We Aren’t Stopping Just At Virtual Desktops Your customers need just as much attention as your employees. Our customers are struggling in three other areas: Customer engagement Customer communication Customer self-service Here’s how we can help: Boosting Customer Engagement: Amazon Connect We are helping a number of customers to boost the systems they use to engage with their customers. Many call centres are not established for remote working, yet there is a surge in demand across industries as the current situation continues to unfold. We are helping to deploy Cloud Hosted Contact Centres like AWS Connect, to provide additional bandwidth to cope with growing call volumes and enable faster customer resolution times. This can also be integrated with your Landing Zone and Cloud Foundations, to provide an interconnected solution with your VDI estate. Rapid Customer Communications: SaaS-based DevOps toolchains Where many enterprises previously accepted weeks as a means to deliver new content and communications to their customers, we are working to build-out SaaS based DevOps toolchains that allows for much faster delivery of news, communications and content to their customers during this challenging period. Customer Self-Service: Automated solutions like chat bots We are also supporting many organisations to better understand how self-service solutions can remove friction from their customer experience offerings by implementing Chat Bots to address general FAQs and support the resolution of non-critical customer queries, so that a larger focus can be spent on helping vulnerable customers through telephony channels. Cloud Is an Enabler for Customer Experience It is during times of trouble, that we all become a whole lot more creative and accept solutions that we wouldn’t usually consider to enable our businesses to thrive. Stay safe and stay tuned in, as we continue to share some of Contino’s best practice cloud solutions with you, from our global workforce. Want to learn more? Join us on 2 April for a FREE webinar where we will cover how you can set up and scale virtual desktops to meet your internal services needs.
Paradoxes point towards areas of reality that are poorly understood or obfuscated by how we use language to model reality. Investigating seeming paradoxes is a key to gaining greater understanding of how the world works.
- How can free will exist if God is omniscient?
- How is it that we learn from history only that we cannot learn from history?
- How can secure software be developed at speed and scale?!
Perhaps God doesn’t exist? Perhaps free will is an incoherent concept? Perhaps ‘history’ is a misleading conceptual superimposition on the ever-changing present moment?
Perhaps security can be used to enhance software delivery?
This is the ultimate IT paradox for modern global enterprise organizations: go fast. No, actually go faster. But, and this is critical, it better be secure.
The answer to this seeming paradox points us in the direction of DevSecOps. DevSecOps is the answer to integrating these seemingly contradictory enterprise challenges into a coherent and effective approach to software delivery.
DevSecOps embeds security and governance requirements code across the entire software development pipeline. Security is made part of the operating model that enables you to develop software at speed and scale.
By including security at every stage in the software lifecycle, enterprises can reap significant the benefits:
- Reduced costs
- Increased delivery speed
- Increased recovery speed
- Enhanced monitoring, auditing, threat hunting
- Reduced vulnerabilities
- Increased code coverage
- Infrastructure is ‘secure by design’
- Continuous improvement
- Global security responsibility
- Culture of transparency and openness
- Secure innovation at speed and scale
And all of the above translate into: increased sales!
In this short blog series, we will cover best practices for adopting DevSecOps across the three central pillars: people, process and technology.
Getting to DevSecOps: People
No matter how many technologies you decide to implement, the weakest link of that chain will always be the human factor, and this must be the starting point for any DevSecOps implementation.
One of the most important aspects of DevSecOps is challenging the way traditional security teams integrate with the wider business. Changing habits and raising awareness across all levels of a company are not easy tasks and require a top-down approach if attitudes are to change.
Here are some excerpts on specific practices you can use when designing the people component of your transformation as taken from our our whitepaper, Introduction to DevSecOps and Best Practices for Adoption.
1. Breaking Down Barriers and Silos
For security to be effective, we need to include security concerns - and the security ‘mindset’ - as early as possible in the software delivery pipeline.
One way of doing is this is with security champions.
Security champions are members of a team that help to make decisions about when and how to address security concerns. Security champions act as the ‘voice’ of security for a given product or team, and they assist in the triage of security bugs for their team or area. They are evangelists for the security mindset, obsessively expounding on the importance of security across all areas!
Some of the most important duties of the security champion include the following:
- Emphasize security concerns across all teams - not just the ‘Security Team’
- Evangelize the ‘security mindset’
- Ensure that security is not a blocker on active development or reviews
- Empowered to make decisions
- Work with AppSec team on mitigations strategies
- Help with QA and Testing
- Write Tests (from Unit Tests to Integration tests)
- Help with development of CI (Continuous Integration) environments.
2. Training Your Staff
Any successful DevSecOps program will invest in good training and professional development for its staff. Training must be rooted in company goals, policies, and standards for software security, and learning media must be flexible and tailored. To foster and develop good security staff, organizations must provide new hires with the appropriate training and tools they need to do their jobs well, and to contribute to the successful release of secure software. Engaging specialist security and DevOps training organization(s) to raise staff skills and awareness are essential for maintaining consumer trust. Good training ensures that standards are implemented correctly.
3. Culture is Everything
Simply having the proper DevSecOps processes and technologies will not be enough to achieve anything if the company culture – embedded in people across all areas of the business – does not enable those processes and technologies to be properly utilized.
The security team has traditionally been a drag on release performance. They become the ‘Department of “No”’ and, as a result, are marginalized over time, creating a self-reinforcing downward spiral of division between teams. DevSecOps aims to break down these barriers and stop security from being its own echo chamber without taking into consideration the wider business when implementing policies or tooling.
When DevSecOps is fully embraced there is no longer a single ‘Security Team’ but a constantly improving security mindset across the business.
The Foundation for Security
Proper training, a restructuring of teams and the appointment of security champions means that security becomes less the function of a single department and more a frame of mind that permeates the company - starting in particular with development teams.
This sets the foundation for the successful implementation of security processes and technologies, providing enhanced security much earlier in any development project. This also ensures quicker, easier and cheaper software delivery cycles.
Converting the people in your organization is the foundation stone of DevSecOps, but there are important considerations across processes and technologies as well. If you’d like to learn more about our vision for DevSecOps in the enterprise - across people, process and technology - check out our free guide: Introduction to DevSecOps & Best Practices for Adoption.