cloud-native

How did the modern cloud evolve from the earliest days of AWS to today’s AI boom? What roles did open source, mobile apps, microservices and the sharing economy play?

SHOW: 776

CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw

CHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"

SHOW SPONSORS:

• Reduce the complexities of protecting your workloads and applications in a multi-cloud environment. Panoptica provides comprehensive cloud workload protection integrated with API security to protect the entire application lifecycle.  Learn more about Panoptica at panoptica.app
• Datadog Application Monitoring: Modern Application Performance Monitoring
• Get started monitoring service dependencies to eliminate latency and errors and enhance your users app experience with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.
• CloudZero – Cloud Cost Visibility and Savings
• ​​CloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spend

SHOW NOTES:

• All the show notes from this week's show.
• 2001 - a dotCom Bubble Odyssey (Part 1 of 3) 
• Building the Foundations of Modern Cloud (Part 2 of 3)

FEEDBACK?

• Email: show at the cloudcast dot net
• Twitter: @thecloudcastnet

Habt ihr nicht so viel Zeit? Damit ihr direkt zu der Frage springen könnt, die euch am meisten interessiert:

1:19 - Was ist eine Cloud-native Applikation und wieso ist es relevant für mich? 

3:20 - Was für Voraussetzungen müssen gegeben sein, um eine Cloud-native Applikation zu bauen? 

6:31 - Wie lange dauert es, eine Applikation zu bauen? Womit muss ich rechnen? Tage, Woche oder Monate? 

8:32 - Wie einfach ist es, ein Extra-Feature nachträglich hinzuzufügen? Wie flexibel bin ich? Und bin ich von Hyperscalern abhängig? 

13:41 - Was sind Stolpersteine und Lessons Learned?

VISIT US: 

Mehr Info zu unserem Podcast und was wir machen, findest du auf unserer Website: www.ipt.ch/podcast 

Unseren Blog mit aktuellen Beiträgen: https://ipt.ch/de/impuls/ 

LinkedIn: https://www.linkedin.com/company/ipt-innovation-process-technology

 Instagram: https://www.instagram.com/innovationprocesstechnology/

Addison Huddy (@addisonhuddy, Sr Dir of PM @Confluentinc) talks about the evolution of cloud-based Kafka platforms, and how this might reshape how all OSS software moves into the cloud.

SHOW: 737

CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw

NEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"

SHOW SPONSORS:

• Equinix Global Data Centers and Networking 
• Learn more and signup at https://deploy.equinix.com/. Use the coupon code CLOUDCAST to get $500 in credits to get started.
• Datadog Security Solution: Modern Monitoring and Security
• Start investigating security threats before it affects your customers with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.
• GCore - Global Hosting, CDN, Edge and Cloud Services
• Use promocode “CLOUDCAST” to receive a €100 credit on Gcore services

SHOW NOTES:

• Cloud-native Service for Apache Kafka (Confluent) 
• Apache Kafka - Open Source Event Streaming Platform
• Kora: The Cloud-Native Engine for Apache Kafka
• Kora Engine - 10x Better than Apache Kafka

Topic 1 - Welcome to the show. Tell us a little bit about your background, and what you focus on at Confluent.

Topic 2 - Let’s start with Confluent Cloud. What happens when you take an open source project and make it a cloud service?

Topic 3 - After many years of learning, Confluent decided to build Kora. Walk us through that design process and the goals of this new 10x Kafka-compatible service. 

Topic 4 - As I’m looking through the capabilities of Kora (see below), can you give us a sense of how these compare to the previous Confluent Cloud?

Topic 5 - Kora remains compatible with existing Kafka. How did you go about essentially maintaining the API/protocol while essentially re-writing the entire backend of the system?

Topic 6 - Obviously you can’t speak for other open source projects, but given what Confluent has learned with Kora, do expect to see other companies potentially trying to build cloud-specific versions? (e.g. Kubernetes)

Topic 7 - What sort of feedback do you get from users of the Kora system vs. the previous Confluent Cloud?

