Software Defined Operations: What Is It and How Does It Work?
Operate a self-serve environment without compromising cloud security and best practices
Does your cloud platform feel like the Wild West? Do you have multiple admins running around wreaking havoc because you can’t keep tabs on them? Did you move to the cloud in order to free up creativity and allow product teams to spin up architecture quickly and easily only to find yourself in a position where you have no idea who built anything? Well, you’re not alone, and, the good news is, help is at hand. Enter the world of software defined operations or SDO. Now for those not indoctrinated into the world of SDO already, it may sound like some business jargon invented to keep people in jobs. In fact, nothing could be further from the truth — properly defined SDO actually reduces the need for head count and gets your business running like a well-oiled machine.
WHAT IS IT?
OK, think of it like this: You have a company policy that says, “All S3 content must be encrypted at rest” or “You must not open port 22 on servers.” You’re the manager and you individually tell every system administrator that they are not to create S3 buckets that aren’t encrypted and that they cannot open port 22 on servers. A month later, you check your S3 buckets and find 30% of them do not have encryption enabled, and most servers have port 22 open to the world. Sound familiar?
The problem here is humans and governance — the two just don’t mix. In homes and in our society, we have the same problem, but we employ technologies to keep humans in line. In buildings for example, certain doors must remain shut in order to stop the spread of fire. Even though there will be multiple signs telling people to shut the door, some will leave it open, which is how the automatic door closer was born. SDO is the automatic door closer of the digital world. With SDO, you can set a policy that says you must encrypt S3 buckets, and when an admin breaks this policy, the S3 bucket is either auto-rectified or deleted. The end result is that admins working on systems or platforms cannot break the rules, even if they want to.
HOW DOES IT WORK?
SDO works by integrating directly with your cloud platform and becoming the gatekeeper of the system. By installing this higher level of privilege, it means that even admins cannot do something that is outside of the SDO policy. Every action taken by someone or something is fed back to the system (via cloud trial or similar). The system then analyzes the action and compares it to the governance framework. The SDO system then decides if the action is in or out of policy and either remediates the action or triggers an alarm for another operator. SDO works by defining what is and what is not acceptable, and it stops your platform from slipping into noncompliance.
Without SDO, the industry has typically seen that around 30% to 40% of DevOps time is wasted making sure other platform admins are adhering to company policy or fixing errors made by “cowboy” operators. With SDO in place, admins, and even employees of other companies, can self-serve on your platform without breaking the rules.
With the new GDPR regulation, every company has an obligation to ensure public data is stored in a compliant way. With SDO, a chief information security officer (CISO) can be sure their company has not fallen foul of regulations. Moreover, SDO provides a time-saving framework that empowers developers and admins to be creative and operate under a self-serve environment without compromising cloud security and best practices. If you're tired of hearing the sound of your own voice repeating the company policies until you're blue in the face, then SDO could well be the solution for you.