《Standardization and Security - A Perfect Match - CNSCON.pdf》由会员分享,可在线阅读,更多相关《Standardization and Security - A Perfect Match - CNSCON.pdf(25页珍藏版)》请在三个皮匠报告上搜索。
1、STANDARDIZATION&SECURITY:A PERFECT MATCHFEBRUARY 1,2023RAVI DEVINENISenior Director,Engineering,Northwestern MutualvscarpenterVINNY CARPENTERVice President,Engineering,Northwestern MutualravicdevineniFor 165 years,Northwestern Mutual has been helping families and businesses achieve financial securit
2、y.Revenue$34 billion#97 on FORTUNE 1009,900+Financial Professionals7,600+EmployeesHeadquartered in Milwaukee,WisconsinDowntown NYC Corporate OfficeFigures as of February 2022,unless otherwise notedOur Strength,In Numbers3Figures as of Dec.31,2021,unless otherwise noted4AGENDAParadox of choiceOur exp
3、erience with too many optionsHow standardization helpsOutcomesLessons learnedTechnology and cultural implicationsParadox of choice5TOO MUCH CHOICETOO MUCH CHOICENumber of Cable TV Stations in the US:1761Source:ReelgoodWHY IS TOO MUCH CHOICE PROBLEMATIC?Overabundance of options can lead to Anxiety In
4、decision Analysis paralysis Dissatisfaction Finite amount of mental energy More decisions we must make creates Decision FatigueOur experience9TOO MANY TOOLS-LANDSCAPETOOL SPRAWL-EFFECTSHigh cost of maintenanceIslands ofautomationIncreasedcomplexitySecurity is a challengeLostproductivityWideningskill
5、 gapStandardization12GOLDEN PATHSDrive intentional standardization and simplificationPurposeful evolution of technologyGolden Path:A unified and standard approach to creating applications and infrastructurevs.STANDARDIZED PLATFORMSTANDARDIZED PIPELINEOne Pipeline To Rule It AllStandardized build/sca
6、nning/deployment stagesDevelopment Standards Enforced(Code Reviews,Artifact Sign,Security etc.)CHECKS AND BALANCESEnforcements are key to success.What can we enforce?Programming LanguagesPretty much anything the organization wants(Costs/Resource Limits etc.)Security Scanning in the pipeline(Static C
7、ode,Container,Dependencies etc.)Code Review Standards and Trunk Based DevelopmentMandatory Code Quality ScanningChange Ticket for every Production changeImplications17CHOOSING THE RIGHT SET OF TOOLSPick tools with the end in mindLayout pros and cons for all vetted toolsPick tools that have better in
8、tegrations into the ecosystemScalabilityis keyNon-Functional RequirementsWho will maintain the tool?PerformanceCost and Licensing modelSimple things should be simple,complex things should be possible-Alan KayTOOL CONSOLIDATIONLong road to migration1Business continuity needs to be maintainedData migr
9、ation is a challengeEmployee training on tools234IS STANDARDIZATON DETRIMENTAL TO INNOVATION?All technology decisions require trade-offsInnovation could be masking not invented here syndrome.Standardization provides a foundation on which innovation can buildTechnology evolves continuously critical t
10、o align innovation to business objectives.Align the incentive model reward business outcomes vs.cool tech selectionOutcomes21OUTCOMES WE EXPERIENCEDCentralized governance is possible;hence,improved securityImproved lead time to changeStandardization leads to consistency in environmentImproved develo
11、per collaborationReusable automation&simplified onboardingLower cost of licensing;economy of scaleLessons learned2324LESSONS LEARNEDSingle source control is an absolute MUSTCentral DevOps team with a GLOBAL VIEW of things is essentialOne“PRETTY GOOD”tool is better than multiple amazing toolsConsistency in the environment is FARmore powerful than devs leveraging custom solutionsIts not all boring;it can be made FUNT H A N KY O U