FEEDBACK?

• Email: show at the cloudcast dot net
• Twitter: @thecloudcastnet

This interview was recorded for GOTO Unscripted at GOTO Copenhagen.
gotopia.tech

Read the full transcription of this interview here

Christian Clausen - Author of "Five Lines of Code", Founder of mist-cloud & Technical Agile Coach
Julian Wood - Developer Advocate at AWS

DESCRIPTION
Revamp your code with refactoring! In an insightful interview with Julian Wood, Christian Clausen, author of Five Lines of Code, shares practical tips for improving your code without relying on “code smells”. Simplifying your code is the key to running your business smoothly. Clausen highlights what matters most in terms of simplifying your code and how it can aid in choosing the right architectural paradigm. Streamline your code today and focus on what really matters!

RECOMMENDED BOOKS
Christian Clausen • Five Lines of Code
Martin Fowler • Refactoring
Maude Lemaire • Refactoring at Scale
Uncle Bob • Clean Code
Adam Tornhill • Software Design X-Rays
Adam Tornhill • Your Code as a Crime Scene

Twitter
Instagram
LinkedIn
Facebook

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket: gotopia.tech

SUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted daily!

Mike Walters, Chief Product Officer, Form3

In a series of interviews carried out for Sibos 2022, we focus on what’s hot in banking, banking technology, and fintech. In this interview focusing on cloud-native technology Robin Amlôt of IBS Intelligence speaks to Mike Walters, Chief Product Officer of cloud payments fintech Form3 about multi-cloud solutions and how to prevent fraud in real-time payments 

Nick Durkin, Field CTO & VP of Engineering at Harness talk about how the journey to success for cloud-native often runs through CI/CD fundamentals.

SHOW: 663

CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw

CHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"

SHOW SPONSORS:

• FujiFilm. Your archival and backup data strategy, built on tape. Fujifilm tape is helping businesses get a handle on their vast amounts of data in the most secure, scalable and efficient way. Find out more at builtontape.fujifilmusa.com
• Granulate, an Intel company - Autonomous, continuous, workload optimization
• gMaestro from Granulate - Kubernetes cost optimization, made easy
• CDN77 - Content Delivery Network Optimized for Video
• 85% of users stop watching a video because of stalling and rebuffering. Rely on CDN77 to deliver a seamless online experience to your audience. Ask for a free trial with no duration or traffic limits.

SHOW NOTES:

• Harness.io
• Nick on The Cube, KubeCon 2021
• 8 Deployment Patterns to transform CI/CD
• {unscripted} 2022 conference

Topic 1 - Nick, let’s start with a quick introduction.

Topic 2 - Let’s dig into CI/CD pipelines a bit. Some like to treat CI different from CD, others say they must be combined. When you talk to customers about deployment strategies and patterns, how do you approach this? Where does GitOps fit into the conversation?

Topic 3 - We hear success stories all the time about top performing organizations that do hundreds to thousands of deployments to production a day. Is this a realistic expectation for the average organization? If they want to improve, where do they start? 

Topic 4 - For organizations that are just beginning the journey, how do you convince internal teams to embrace automation and build confidence over time?

Topic 4.5 -  Once confidence is built internally, my next thought goes to governance, compliance, & cost? All items that keep developers from going fast. Doesn’t “shifting left” come at a price and builds tension?

Topic 5 - Where does security fit into all of this as automation increases? What other design considerations should be taken into consideration creating pipelines? What are the common mistakes you see?

Topic 6 - How does AI and ML fit into the present and future for CI/CD?

FEEDBACK?

