Recommended for CTOs, architects, IT Managers
COVID-19 has emphasized the fact that business agility and hence technology agility are the most if not the only factors for business success. However, technology agility in most IT departments is not the “strongest muscle”. Technology adoption of Cloud, Devops, Integration, Low-Code and Zero Trust are affecting all IT departments and even the entire organization. New
processes and relationships between the various branches of the IT department should emerge, forsaking old habits and technologies. New technologies and roles\responsibilities are taking their place.
1. 1
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
CTO’s presentation:
Age of Implementation
Pini Cohen, CTO STKI
2. 2
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Agenda
Intro: CTO’s and Architects
Adaptive Architecture
Cloud CoE
DevOps CoE
Zero Trust
2
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
3. 3
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
What is happening with CTO’s and
Architects?
More technologies to deal with
Technology last short time
Customization of technology is less
viable
Dependencies in technologies is
increasing
3
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
4. 4
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Microservices
implications:
•You can do whatever you
want, use database,
programming language
etc., as long as you get the
job done and other
services can depend on
you.
4
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
5. 5
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
This is how core legacy architecture looks
likes
6. 6
Copyright@STKI_2020 Do not remove source or attribution from any slide, graph or portion of graph
Solution: The
new architect
6
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
7. 7
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
What is happening with
CTO’s & Architects ?
we are
having more
fun!!
7
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
8. 8
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Not everything is so shiny
Not everything is so shiny
8
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
9. 9
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
The IT talent war*
*In the holly land
10. 10
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Massive move of personal from Enterprise IT to High-tech
10
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
11. 11
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
IT has little experience in Knowledge Transfer
11
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
12. 12
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
This will result
IT
Organization
•Downtime
•IT is a barrier for
the business
•Implement KM
platforms in IT
•Demand for Cloud
& SLA based
services
IT
Suppliers
•Sell products with
their operations
services
•High demand for
staffing services
(“gulglot”) but
hard (impossible?)
to fulfill
•Cloud & SLA
based services
13. 13
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Adaptive
Architecture
13
14. 14
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Adaptive Architecture
ADAPTIVE emerges as the top objective for the organization. Modern
architecture Integration is the core of being Adaptive
API’s are the most important indication of “what is happening” in modern
application
API’s and Event Driven will enable the use of Legacy system in modern
business processes
15. 15
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Adaptive Composable Organizational
Applications
16. 16
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
The evolution of integration patterns
16
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
17. 17
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
API gateway
The evolution of integration patterns
17
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
18. 18
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
API Gateway
• Protocol transformation
• Scheme validation (content filters like XSD, filed limits, field format, etc.)
• Authentication & security
• Basic logics
19. 19
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
API gateway
Cloud integration:
IPaaS
The evolution of integration patterns
19
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
20. 20
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
IPaaS –
Integration
Platform as a
Service
• For cloud connectivity
• Enable integration capabilities for ‘ad hoc’ or ‘citizen’ integrators”
• “I have more adaptors cloud SaaS”
• Selected products: Zapier, iConduct, Workato, Celigo, Snaplogic
20
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
21. 21
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
External (specific API)
API gateway
Cloud integration
IPaaSadvanced ESB
API management
The evolution of integration patterns
21
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
22. 22
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Business manager to CIO:
I want to sell
product X by
our systems
I want to sell
product Y by
our systems
I want to sell
product Z by
our systems
I want to sell
product A by
our systems
CIO CIO
CIO
CIO
23. 23
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Business manager to CIO:
I want to sell
product X by
our systems
CIO
• Place new products in my catalog –
dynamically
• Check stock variability in suppliers ERP
• Process payment (3rd party SW)
• Transfer money immediately to supplier
• Update delivery status and location (3rd
party)
• Update buyer when product was delivered
• Update “consumer club” in both our
systems and suppliers systems
24. 24
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
API Management
24
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
25. 25
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
BOI Open Banking Regulation
25
26. 26
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
API Management – the hottest project in market!
I’m Hot!
26
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
27. 27
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Will API management replace ESB?
