system will protect your data against accidental deletions, hardware failure, power outages and other disasters.

If you already have a backup system in place, have you taken a good look at it lately? Identify how often data is backed up, where backed-up data is stored and how long it takes your team to restore data.  Find out if data can be restored granularly or only as a large chunk, and whether IT staff are experienced in the recovery process. And always be sure to test your backup system regularly so you are ready when ransomware strikes.

For more news and information on the battle against ransomware, visit the FightRansomware.com homepage today.

Share Button

The Future Workplace of Augmented and Mixed Reality

Eric Vanderburg

Virtual reality has received a lot of attention lately, but there is much to be said for Augmented Reality (AR) and Mixed Reality (MR) technologies that enhance our capabilities in the real world or allow us to interact with technology more intuitively. Both technologies have clear applications for the enterprise and the future workplace. Examples from Vuzix and ODG could be seen at the recent CES 2017 and there is, of course, the much-discussed Microsoft Hololens.

Augmented Reality

Augmented Reality overlays virtual or synthetic elements onto the real world, whereas virtual reality is immersion in a virtual world. Augmented reality allows users to stay in the real world while maintaining connectivity to the Internet and a host of AR-enabled applications and services. Employees on the factory floor need to be present and engaged in the factory, not in a virtual world, but traditional computing technology is difficult to use while performing other tasks. AR allows employees to use the computer without constraining their hands. It can be used in any position such as horizontal under a car, standing, or traveling. That is the beauty of AR. It applies technology to what we are already doing, and it does so in a way that is natural for end users.

Research shows that users are very willing to use AR in their work. According to the Dell and Intel Future Workforce Study, 77 percent of millennials and 47 percent of baby boomers would be willing to use augmented reality in professional life.  The desire to use this technology is clearly present but how does AR support and enhance business operations?

I spoke with Liam Quinn, CTO at Dell, about augmented reality and its role in the workplace to better understand what this might look like. He explained how AR frees up our hands so that we can work in our environment unhindered and yet still connected. AR makes it easier to obtain support because a remote technician can see what you see and work with you on a more personal basis. It is also extremely valuable for training. Instructions or demonstrations can be overlaid onto real life while a task is performed.

There is a multitude of opportunities within augmented reality. With AR, you can get an x-ray view of hardware from internal sensors or overlay infrared heat signatures onto a regular field of view. GPS data can be viewed while walking to a destination or contact details retrieved based on facial recognition when seeing someone.

Mixed Reality

Mixed Reality (MR) is a similar concept to augmented reality with some key differences. AR overlays content onto the world around us, but that content is not something the user interacts with. It is primarily informational. Mixed reality, however, allows for interactivity between real and virtual components. This is especially relevant with the increasing use of Internet of Things (IoT) because these Internet-connected devices can then be manipulated through MR.

Data from the machines around a person can be displayed on their MR gear. For example, a worker in a pump station could see the pressure levels of pipes at different places around the pump house. He or she could make flow changes to compensate using MR while still looking around the pump house rather than going to a computer console.

Security solutions could be implemented with mixed reality. For example, an entry door may be equipped with a camera. When a user approaches the door, their MR gear displays several pictures to them. They swipe through the ones that form their password in the appropriate order to gain entrance. The camera observes the swipes and knows which places should be swiped because it is interfacing with the MR gear. The same user approaching later would receive a set of pictures in different locations.

MR allows users to create content. Paint with virtual brushes, manipulate 3D objects that you can walk around and view from multiple perspectives, or collaborate around a shared virtual table that each person experiences in their own location.

As you can see, augmented reality and mixed reality bridge the gap between how we interact with the real world and how we utilize technology. They are the next step in human-computer interaction, and they are poised to change the way we work and do business. How is your company planning to use these technologies?

This post was sponsored by Dell, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.

Share Button

Karmen ransomware makes it easy to launch attacks

Eric Vanderburg

A new malware do-it-yourself kit called Karmen is making it easy for wannabe cybercriminals to launch ransomware attacks.

Security researchers believe the recently discovered ransomware as a service (RaaS) offering was developed in part by a Russian-speaking ransomware author who goes by the alias DevBitox. For a price, Karmen can turn almost anyone into a cybercriminal in just a few clicks.