• Email: show at the cloudcast dot net
• Twitter: @thecloudcastnet

Raju Daryani, EVP, Head of Intellect Digital Core, iGCB , Intellect Design Arena 

Increasing customer expectations and competition from FinTechs have focused minds in the banking community – if your bank hasn’t already updated its core systems or doesn’t have plans to do so, then you could be in trouble! Banks need to get on an innovation trajectory that is laser-focused on customer experience. Sounds challenging perhaps but there are ways in which banks can upgrade while minimising both the potential disruption and the time required to modernise their systems. Robin Amlôt discusses how with Raju Daryani, EVP, Head of Intellect Digital Core, iGCB for Intellect Design Arena.

A common question we often hear is, “How to improve our adoption rate of new technology?” 

SHOW: 524

SHOW SPONSORS:

• Choreo: A simultaneous low-code and code platform for productive development
• Try WSO2 Choreo now - it's free!
• Okta - Safe Identity for customers and workforce
• Try Okta for FREE (Trial in 10 minutes)
• Datadog Security Monitoring Homepage: Modern Monitoring and Analytics
• Get started monitoring your serverless environment with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.

SHOW NOTES:

• DevRel and the Increasing Popularity of Developer Advocate
• 10 Secrets to Success in Technical Marketing
• What it means to be a Strategist in the 2020s

WHY DO WE HAVE ALL THESE IN-THE-MIDDLE JOBS?

DevRel, Advocates, Evangelists, Strategists. We’ve all heard about these job titles, but what do people in those roles actually do? And are they necessary?  

WHAT DO DEVREL, ADVOCATES, EVANGELISTS, TECHNICAL MARKETERS, STRATEGISTS DO, AND DO WE ACTUALLY NEED THEM?

1. Every project, every market, every new technology has both short-term and long-term goals. Companies need to find a way to balance both goals.
2. Successful teams, in every industry, have excellent in-between people. 
3. In-between roles are a great way to learn the business, and build varied career paths. They usually aren’t career paths on their own. Many people don’t understand this. 
4. DevRel / Advocate / Evangelist
5. Technical Marketing
6. Strategy

FEEDBACK?

• Email: show at thecloudcast dot net
• Twitter: @thecloudcastnet

In this episode of Semaphore Uncut, I chat with Emile Vauge, founder and CEO of Traefik Labs. We talk about the origins of Traefik and the Traefik Labs products that have stemmed from it. We also discuss getting started in the complex Kubernetes world and look into the future of cloud-native.

Key takeaways:

• Automated microservice container networking with Traefik
• Like Istio, but simplified: Traefik Mesh
• Traefik Pilot is a unified dashboard for your infrastructure
• Traefik Enterprise brings everything together for companies
• Keep things simple when starting your Kubernetes journey
• Simplicity will win in the cloud-native ecosystem

About Semaphore Uncut
In each episode of Semaphore Uncut, we invite software industry professionals to discuss the impact they are making and what excites them about the emerging technologies.

Are you using Slack to do cool things (other than chatting about Netflix episodes at the virtual water cooler)? In today’s episode, Martez Reed and Demetrius Malbrough discuss how Hydra integrates with Slack to create and scale virtual environments. If you are interested in how your environment can be automatically created and spun up behind the scenes, this episode is for you!

This week on How I Launched This: A SaaS story, Carter (@carterthecomic) and Stephanie (@stephr_wong) are talking all about their journey in creating a cloud-native medical imaging management platform and clinical applications, and how Change Healthcare is improving the space for both providers and patients.

Ian Crosby (@IanDCrosby, Managing Director @ContainerSoluti) talks about how Cloud-native applications are as much about new technology patterns as they are about new organization patterns, collaboration patterns and risk-management patterns. 

SHOW: 445

SHOW SPONSOR LINKS:

• Datadog Homepage - Modern Monitoring and Analytics
• Try Datadog yourself by starting a free, 14-day trial today. Listeners of this podcast will also receive a free Datadog T-shirt
• DivvyCloud - Achieve continuous security & compliance. Request a free trial today!
• DivvyCloud’s 2020 Cloud Misconfigurations Report - Cloud misconfigurations cost enterprises $5 trillion in 2018 and 2019.
• MongoDB Homepage - The most popular database for modern applications
• MongoDB Atlas - MongoDB-as-a-Service on AWS, Azure and GCP

CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw

SHOW NOTES:

• Container Solutions (homepage)
• Ian’s Blog (Container Solutions)
• Cloud Native Transformation Patterns (Strategy, Culture, Tech, Orgs, etc.)
• Cloud Native Transformation (O’Reilly)

Topic 1 - Welcome to the show. Tell us a little bit about your background, as you’ve been around software development and this move to cloud-native for a little while now. 