It shouldn't – no oorchestration, no transformation, no adapters ( tech
and content), no messaging, no guarantee delivery, etc,
Still – green field organizations (enterprises and start-ups) are not
using ESB at all
28. 28
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
* Gradually when possible
API management tools are
replacing ESB*
28
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
29. 29
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
External (specific API)
API gateway
Cloud integration
IPaaSadvanced ESB
External partners
API management
developer portal
Industry API Standards
The evolution of integration patterns
29
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
30. 30
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Why API interoperability standards are critical for business agility?
“complete name” “full name” “full description” “Shem Male”
"The Hongkong and Shanghai Banking Corporation Limited“ is stored in field
Bank A Bank B Bank C Bank D
These banks can only manually co-ordinate.
This is not suitable for modern business!!
31. 31
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
The solution: standard Open API –
"banks": [
{
"id": "hsbc",
"short_name": "HSBC",
"full_name": "The Hongkong and Shanghai Banking
Corporation Limited",
"logo": "url of internet standard image",
"website": "www.postbank.de"
}
]
}
32. 32
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
External (specific API)
API gateway
Cloud integration
IPaaSadvanced ESB
External partners
API management
developer portal
Industry API Standards
The evolution of integration patterns
Microservices
ServiceMesh
32
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
33. 33
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Source: http://martinfowler.com/
34. 34
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
34
API gateway /ESB
will not scale in
microservices
production
environment API
Gateway
34
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
35. 35
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
https://medium.com/microservices-in-practice/service-mesh-for-microservices-2953109a3c9a
service mesh pattern
36. 36
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Direct (unsupervised) API calls
36
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
37. 37
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Advanced Integration capabilities are the key to adaptive business
API centric development & operations are a key for availability, efficiency
(reuse) & security
Advanced Integration capabilities are the key to adaptive business
API centric development & operations are a key for availability, efficiency
(reuse) & security
37
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
38. 38
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Event Driven Architecture (EDA)
38
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Traditional programming: direct connection
By topic
39. 39
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Event driven - “If you love someone set him free”
• Traditional programming:
Make_Order {
…
…
Call Order_Fulfilment (id of
order).
Wait for response (ack)
• }
• EDA programming:
Make_Order {
…
…
Publish event:
Order_created(id of order)
//do not wait
• }
40. 40
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Event driven benefits & drawbacks
•Enables adaptive business processes
•Enables work of separate teams
•Fits microservices, self contained systems, DevOps,
serverless
•Basically for a-synchronous purpose
•Distributed transactions are difficult!!
•Needs to reskill architects & programmers
40
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
41. 41
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Low Code
“A low-code development
platform (LCDP) is a software that
provides a development environment
used to create application
software through graphical user
interfaces and configuration instead
of traditional hand-coded computer
programming.” Wikipedia
תפוקה הרבה
,
קוד פחות
42. 42
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
The advantages
TTM
Fit for junior/legacy
developers
Low technical debt
Good for business
(application) experiments
(MVP)
42
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
43. 43
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
The barriers
Prior experience- 4GL
Politics
Cost of entry
Lockdown
43
44. 44
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Lesson learned
from (Israeli) 4GL:
•Citizen developers should work
under IT guidance/supervision:
•Security, Central Identity,
Regulations, Monitoring
•Updates of infrastructure
•CAB – change advisory board
•Documentation and Architecture
guidance
44
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
44
45. 45
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
Will 2022 be the "LowCode Year" in
Israel?
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
45
46. 46
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Literacy
API Economy principals
Standards
API standards, Identity
standards, Cyber
security standards
Architecture
Event Driven, API
management vs.
ServiceMesh , Rest vs.
GraphQL
Tools
API management tools
IPaaS tools
Governance
Regulations , apply
standards
Use Cases Identification
and Prioritization
Priorities in DevOps efforts and tooling
Skills
Architect upskill for
Event Driven
Processes
API first culture , API testing
automation
Architecture
Integration
CoE
Governance – be integral part of development process
48. 48
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Reasons for
moving to cloud
• There is (almost) no option since new business applications are only cloud based. Applying modern business processes without using cloud software will be very difficult and unconventional.