 

RaaS offerings like Karmen began popping up on the dark web in 2015 and ransomware developers have continued to make the kits more user-friendly over time.

Karmen is based on a well-known open source ransomware project called Hidden Tear. Using a web-based interface, aspiring cyber-extortionists can customize Karmen before distributing it to potential victims. The ransomware also comes with a dashboard that allows cybercriminals to track the number of machines infected and the total revenue accrued. The dashboard also notifies users when a new version of Karmen is available so they can continue distributing the latest ransomware.

Karmen automates many processes—including payment processing—so users can concentrate on distributing the ransomware. The creators of Karmen are currently charging $175 to would-be criminals who want to get into the ransomware game.

Some might assume that an inexpensive ransomware kit would be quickly picked up by antivirus software, but Karmen is a well-designed piece of malware. It’s packaged with a small loader and doesn’t take up much space. Karmen can detect if it is operating in a sandbox environment and can automatically delete portions of its code to prevent security researchers from analyzing it.  Karmen scrambles files with AES 256-bit encryption and operates with minimal connections to its command and control server.

The ease of use and low price point of Karmen lowers the barrier to entry to the ransomware market. This just the latest indication that ransomware attacks will continue to increase, requiring companies and consumers to be more vigilant than ever before.

To protect your data, it’s important to educate yourself and employees on healthy computing habits, such as how to detect phishing messages, how to properly handle data and what to do if anomalies in the computing environment are detected. Education combined with a host of technical controls such web traffic filtering, virus detection and firewall protection go a long way toward reducing the incidence of attacks.

But you need to be ready if a ransomware attack succeeds. That’s why business and individuals need an effective backup and recovery solution. Ransomware attacks your valuable data and demands payment, but you can reject such demands if your own backups are current, intact and easily accessible.

Once the backup system is installed, don’t wait for ransomware such as Karmen to put it to the test. Be sure to conduct data restore tests regularly. This will familiarize team members with the recovery process and ensure that your data will be restored as quickly as possible when disaster strikes.

For more news and information on the battle against ransomware, visit the FightRansomware.com homepage today.

Share Button

GDPR Compliance in the Cloud

Eric Vanderburg

With the upcoming onset of the GDPR, many companies are seeking to leverage their cloud services for GDPR compliance. The Microsoft Office Modern Workplace episode, ‘GDPR: What You Need to Know’ includes outlines to make this process painless.  Companies want to ensure that those cloud services in use are compliant.  The GDPR places a higher burden on companies storing data on Europeans, and for many businesses, this data resides in the cloud.  Some important GDPR compliance considerations include building support for the consent requirement, rights to erasure and data portability, and 72-hour breach notification, among other GDPR requirements.

The good news is that cloud providers have not been standing still and they can be a valuable partner for a company’s compliance effort.  The decision to utilize the services of cloud providers was likely made not only for the features they provide but because cloud providers can often implement security controls and procedures that would be cost prohibitive for a company to do on its own.  Many cloud providers are actively considering how to comply with GDPR, and some have already adopted GDPR compliant practices.

Today, cloud services are not only present in organizations, they are often ubiquitous.  One study found that European companies are using over 600 cloud services on average and it is likely that U.S. companies use a similar number of cloud services.  So how do companies with such a large cloud presence comply with GDPR?

Assign compliance responsibility

The first step in the GDPR compliance effort is to identify which person or group will be responsible for ensuring compliance with GDPR.  This may be different groups depending on the organizational culture or the business use of personal information.

According to Karen Lawrence Öqvist, CEO at Privasee, the group responsible may include legal, compliance, or even IT.  IT is often the driver in companies where collecting data is not core to the business while legal often has responsibility when there is an emphasis on the collection of personal information.   No matter which person or group is chosen, someone must be accountable for bringing the company into compliance.

Identify cloud providers

The individual or group responsible for compliance must then determine which cloud providers are in use and what data is stored or processed on these cloud services.  It can be tempting to reduce the scope of the process only to those that house data on Europeans, but this might be a short-term perspective.  Companies must be careful not to limit their scalability and agility by staying on non-compliant systems because those systems may need to house such data in the future as the company evolves.