Topic 2 - Lets begin by talking about patterns. What are some common application patterns, and how do they begin to change when we’re talking about cloud-native patterns?

Topic 3 - What are some of the more commonly used cloud-native patterns? Are they more focused on the underlying technology (e.g. containers, Kubernetes, etc.) or more focused on the actual application (e.g. 12-factor, etc)?

Topic 4 - Have you found that some patterns are easier for groups (or companies) to adopt than others? 

Topic 4a - “Why are patterns useful in Cloud Native?” or “How do you get started using patterns?” are two topics/questions which may be interesting.

Topic 5 - Have you found that some patterns are easier or more difficult to maintain over time?

Topic 6 - What are some common tips that you share with communities or your clients to help them find early success to build confidence?

FEEDBACK?

• Email: show at thecloudcast dot net
• Twitter: @thecloudcastnet

Happy holidays! This month, Jeff and Nick sit down with Dave Judd, ObjectSharp's App Dev Practice Lead, and Shane Castle, ObjectSharp's Cloud Practice Lead. They discuss the year that was in cloud-first application development in 2019 ,and look ahead to 2020 for predictions on where cloud-first software development will be going and what it means for businesses looking to grow and scale with software in the New Year.

Minutes

• 0:30 - Introduction to the show - looking at the year that was and the year ahead in tech and cloud-first software development
• 01:54 - Dave Judd introduces himself 
• 02:09 - Shane Castle introduces himself
• 03:10 - Nick provides a quick description of ObjectSharp and the podcast
• 04:10 - Nick and Jeff kick things off, talking about Microsoft Cosmos DB and asking Dave and Shane what their views are on Cosmos DB and how they have changed over the course of the year
• 05:18 - Dave Judd talks about how 4-5 of the projects he worked on this year used Cosmos DB, which killed a lot of ORM code and helped his teams move faster. Dave notes that a lot of enterprise customers are familiar and used to SQL, but increasingly teams are starting to use a hybrid model - using Cosmos DB to do fast, real-time data replication in multiple regions but then using Azure Data Factory to move data into SQL for BI and reporting. Using the tech is great, and the new SDK is also awesome.
• 07:20 - Dave Judd talks about pricing with Cosmos DB. Recent changes have made the technology much more affordable with shared pricing and scale. He notes that one of ObjectSharp’s clients that use Cosmos DB heavily have only a bill of $40 / month. Implemented correctly, it can be very cost-competitive. Dave Judd discusses a couple of strategies companies can use to reduce their Cosmos DB costs.
• 10:10 - Shane Castle talks about cloud security and comments on Cosmos DB: when people understand they can go to an active-active architecture, they also understand they can remove costs associated with older disaster recovery (DR) strategies and remove downtime. Shane thinks Cosmos DB will become even more popular in 2020.
• 11:10 - Shane Castle dives deeper on the issue of cybersecurity in the cloud, a big theme from 2019. He talks about the importance of encryption and access control, as well as the ongoing monitoring of those. Shane talks about Azure Security Center.
• 11:55 - Dave talks about how security and privacy by design - privacy-first development - is now becoming standard practice not only for software developers like ObjectSharp but also its clients. Customers are increasingly demanding architectures that are well designed in terms of privacy and security from the outset, not simply as an afterthought.
• 12:30 - Dave talks about a unique project ObjectSharp took on this year which involved encryption of data on-prem before the data was stored in the cloud and then re-encrypted, with a unique key management solution.
• 13:30 - Jeff asks Dave and Shane to talk about containerization with Docker and Kubernetes - what’s the story for 2019?
• 14:00 - Shane talks about the rise of Kubernetes (k8s) and the decline of Docker the company but the rise of Docker the format
• 14:40 - Shane and Nick talk about the work of ObjectSharp Consultant Gui Martins, whose work for Finastra led to ObjectSharp winning a Microsoft Impact Award for Application Innovation in FinTech
