Cloud Governance: Something Old, Something New, Something Borrowed…
Aligning Agile with Zachman EA framework
On the flip side - Agile being an umbrella for multiple known methodologies, i.e. Scrum, Kanban, Scrumban etc, I believe it could be moulded to meet the organization requirements and just like we saw how Zachman framework could be custom-built to suit to the organizational expectations and culture. Here we have covered just the user-story aspect of the agile process (aligned with Zachman model), and in the next part of this blog series I am going to showcase how one could make the overall SDLC process iterative and align TOGAF with Agile SDLC, at EPICS and Sprint level.
CIO Meets Mobile Challenges Head-on
"Android is a more challenging operating system to secure for the enterprise than iOS because of its fragmentation," says Ojas Rege, MobileIron's vice president of strategy, adding, "Deploying Android successfully requires us to make as much of the complexity and variability as possible invisible to our customer. We do expect that Google's increasing focus on enterprise Android combined with our engineering investments will continue to expand the business capabilities of Android and continue to make it easier to deploy."
Configuration management, IT asset management need to be integrated
The asset management process is actually a longer process than configuration management. If you think of the sub-processes, actually it [asset management] goes from plan through procure, receiving the asset, deploying the asset, then operating and optimizing the asset before eventually you move to decommission and dispose. As I said, the main parts of the asset management lifecycle are deploy and operate, then optimize, which is where the configuration process comes in. And with configuration, you have planning and management of the configuration item. You need to be able to identify the configuration item, control it, report on the status of the configuration item, and then you will do some audit and verification. So the processes have so many interfaces they have to operate in harmony.
Do you want power or influence?
The problem with positional power is that there actually are few of the really significant roles at the top of any organizational structure. It’s clogged up there. But that does not mean we are out of luck in terms of power if we have not had the fortune or good luck to step into these positions of power and the influence that goes with it. There are also sources of power that are personal and can provide both power and influence if we cultivate and use them well:
Hacker mindset a prereq for security engineers, says Markley CTO
A key theme at this year's MIT Sloan CIO Symposium on the digital enterprise was that the customer comes first for IT, no matter what kind of business a CIO is in. It follows that customer data is among an organization's most valued assets. Protecting customer data in today's digital enterprise, however, can no longer be relegated to your run-of-the-mill security engineers, according to Patrick Gilmore, CTO at data center services provider Markley Group. For Gilmore, candidate prerequisites include a high degree of paranoia and a hacker's mentality.
Wearables: Are we handing more tools to Big Brother?
"This is a massive violation of our right to keep sensitive information private," she said, adding that, "any kind of mental health diagnosis can ruin your life." Pam Dixon, founder and executive director of the World Privacy Forum (WPF), agrees. She is one of numerous privacy advocates who point out that most fitness trackers are currently exempt from any regulation -- they are not covered by HIPAA since they are consumer devices that have not been furnished or prescribed by a health-care provider.
Why Test in the Cloud?
First and foremost you want your cloud-based test management to enhance workflow and streamline processes for greater efficiency. One of the first things worth considering is integration. Can you integrate your existing bug-tracking software? Are there any plug-ins or browser-based tools that can help generate logs and record screenshots to create clear and concise bug reports? Can you easily import and export documents, deliverables, log files, images and other files? Can you set permissions levels, make bug status changes, and see real-time updates? Does it support automated test scripts? It's also important to think about versioning and tracking. Every action should be traceable and the ability to revert when something needs to be rolled back can prove to be a real time-saver.
Boost your security training with gamification -- really!
Building awareness of physical security was also part of the effort at Salesforce, which has 13,000 employees. A campaign to test "tailgating" (when an unauthorized person sneaks through a secured door by following immediately behind an authorized person) drew 300 volunteers who were rewarded if they successfully slipped through a door and took something. Generally, before security training, 30% to 60% of users will fall victim to a fake phishing email, says Lance Spitzner, training director at the SANS Institute, a security training vendor. After training and six months to a year of a gamification program, the rate can fall to 5%, he says.
Google’s Container Tool Attracts Support From Microsoft, IBM, and Others
Hölzle pointed out that Microsoft will work to make Kubernetes successful in its Azure cloud; RedHat plans to add support to its hybrid cloud product; IBM will contribute to Kubernetes and Docker while trying to establish a governance model; Docker pledges to align Kubernetes with its own similar service called libswarm; CoreOS will ensure that Kubernetes works with its Docker-centric operating system; Mesosphere says that they’ll integrate Kubernetes with their own management tool called Mesos; and SaltStack will make Kubernetes part of their configuration management toolset.
