SECURE DEVOPS IN THE CLOUD AND BEYOND it-sa 2017 Ivan Mioc, Nürnberg 12.10..2017
Table of contents
2NTT DATA Deutschland 2017
Introduction to NTT DATA1. 3
Agile IT delivery in a connected world2. 4
Why DevOps? And why it's not enough.3. 5
Beyond the Cloud: Security at the edge4. 6
Ivan Mioc
Head of Cloud Services & IoT Technologie
Erna-Scheffler-Straße 1
51103 Köln
NTT DATA Deutschland
Dr. Andreas Schlüter
Vice President Innovation & Architecture Advisory
Oliver Köth
CTO
Dennis Stritzke
Technical Co-Lead Altemista
Yannick Pobiega
Technical Lead Altemista
Our vision & values: Clients First – Foresight – Teamwork
NTT DATA Germany has
hired more than 440 employees in 2016.
RELAX!
Although Dan
Brown destroyed
the Vatican Library
only in ILLUMINATI,
we have already
scanned all the
books.
We are part of NTT Group, #1 in data centers,
#3 in IP traffic, and with an AA-/Aa3 credit rating
NTT brand recognition
has increased over the
past year from 44% to
86%.
More than 5.500
employees in Germany
will take care of you!
We spearhead agile
transformation in the
automotive industry
Cloud Services – Services & Offerings
PowerPoint-Styleguide 5
Cloud
Operations
NTT DATA Altemista
Cloud - The Agile IT
Platform
openShift Platform
Kubernetes Platform
Continuous
Integration /
Continuous Delivery
Pipelines and
Assembly Lines
DevOps & cloud-
based Application
Management
Cloud
Advisory
Cloud Strategy,
Roadmap and
Program
Management
Cloud, Agile IT and
DevOps Readiness
Assessment
Application and
Workload Migration
to Cloud
Cloud
Management
Private / Enterprise
Cloud Hosting and
Co-location
Cloud Managed
Security
X-Cloud Brokerage
Cloud
Implementation
PaaS Implementation
based on Altemista,
openShift or
Kubernetes
IaaS Integration with
NTT Com, AWS und
Azure
Software and
Architecture Redesign
Cloud Native
Applications
Agile IT & DevOps
Implementation
Altemista CloudA global fullstack offeringbased on open standards and flexible infrastructure
6
AWS
EC2
NTTC
ECL2
Platform
Run-time Environment
(Container Orchestration)
Platform
Design-time Environment
(Assembly Lines)
Applications & Projects
NTT DATA Approach Platform Design-time Environment
RunTestBuildCollaboration
Jira Confluence GitLab Jenkins
SonarqubeMattermost XWiki
Tutorials
Artifactory
Cucumber JMeter
Test Runner
Java Node.js
Payara Postgres
Jira Reports JEE Template Oracle XE
Infrastructure
OpenStack GlusterFS OpenShift
Services
Single Sign-on LoggingMonitoring BackupScheduler
Inhaltsverzeichnis
7NTT DATA Deutschland 2017
Introduction to NTT DATA1. 3
Agile IT delivery in a connected world2. 4
Why DevOps? And why it's not enough.3. 5
Beyond the Cloud: Security at the edge4. 6
COPYRIGHT © 2016 NTT DATA CORPORATION 8
NTT DATA is the right partner to jointly develop
an Agile IT Delivery Model.
Our building blocks for an Agile IT delivery model:
NEW BUSINESS
MODEL OF IT
4
DIGITAL
ARCHITECTURE1
2ADAPTIVE
SOURCING
3
AGILE
IT DELIVERYADAPTIVE SOURCING
AGILE IT DELIVERY
NEW BUSINESS MODEL OF IT
DIGITAL
ARCHITECTURE
© 2017 NTT DATA Corporation 9
The new business model is aligned with business value & organized in horizontal streams.
NEW BUSINESS MODEL OF IT
• Optimization beyond efficiency
• From cost center to business enabler
• Consideration of business value
• Towards horizontal IT with end-to-end
responsibility
1
The responsibility split in traditional IT leads to
significant productivity losses.
Cost
efficiency
Output
Traditional IT
© 2017 NTT DATA Corporation 10
The new business model is aligned with business value & organized in horizontal streams.
NEW BUSINESS MODEL OF IT
• Optimization beyond efficiency
• From cost center to business enabler
• Consideration of business value
• Towards horizontal IT with end-to-end
responsibility
1
Horizontal IT enables end-to-end responsibility
for specific functional domains.
Cost
efficiency
Business
Value
Horizontal IT
© 2017 NTT DATA Corporation 11
We on-board and control delivery resources in a common and open delivery model
Supporting a supply chain for all levels of providers – like prime contractor,
software vendors, niche players, or start-ups and crowd-sourced experts.
ADAPTIVE SOURCING
• Support for new business model
• Open but controlled platform
• Vendor and technology consolidation
• Integration with digital eco systems like
start-ups and crowd sourcing
• Results-oriented remuneration
2open
control
Connect
digital
ecosystems
Consolidate
suppliers and
technologies
Delivery model based on
open technologies
and platforms
© 2017 NTT DATA Corporation 12
A shift from application-centric to API-centric architecture enables our agile delivery model.
Digital Architecture• Re-alignment for digitalization
• See transformation case study
for details
• Shift from application-centric to
API-centric
• Reduce legacy applications to core
• Provide key functions as services
3
API-centric architectures provide a proven approach for
reducing dependencies and complexity.
© 2017 NTT DATA Corporation 13
Assembly lines and “Everything as Code” unlock unprecedented levels of productivity.
In a world where “every company is a software company”,
assembly lines as such constitute a disruptive force.
AGILE IT DELIVERY
• Leading cloud technologies and
DevOps toolkits
• High degree of automation by
CI / CD / CT
• Assembly lines enable scaled agile
delivery across individual teams
• New productivity levels with
“Everything as Code”
4 Everything as Code
Assembly Lines
Inhaltsverzeichnis
14NTT DATA Deutschland 2017
Introduction to NTT DATA1. 3
Agile IT delivery in a connected world2. 4
Why DevOps? And why it's not enough.3. 5
Beyond the Cloud: Security at the edge4. 6
DevOps is difficult, but it’s not enough…What other Dimensions can work together to have more productivity
NTT DATA Deutschland 2017 19
Biz Dev Test Sec Ops
BizTest TestSec
DevSecOps
BizDevTestSecOps
BizTestSec
The Lost Dimension: DevOps for Security
Build sth and then patch Build sth that is secure
From “patching” to “serial security”
Security concerns everyone in the horizontal IT‘s value chain
NTT DATA Deutschland 2017 21
Biz Dev Test Sec Ops
User stories for
security
Executable
specifications
Trusted libraries with
automated verification
Trusted images with
automated verification
Full automation of tests
Extended tests for resilience
From policy documentation
to policy automation
From handbooks to
„everything as code“
From patching to
re-creating
Penetration Tests of the Cloud Platform: Attacks from external and internal networks, Hardening guidelines
DevOps Approach: Code Scanner, Library Scanner, Container Scanner, Credential Manager
Security Approach: RASP. IAS, SCA, SAST, DAST
Inhaltsverzeichnis
22NTT DATA Deutschland 2017
Introduction to NTT DATA1. 3
Agile IT delivery in a connected world2. 4
Why DevOps? And why it's not enough.3. 5
Beyond the Cloud: Security at the edge4. 6
© 2017 NTT DATA Corporation 24
Summary of technology
shifts
Our goal:
Security in an agile connected world