• 17:40 - Jeff notes that a number of companies are choosing not to lift and shift but rather to move quickly to PaaS services and asks Dave and Shane to comment
• 18:20 - Shane notes that once the guardrails of security are in place, kubernetes gives you a much greater advantage - there’s no waste, no idle infrastructure. Simply lifting and shifting doesn’t make your app a “cloud” app. You can leave what you have, and build your new stuff in the cloud, and gain the cost advantages of cloud services that are based on a consumption model. If your new feature is not popular, you won’t pay for it. 
• 21:00 - Dave talks about a PoC ObjectSharp did for a government agency that first involved a lift and shift. It didn’t fundamentally alter the nature - and slow performance - of the application. But when the team started taking advantage of cloud-native technologies and tooling - and scaling out horizontally - they could measure the cost in nickels vs. hundreds of thousands of dollars in capital expenditures. Part of this was due to the fact that the cloud-based solution also reduced compute time from several hours to mere minutes. So not only was it totally faster than the existing application, it ended up being insanely cheaper too.
• 23:50 - Shane talks about Microsoft API Management - a very popular topic and technology in 2019 - digitizing the business, leveraging the data that businesses have for stakeholders internally and externally 
• 25:40 - Dave talks about the importance of security and throttling control, and how Azure API Management helps make that a much simpler process
• 26:40 - Nick derails the entire episode into a diversion about KFC’s recipe as a GET endpoint
• 28:05 - The team moves from looking at 2019 to trends in 2020 - big themes and predictions
• 28:55 - Shane talks about Azure Arc: a single tool / cloud management system from which you can deploy resources to multiple environments / cloud providers (AWS, Google, IBM, and even on-prem) - you can use ARM templates to provision to all of those environments. Amazon SSO now integrates with Azure AD, so you can domain join resources into Azure. 
• 30:30 - Nick asks what kinds of businesses should be thinking about Azure Arc.
• 32:30 - Jeff talks about the issues customers still have with managing multiple clouds
• 33:50 - Shane talks about Blazor and .NET 5.
• 34:24 - Dave talks about the evolution of .NET Core to .NET 5.
• 36:00 - Dave talks about Blazor and explains what it is: effectively .NET running in the browser, compiled and running in Web Assembly (WASM). This means C# developers can ship their code to the browser and run it there. And Blazor has brought back a better component model to .NET that has been missing for a long time. 
•  37:40 - Dave notes that they will not be porting Web Forms to .NET Core: teams will have to replace their Web Forms applications with Blazor applications. Dave thinks this will be big in 2020.
• 38:00 - Jeff asks the team to comment on the business value of Blazor. When is it an advantage from a business perspective?
• 38:20 - Dave answers Jeff’s question with a real world example of some advanced work that ObjectSharp is doing now for one of its clients that needs complex calculations done extremely fast and in an environment where network speeds are slow and unstable. Writing the advanced computation and algorithms in Blazor and shipping that to the browser avoids the front-end React application having to make round trip network calls to the server, making the application lightning fast. Further, by moving compute to the browser, it saves cloud compute costs as well.
• 40:00 - Shane talks about Angular and React, but now with Web Assembly, C# developers can do more work in the browser. Shane thinks this will change the stacks that teams are using and have a big impact on JavaScript.
• 43:00 - Dave talks about the importance / relevance of Blazor for teams that haven’t even moved to JavaScript are still on web forms
• 44:00 - Nick talks about Figma and their use of WASM and their own Web GL based rendering engine to create highly performant experiences for UX designers in the browser
• 45:50 - Dave and Shane suggest that in 2020 we’ll start seeing new UI frameworks emerge that transcend the DOM
• 47:00 - Outro