New business applications
are only cloud based
Applying modern business
processes without using
cloud software will be very
difficult and unconventional
48
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
49. 49
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
More reasons for
moving to cloud:
• Cloud improve IT speed & agility and
hence business agility
• Cloud computing enables “fail fast”
(leanMVP) business culture
• Cloud drives technology innovation which
drives business innovation
• Cloud computing helps with compliance
• Cloud computing companies invest much
more on cyber security than traditional IT
• Cloud computing helps with IT-Business
alignment
49
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
50. 50
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Repatriation?
Cloud
50
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
51. 51
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Repatriation debate
51
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
52. 52
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Repatriation from cloud in Enterprise IT?
Cloud
Not Yet
52
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
53. 53
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Cloud unexpected
complexity:
•Cloud budget planning
•Bill Shock
•Lack of flexibility in cloud
contracts
•Forgotten areas in cloud SaaS
deals
•In general - mistakes in the
cloud are more harmful
53
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
54. 54
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Reduce the
dominance of
Windows Server
and VMWARE
ESX
54
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
55. 55
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Cloud technical
team is integral
part of the
general teams
55
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
56. 56
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Fact: most
resources are still
spent the on-
premise/traditional
infrastructure
Treat on premise
as cloud!!
56
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
57. 57
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Infrastructure as Code
•Central scriptcode repository (GIT) for
all infrasecurity
•Central workflow for all infrasecurity
57
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
58. 58
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Place infrastructure
as code KPI for all
infrasecurity
departments
58
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
59. 59
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Server is running unnecessarily in
traditional DC – not a big deal
Server is running unnecessarily in
Cloud – very big deal $$
“Pay by the minute” is new for IT* – FINOPS is the
answer
*what are “Spot Instances”?
59
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
60. 60
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Define and implement
mandatory tags for all
cloud resources in the
resource group level – DO
IT NOW
60
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
61. 61
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Cloud cost optimization tools
Build in tools:
62. 62
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Literacy
Explaining cloud business and
technology implications
Standards
Example: tagging
(FINOPS) standards,
security standards.
Identity standards
Architecture
Microservices, Event
Driven, Serverless
Tools
Which cloud, Cloud cost
optimization tools ,
Cloud identity tools,
cloud integration tools
Governance
Cloud related
regulations
Use Cases Identification
and Prioritization
Priorities in cloud migration
Skills
Cloud development,
Infrastructure as code
education
Processes
FINOPS, cloud licensing
management, Cloud asset
management
Cloud
CoE
CoE is an enabler, not doer itself. “One DBA team!”
64. 64
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Traditional deployment
• From dev to test to prod – takes ages..
64
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
65. 65
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
DevOps aims at:
• DevOps enables the benefits of Adaptive development to be felt at
the organizational level. DevOps does this by allowing for fast and
responsive, yet stable, operations that can be kept in sync with the
pace of innovation coming out of the development process.
Source:
http://dev2ops.org/blog/2010/2/22/what-is-DevOps.html
http://en.wikipedia.org/wiki/File:DevOps.png
65
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
66. 66
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Some perspective: DevOps at Amazon
Source: http://www.bogotobogo.com/DevOps/DevOps_Jenkins_Chef_Puppet_Graphite_Logstash.php
66
11.6 seconds : Mean time between
deployments (weekday)
Mean
1,079 : Max # of deployments in a single
hour
Max
10,000 : Mean # of hosts simultaneously
receiving a deployment
Mean
30,000 : Max # of hosts simultaneously
receiving a deployment
Max
66
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
67. 67
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
“Let there be DevOps”
68. 68
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
DevOps Tools
Monitoring/Observability/AIOPS
Collaboration
Configuration Automation
Testing
Issue Trekking/ITSM
Release Management
Security
Continues Integration
Artifacts/ Package Management
69. 69
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Legacy systems
must be part of
Value Stream
mapping &
DevOps
69
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
70. 70
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Measure until code
is in production and
not until value is
created
70
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
71. 71
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Value Stream
Mapping?