GDPR compliance can also be an opportunity to build a better relationship with customers.  According to Brendon Lynch, Chief Privacy Officer at Microsoft, the increased control and transparency mandated by the GDPR can be a way to build and maintain more trust with customers.  This is a benefit not only for European customers, but also those around the globe.

Once cloud providers have been identified, consider ways to consolidate services to reduce ease management and compliance with GDPR.  Take the time to identify redundancies and standardize those services across the enterprise with a single provider.  Tiered pricing models and bundling of services can reduce cost, but the primary driver for these changes is reduced complexity of data flows to and from cloud providers.  Do not limit this analysis to cloud providers only.  Consider also which activities are performed in-house and whether moving those operations to a GDPR compliant cloud provider would increase efficiencies or lower costs.

Gap analysis

Next, conduct a gap analysis of each cloud vendor.  Vendor management or compliance groups may send out questionnaires to assess whether cloud providers have the capability to meet GDPR requirements and, if not, whether they have a reasonable plan on how to implement these capabilities before the May 25, 2018, deadline.

Mainstream cloud vendors have been some of the most proactive in implementing methods to secure data in their cloud service offerings and to do so in a way that is compliant with the GDPR.  For example, in the recent Microsoft Office Modern Workplace episode, GDPR: What You Need to Know, the Office 365 prebuilt filters were demonstrated.  These filters are already in place for personal data types such as those used by European countries.  Administrators can use filters to define a policy that will automatically identify data in email, SharePoint, and other Office cloud services, and then take specific compliance actions.

Conduct privacy impact assessments

Privacy impact assessments should be performed on high-risk assets such as HR or financial data to ensure that this information is adequately protected with whichever cloud providers are storing or processing the data.  Privacy impact assessments analyze what personal information the company is collecting, why it is collected, and how it is stored, used, and protected.

Document and train on procedures

It is not enough for the cloud provider to have the capability to comply.  The company must be able to use these capabilities in their compliance strategy.  For example, the option to remove or transfer personal data may be possible on a cloud system, but the company must document how to utilize these features if needed.

Persons or departments in the company must then be trained on how to perform these actions so that they will be ready and able when customers make data requests.  Training alone is not sufficient to ensure that staff will meet the GDPR’s stringent 72 hour notification period.  Here, simulation can provide more reliable assurance that incident response activities can be performed in compliance with the GDPR.  Simulations should have incident response teams and cloud service providers work together to effectively investigating a data breach and gather information for notification.

Wrapping it up

Companies who wish to comply with the GDPR by the May 25, 2018 deadline are trying to understand where their data is, particularly that of Europeans, and how that data is handled.  Cloud providers can be a great partner in this effort and companies should embrace their cloud providers in the effort to become compliant.  Consider your cloud provider a core partner in your compliance rather than a liability and utilize what they have to offer in order to meet the GDPR requirements.

Special thanks to Microsoft Office, the sponsor of this article.  As always, all thoughts and opinions are my own.

Share Button

Important considerations for your business and GDPR

Eric Vanderburg

The General Data Protection Regulation (GDPR) is the latest in a host of rules designed to protect privacy.  It is significant because it affects companies that do business in Europe or collect data on Europeans.  GDPR’s wide-ranging scope ranks it right at the top of significant regulations, sitting beside well-known requirements such as HIPAA and PCI.

Your business may be doing quite a few things required by GDPR already because GDPR has similar goals to other regulations.  While HIPAA is designed to protect patient information in covered entities and business associates and PCI to protect credit card information from card processing environments, GDPR aims to protect the personal information of Europeans.  This overlap of objectives results in a considerable similarity in GDPR specifications to those of other regulations.  However, GDPR does introduce some new requirements that companies need to understand.

The upcoming Microsoft Office Modern Workplace episode “GDPR: What You Need to Know” incorporates the expertise of Brendon Lynch, Chief Privacy Officer at Microsoft, and Karen Lawrence Öqvist, CEO at Privasee on how to prepare for GDPR.  Some fundamental aspects of GDPR that are distinct from other regulations include the consent requirement, rights to erasure and data portability, accelerated breach notification, and the requirement for a data protection officer.

Consent requirement

GDPR mandates that companies obtain consent from individuals before storing their information.  Consent must be specifically for how the data will be used.  Organizations must first spell out how they will use an individual’s data and then obtain the approval for that use.  Data use is then limited to only what the person allowed, and the organization must keep records on how information is used and processed.  This information must be produced upon request by supervisory authorities, a local governing body that the business has associated with for purposes of compliance and reporting.

Rights to erasure and data portability

Under GDPR, individuals have the right to erasure and the right to data portability.  Companies must remove the data they have on a person if requested to by the individual, and they must facilitate the transfer of a person’s information from their systems to another system using an open standard electronic format that is in common use.

Accelerated breach notification

Breach notification timelines are greatly accelerated in GDPR.  The supervisory authority must be notified within 72 hours of the breach.  This notification must include the relevant details of the breach including the number of victims impacted, and personal records disclosed, likely consequences to victims due to the breach, how the company is handling the breach, and what the company will do to mitigate possible adverse effects of the breach.  This accelerated schedule will require businesses to have a much more robust incident response and investigative procedures as well as effective coordination of incident response, legal, investigative, and executive teams.

Data protection officer

Much like HIPAA’s privacy officer requirement, GDPR requires public authorities and organizations to have a data protection officer when their core business involves large scale processing or monitoring of individuals.  The data protection officer must be a senior person in the organization who reports to executive management.  They must have the freedom to operate independently from the rest of the company and be provided with adequate resources to perform their role.

Next steps

We live in an incredibly globalized world, one where businesses of all sizes work with customers spread around the world.  GDPR has a wide-ranging impact on these companies, so it is important to understand its requirements.  In addition to what has been presented here, the Microsoft Office Modern Workplace episode on GDPR provides some excellent guidance.  Begin the process now to position your company to operate and thrive under GDPR. The deadline for companies to comply with this regulation is May 25, 2018.

Special thanks to Microsoft Office, the sponsor of this article.  As always, all thoughts and opinions are my own.

Share Button

Mac Users Face Increased Ransomware Threats

Eric Vanderburg

Apple Inc. has a reputation for building secure devices, but don’t become too complacent because ransomware threats to Mac users are on the rise.

While ransomware attacks against Microsoft Windows-based computers and servers remain far more prevalent, security researchers have detected new Mac threats in recent years and expect to see new threats in the future. Here’s a quick look at three forms of ransomware that are known to target Mac users:

KeRanger disguises itself as a popular application
Imagine this: You go to download a copy of Transmission, the popular torrent download application, only to find that it infects your computer with ransomware. That’s what happened to more than 7,000 Mac users in 2016 after cybercriminals hacked into the Transmission website and implanted KeRanger—ransomware that targets Mac OS X—into the downloads. The downloads were stamped with the official Transmission developer certificate so Gatekeeper, the Mac function that validates applications, was easily fooled.

The ransomware was hidden inside a file called general.rtf and was designed to wait three days before encrypting user data. After encrypting files, the malicious software displayed a ransom note demanding one bitcoin. The ransomware installer has since been removed from Transmission’s website.

Think you’re fixing apps with Patcher? Think again
Patcher disguises itself as a patching tool for well-known apps like Adobe Premiere Pro and Microsoft Office. The ransomware, which has been downloaded via BitTorrent, is so poorly designed that even the malware’s creators are unable to supply decryption keys to victims who pay the ransom.

Patcher stores important files, documents, pictures and other media in an encrypted .zip file and deletes the original data. It then attempts to wipe the free space on the drive so that disk recovery tools will be ineffective. Patcher concludes by scattering copies of “README!.txt” in the victim’s document and picture folders. The README! file contains ransom payment instructions.

FindZip makes you hunt for decryption keys
Much like Patcher, FindZip ransomware attacks Mac users by copying important files into an encrypted .zip file and deleting the original data. FindZip, which is also known as Filecoder, has no decryption capabilities so victims who pay the ransom will not be able to recover their data. The good news is that you can discover the decryption keys by comparing an unencrypted file to an encrypted one. Avast has created a tool that automates the process of discovering the tools and decrypting files.

Protect your Mac from ransomware
Mac users are clearly not free from the threat of ransomware. While not at epidemic proportions, ransomware attacks against Macs have seen widespread success by breaking into systems that were assumed secure. Fortunately, users today have access to a variety of backup options. You can add an extra layer of protection to your Mac computer by stepping beyond the Apple ecosystem of TimeMachine nearline backups and iCloud synchronization and embracing a third-party cloud backup solution.

For more news and information on the battle against ransomware, visit the FightRansomware.com homepage today.

Share Button

DevOps FastTrack – From How to Wow

Eric Vanderburg

Pavan Belagatti and Eric Vanderburg

Early DevOps adopters have proven DevOps to be more than just a cultural shift or a set of tools – they have proven it to be a critical success factor and a competency well worth developing in today’s environment of rapid change, technological development, and high customer or employee expectations.  The demand for DevOps in organizations is high, but it is not something that can be bolted on to the average team.  When this happens, the existing organizational undercurrents will undermine the effectiveness of such a program.  Rather, the development, operations, and overarching management processes must be redesigned anew.  DevOps can be highly disruptive to an organization, but it has a lasting and powerful impact on organizational success.  After all, IT is the core of almost any business and the efficiencies and agility gained there will have a significant impact on the readiness and coordination of the organization as a whole.

The term DevOps has entered into our general parlance and has gathered much attention and focus.  Below is the trend for Google searches of the keyword ‘DevOps’ from May 2015 to October 2016.

Believe me, DevOps is a wholesale change in companies organization.  Any halfway efforts will not be fruitful, and organizations that want to implement DevOps will need to be committed to the process.  Furthermore, those interested in learning how to move to DevOps can find it quite confusing because it is foreign to those from a single IT operations or development perspective.  For this reason, let’s take a step back and look at the roots of DevOps to see how it all got started.

 

The Evolution of DevOps:

DevOps was born out of a long history of software development methodologies.  For decades, programmers have sought to improve the software development process, and those efforts have produced the waterfall, agile, lean, continuous integration, continuous delivery, continuous deployment and continuous operations models.

We begin with the waterfall model.  Here, developers believed that if they could just plan it out correctly and follow a clear set of iterative steps, the software development process would flow nicely.  However, customer changes, team dynamics, and a host of other issues proved that the waterfall model involved high risk and uncertainty.  Changes resulted in a significant amount of rework, and this was not often identified until late in the process when it proved tough to go back and change something that was not in the initial work plan.

Agile is incremental while Lean integrates processes to deliver product and features more quickly.   In an effort to develop rapidly, Continuous Integration (CI) extends this process by requiring code check in and builds at multiple points throughout the day.  Each build goes through a level of quality checking to identify errors soon after they are introduced into the code.   Continuous Delivery (CD) uses pre-production environments in an automated fashion to perform software releases at regular intervals.  CI ensures that individual components are integrated properly and that modifications at different areas work well together.  Lastly, continuous operations combine the builds into the operational environment in such a fashion that there is no lapse in the availability of the operational systems due to new releases.

 

The Onset of DevOps:

Now that we have the historical context of DevOps, companies will be able to see how DevOps takes pieces of the above frameworks and weaves them into a more comprehensive way of doing business.  This is also core to the DevOps philosophy.  Software development and IT operations are not elements on their own.  They are core pieces of the business, and they should function in support of the business goals.  DevOps combines these features to more efficiently accomplish these aims and provide the agility needed for flexible, fast-moving companies.

DevOps is a complete transformation of the way companies do business.  Adopting DevOps is no small change and should not be taken lightly.  Companies tend to evaluate and implement changes quickly, and then test, revise, and refine just as quickly.  DevOps is a confirmation that every individual in the organization is following the same principles and processes.  It involves everything from putting in automated tests, builds, code reviews, to setting up multiple environments.

DevOps ensures that software development and IT operations teams agree on a common set of goals to achieve.  It relies on automation and or even zero-touch automation.  In the end, DevOps reduces speed to market by decreasing the friction in the software development process, from build to deployment and maintenance.

 

Why DevOps?

DevOps aims at breaking down the barriers, and differing preferences that usually exist between development and operations.  DevOps allows Software development and IT operations to work together with common goals and to deliver reliable, safe, rapid, and efficient products to the market.  DevOps gives a competitive advantage to the companies by boosting the IT performance and ultimately improves company’s bottom line.