Links

• IMPACT: ObjectSharp Wins 2019 Microsoft IMPACT Award for Application Innovation in FinTech
• The first ObjectSharp podcast on Cosmos DB
• ObjectSharp's Podcast with Gui Martins on Docker and Kubernetes
• DevSecOps and Security-Driven Development with Azure Security Center
• Everything you wanted to know about Azure API Management in 20 minutes
• Azure Arc
• Blazor: Build Client Web Apps with C#

This month we’re talking with Shane Castle, ObjectSharp's Cloud Practice Lead, all about Azure API Management, a scalable, multi-cloud API management platform for securing, publishing, and analyzing APIs. Listen and learn how companies are transforming their businesses by leveraging API Management to publish APIs to external, partner, and employee developers securely and at scale.

Minutes

• 1:10 - Intro to the show - this episode on Azure API Management
• 1:55 - Shane introduces himself to listeners
• 2:50 - Nick provides a background on ObjectSharp and 
• 4:00 - Jeff and Shane talk about what API Management is and why people should care
• 4:21 - API Management is all about exposing core business functions as a set of APIs to allow for automation of processes, either externally or internally within your business / organization
• 5:00 - Shane compares API Management with previous point-to-point integrations that historically were more brittle than what’s possible with API Management today
• 5:46 - Jeff asks Shane about how API Management is used to manage service levels
• 6:25 - Shane talks about ObjectSharp’s experience in FinTech - the kinds of APIs that financial services companies want to build - and how they can be managed, monitored and versioned with Azure API Management
• 7:40 - Jeff and Shane talk about whether this is just for new development or also for exposing APIs for legacy systems, with examples 
• 9:40 - Nick asks Shane to delve deeper into the functionality that is made available via API Management, starting with monitoring 
• 9:55 - Shane talks about Azure Monitor, Application Insights, etc. and the monitoring story that is available with API Management - including the ability to throttle API “products” with performance levels - if there’s an error, you can quickly diagnose it
• 11:25 - Nick and Shane talk about how companies might use API Management to “productize” certain aspects of their business, and control the performance via throttling, etc.
• 12:39 - Shane make analogy to brick and mortar economy - need to make sure the API is up and giving a good user experience - provides examples of online booking, exposing list of services to partner companies, etc. - makes it an exciting time to accelerate business with API Management
• 14:00 - Nick and Shane talk about the developer story in addition to the business story of API Management - API Management exposes Open API / Swagger 2 definition - exposes pages with complete documentation on how to use and consume your API, and also provides a mock API framework for developers for testing, etc.
• 17:00 - Nick asks Shane to talk about the kind of work he’s doing these days in the real world with companies in this space with API Management 
• 17:25 - Shane talks about how he works with clients first on the overall business strategy of API development: who’s the audience, who are the consumers; on security and governance, because it’s critically important that be done right from the outset; and then the actual dev work in terms of application development and devops
• 19:25 - Shane talks about common patterns: (1) synchronous APIs - for transactions that have to happen immediately; (2) asynchronous transactions; and (3) batch API processes, where we’re moving large amounts of data through these APIs. ObjectSharp helps map business to these patterns and then implementing technically the APIs themselves.
• 20:43 - Reality check - Jeff talks to Shane about hurdles that might occur in practice when getting started with API Management. Shane talks about both business and technical challenges, including change management required to be ready for a potential large transaction level made possible with APIs, and technically being able to monitor and respond to APIs once they are live.
• 22:50 - Shane talks about the cloud adoption strategy which goes hand in hand with an API strategy - you need to think cohesively about these so that there’s no infrastructure waste or idle infrastructure - API management is an important part of your digital transformation strategy that shouldn’t be thought of in isolation

In this episode, we chat with Shane Castle, ObjectSharp's Cloud Practice Lead, and Ahmad Harb, Senior Cloud Consultant with ObjectSharp, about the changing role of security with cloud-native and serverless architectures. Shane and Ahmad help us unpack the "buzzword" of DevSecOps, think about the role of security in modern software development, introduce us to tooling in Azure Security Center, and give us practical advice and guidance on how to get started with security driven development right now.