Quote for the day:
"Don't worry about people stealing your ideas. If they're any good you'll have to ram them down people's throats" -- H. Aiken
Making matters worse, SOA governance tools are often missing in the Cloud Computing environment. There’s no central point for a Cloud consumer / developer to view the Services and associated policies. Furthermore, design-time policies are easily enforceable when you have control over the development and QA process, but those are notoriously lacking in the Cloud environment. The result is that design-time policies are not consistently enforced on client side, if at all. Clearly, SOA governance vendors and best practices need to step up to the plate here and apply what we already know about SOA registries/repositories and governance processes to give the control that’s needed to avoid chaos and failure.
Aligning Agile with Zachman EA framework
On the flip side - Agile being an umbrella for multiple known methodologies, i.e. Scrum, Kanban, Scrumban etc, I believe it could be moulded to meet the organization requirements and just like we saw how Zachman framework could be custom-built to suit to the organizational expectations and culture. Here we have covered just the user-story aspect of the agile process (aligned with Zachman model), and in the next part of this blog series I am going to showcase how one could make the overall SDLC process iterative and align TOGAF with Agile SDLC, at EPICS and Sprint level.
CIO Meets Mobile Challenges Head-on
"Android is a more challenging operating system to secure for the enterprise than iOS because of its fragmentation," says Ojas Rege, MobileIron's vice president of strategy, adding, "Deploying Android successfully requires us to make as much of the complexity and variability as possible invisible to our customer. We do expect that Google's increasing focus on enterprise Android combined with our engineering investments will continue to expand the business capabilities of Android and continue to make it easier to deploy."
The asset management process is actually a longer process than configuration management. If you think of the sub-processes, actually it [asset management] goes from plan through procure, receiving the asset, deploying the asset, then operating and optimizing the asset before eventually you move to decommission and dispose. As I said, the main parts of the asset management lifecycle are deploy and operate, then optimize, which is where the configuration process comes in. And with configuration, you have planning and management of the configuration item. You need to be able to identify the configuration item, control it, report on the status of the configuration item, and then you will do some audit and verification. So the processes have so many interfaces they have to operate in harmony.
Do you want power or influence?
The problem with positional power is that there actually are few of the really significant roles at the top of any organizational structure. It’s clogged up there. But that does not mean we are out of luck in terms of power if we have not had the fortune or good luck to step into these positions of power and the influence that goes with it. There are also sources of power that are personal and can provide both power and influence if we cultivate and use them well:
Hacker mindset a prereq for security engineers, says Markley CTO
A key theme at this year's MIT Sloan CIO Symposium on the digital enterprise was that the customer comes first for IT, no matter what kind of business a CIO is in. It follows that customer data is among an organization's most valued assets. Protecting customer data in today's digital enterprise, however, can no longer be relegated to your run-of-the-mill security engineers, according to Patrick Gilmore, CTO at data center services provider Markley Group. For Gilmore, candidate prerequisites include a high degree of paranoia and a hacker's mentality.
Wearables: Are we handing more tools to Big Brother?
"This is a massive violation of our right to keep sensitive information private," she said, adding that, "any kind of mental health diagnosis can ruin your life." Pam Dixon, founder and executive director of the World Privacy Forum (WPF), agrees. She is one of numerous privacy advocates who point out that most fitness trackers are currently exempt from any regulation -- they are not covered by HIPAA since they are consumer devices that have not been furnished or prescribed by a health-care provider.
Why Test in the Cloud?
First and foremost you want your cloud-based test management to enhance workflow and streamline processes for greater efficiency. One of the first things worth considering is integration. Can you integrate your existing bug-tracking software? Are there any plug-ins or browser-based tools that can help generate logs and record screenshots to create clear and concise bug reports? Can you easily import and export documents, deliverables, log files, images and other files? Can you set permissions levels, make bug status changes, and see real-time updates? Does it support automated test scripts? It's also important to think about versioning and tracking. Every action should be traceable and the ability to revert when something needs to be rolled back can prove to be a real time-saver.
Boost your security training with gamification -- really!
Building awareness of physical security was also part of the effort at Salesforce, which has 13,000 employees. A campaign to test "tailgating" (when an unauthorized person sneaks through a secured door by following immediately behind an authorized person) drew 300 volunteers who were rewarded if they successfully slipped through a door and took something. Generally, before security training, 30% to 60% of users will fall victim to a fake phishing email, says Lance Spitzner, training director at the SANS Institute, a security training vendor. After training and six months to a year of a gamification program, the rate can fall to 5%, he says.
Hölzle pointed out that Microsoft will work to make Kubernetes successful in its Azure cloud; RedHat plans to add support to its hybrid cloud product; IBM will contribute to Kubernetes and Docker while trying to establish a governance model; Docker pledges to align Kubernetes with its own similar service called libswarm; CoreOS will ensure that Kubernetes works with its Docker-centric operating system; Mesosphere says that they’ll integrate Kubernetes with their own management tool called Mesos; and SaltStack will make Kubernetes part of their configuration management toolset.
Quote for the day:
No comments:
Post a Comment