DevOps is seeing a steady increase in organizations.  For example, in a survey by RightScale, DevOps adoption rose from 66% to 74%.  Given the disruptive nature of DevOps, this modest increase is indicative of a planned and reasoned approach in the industry and a positive sign for the future growth of DevOps.  Here are six advantages DevOps can bring to your company.

  1. DevOps boosts collaboration

Software development and IT operations teams become one in DevOps and so each person in those teams works in harmony towards one singular objective.  Team members share the same tools, terminology, workspaces, and methodologies, which all improve collaboration.

  1. DevOps standardizes processes and procedures

DevOps unifies formerly disparate groups through a standard set of processes and procedures.  This allows for more consistency in results and makes it easier to plan, measure, and evaluate the performance of teams.  Along with these standards comes a shared culture, which makes it easier for the team to work together.

  1. DevOps reduces coding errors and improves error resolution speed

DevOps, when combined with CI and CD, couples individual changes to testing, validation, and evaluation of the code so that errors are identified and resolved soon thereafter.  Developers do not need to search through thousands of lines of code to find the error because they know it was introduced in the latest build.  They can go right to the most recent changes to locate the error.  This allows developers to spend more time creating innovative solutions and less time chasing bugs.  It also results in a much happier DevOps team.  After all, no one studied computer programming to fix bugs; rather, developers want to create new and exciting things with their software.

Less time spent on errors also results in faster time to market or deployment to internal or customer systems.  Organizations can realize a return on their investment sooner with such a methodology.

  1. DevOps sees more involvement and engagement from customers and stakeholders

Traditional development environments were screened off from customers and stakeholders by project managers and other intermediaries who interpreted requirements, mapped program elements and then handed tasks off to developers.  Customers and stakeholders didn’t see the fruits of this labor until there was a prototype or even the final product near the end of the development cycle.  Much time passed between receiving initial requirements and seeing the final product.  In some cases, the business needs changed while developers continued writing code for outdated requirements.  In other cases, the drive and impetus for the project waned, resulting in decreased utilization of the product upon completion.

DevOps is more intimately engaged with the customer.  Releases are more timely and produced more frequently so that customers can see the product taking shape and provide their feedback.  The end result is a product that more effectively meets the needs of the customer or the business and one that more easily gains acceptance.

  1. DevOps navigates a sea of change with consistent iterations

Change often disruptive, but when managed correctly, change can be expected, appreciated, and welcomed.  One of the biggest elements of minimizing change disruption is in setting expectations.  DevOps makes changes in iterations that are planned, consistent, and regular so that the DevOps team, business stakeholders, and customers know what to expect.

The reality is that change is going on all the time.  Organizations and their products or services need to be able to adapt to that change.  However, they must do so with minimal disruption to their workforce and customers.  Consistency in developing these changes allow the company and its products to adapt well, always learning and applying previous knowledge and experience into the next product or feature while giving customers and stakeholders a regular diet of small bite-sized changes.

  1. DevOps embraces automation, removing repetitive tasks and wasted effort

Once companies identify the mundane tasks that are stealing DevOps team member’s time, those tasks can be automated.   The consistency of the DevOps process can lead to regular tasks and many opportunities for automation.  One difficulty organizations adopting DevOps face is the effort required to perform routine and periodic processes.  Those that effectively implement DevOps automate those processes so that DevOps time is spent on the most important tasks.

There are a wide variety of process automation and collaboration tools that can be used by DevOps teams to reduce human time devoted to repetitive tasks and improve the consistency of those tasks.  With the introduction of tools like Docker, AWS, Puppet, Ansible, Chef, Slack, Shippable, and many other products, it is much easier for organizations practicing DevOps to use these tools and automate everyday tasks.  The developers of these tools have already solved those challenges so that you don’t have to.

 

Adopting DevOps

The software world is growing rapidly, with many new apps, software, and services.  DevOps offers an effective methodology for improving quality, time to market, software adoption, and the happiness of development and IT operations teams.  DevOps is not just another buzz word or fad.   It is here to stay and evolve because it has proven to be effective.   Begin the DevOps journey today in your company.

Share Button