Minutes

• 00:30 - Introduction to today’s show on Azure DevOps with guests Dave Lloyd and Martin Woodward
• 3:15- Shane Castle, ObjectSharp Cloud Practice Lead - and Ahmad Harb, Senior Cloud Consultant - introduce themselves.
• 4:40 - Jeff asks Ahmad to discuss what “DevSecOps” is and why it's such a popular buzzword these days
• 5:00 - Ahmad Harb talks about how DevSecOps up-fronts security to the considerations around building applications so it’s less of an afterthought in the software development lifecycle
• 6:16 - Jeff asks Ahmad why the notion of “DevSecOps” is such a strong focus today vs 5 years ago
• 6:40- Ahmad talks about the importance of privacy post-GDPR, and the importance of security for privacy - can’t have privacy without security. Data breaches are increasingly an issue. You have to bake security into your process at the start.
• 7:45 - Nick asks Shane to talk about what DevSecOps means in terms of the when and how security gets done, within the narrative of increasing devops and declining traditional infrastructure IT.
• 8:30 - Shane talks about how the cloud re-wrote traditional means of software architecture. Cloud architecture is radically different - for example, with service mesh. Dev teams and ops teams are collaborating more, but security was traditionally an afterthought. The requirements of cloud software architecture today require security being part of the conversation much earlier in the conversation.
• 11:11 - Shane talks about software development as a continuous loop, not something that has a beginning and end. And DevSecOps as the next evolution of “continuous security”.
• 11:40 - Nick asks Ahmad and Shane to talk about the practical real world experience and what benefits teams are having with a more DevSecOps approach to application architecture, development and deployment.
• 12:20 - Ahmad talks about how the cloud gives companies a great advantage in terms of improving velocity, but also enabling tools like password managers, key vault, etc. The tools that are being enabled by cloud providers is making it possible to build devsecops into your process.
• 13:40 - Shane talks about the importance of encryption and also new tools for governance of applications and management of policies, a more proactive approach to security.
• 14:30 - Jeff asks Shane and Ahmad to talk more about the tools they are using, and Azure Security Center specifically.
• 16:00 - Shane talks about Azure Security Center. He talks also about Azure Policies and Azure Compliance Manager.
• 18:00 - Ahmad talks about Azure Security Center, with some real world examples of how he’s using it to improve application security with clients.
• 20:50 - Jeff asks Ahmad about “the score” in Azure Security Center.
• 21:30 - Jeff and Shane talk about how new these tools are, and how fast new tooling is emerging. Shane advises companies to know their score as a starting point, so they can get a baseline, and then work on remediation items from there. Shane talks about the daily scanning done by Microsoft’s teams for Azure, and tools for ongoing security monitoring across clouds, not just Azure.
• 24:00 - Nick talks about the difference between cloud security vs application security, and how the score / Azure Security Center allows for cross-team collaboration on managing risk.
• 25:00 - Shane talks about continuously running PCI, SOC 1, SOC II controls and reports - how those tools make audit and collaboration around security much easier.
• 27:00 - Nick asks Shane and Ahmad to talk about what companies should do as first steps to get started with a more devsecops approach to building and deploying software with Azure Security Center.
• 31:30 - Shane talks about the importance of dev teams inviting someone from security to be present during architectural discussions, facilitating security driven development.

Show: 59

Overview: Brian Gracely is back as the host of PodCTL for 2019, with some news about changes and improvements to the show.

Show Notes: 

• OpenShift 4 Preview
• PodCTL.com - New PodCTL Website

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://PodCTL.com