•Value stream enables you to
create a detailed visualization of
your workflows.
•This visualization represents
how your products and services
flow from supplier to customer
via your company.
•Value Stream tools should get
their input from ALM tools and
from manual inputs
71
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
72. 72
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
IMPROVING DATABASE PROVISIONING PROCESS TO
MEET BUSINESS DEMANDS
73. 73
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
IMPROVING DATABASE PROVISIONING PROCESS TO
MEET BUSINESS DEMANDS
74. 74
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Value stream mapping:
Source: https://www.scielo.br/j/jistm/a/wRTL87bgXHG6zZd8GGNNvxt/?format=pdf&lang=en
75. 75
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
STKI: start
DevOps with
Value stream
mapping
75
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
76. 76
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Operations team (NOC) vs. ESM (monitoring) team
76
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
77. 77
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
SRE is what happens
when you ask a software
engineer to design an
operations team
•SRE – Site Reliability
Engineering
•Automation (code, tooling) in
operations, self healing
architecture
•MTTR instead of MTBF
•Error Budget
•Developers responsibility for
operations
77
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
78. 78
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Developers
are not
responsible
of operations
78
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
79. 79
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Observability:
the new
Monitoring
79
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
80. 80
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Expected correlation in
golden signals. What is
anomaly?
80
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Normal behavior: Traffic--> Saturation --> Latency --> Error
81. 81
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Literacy
Explain DevOps to business
Standards
Naming conventions for
infrastructure, testing
standards, Monitoring
(Observability)
standards
Architecture
Microservices, Monitoring
(Observability) health
API’s
Tools
DevOps orchestrator,
Integration to Source
Control, Ticketing tools,
DEVSECOPS tools
Governance
Which type of DevOps
and controls (testing)
for each application
type
Use Cases Identification
and Prioritization
Priorities in DevOps efforts and tooling
Skills
Cloud development,
Infrastructure as code
education
Processes
Let Developers part of the
operations responsibility,
Unify the development and
operations processes and
KPI’s
DevOps
CoE
Cooperation between Development and
InfraOps departments is crucial in the
success of DevOps CoE
82. 82
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
STKI Webinar:
Coping with
Complex IT
Environment
27.10.21
CTO’s Architects,
Development, Infra &
Operations
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
83. 83
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Zero Trust CoE
83
84. 84
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Before:
Inside = safe
We are inside
Outside = not safe
84
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
85. 85
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Everything is outside !!
After:
86. 86
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Zero Trust :the organization has no perimeters
“Never trust – Always verify”*
Forrester-The Zero Trust eXtended (ZTX) Ecosystem
86
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
87. 87
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
What should we verify?
• The user’s identity (now)
• The device (now)
• The network (now)
• What is transferred (data, docs,
web) - now
• Role-based access control (process,
port, protocol) – preferably via
proxy – no network access
87
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
88. 88
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Who is the user in many clouds?
89. 89
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Cloud Identity Services principals
90. 90
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Possible
solution for
Zero Trust –
SASE – Secure
Access Service
Edge
90
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
91. 91
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
SASE capabilities
92. 92
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Close
“employees
WIFI” stay with
“guest WIFI”
92
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
93. 93
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Close the
internal
network
longer term
93
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
94. 94
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Literacy
Explaining cloud business and
technology implications
Standards
Example: tagging
(FINOPS) standards,
security standards.
Identity standsrds
Architecture
Microservices, Event
Driven, Serverless
Tools
Which cloud, Cloud cost
optimization tools ,
Cloud identity tools,
cloud integration tools
Governance
Cloud related
regulations
Use Cases Identification
and Prioritization
Priorities in cloud migration
Skills
Cloud development,
Infrastructure as code
education
Processes
FINOPS, cloud licensing
management, Cloud asset
management
Cyber
CoE
CoE is an enabler, not a controller or a doer itself
Zero Trust is such a
big change for Cyber
Security – everybody
should take a big
breath
95. 95
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
The End:
Implement
while
doing fun!!
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph