James D - Google+

This article highlights that in continuous develop/deploy environments there are systems, such as Jenkins, to integrate with other systems (hosted and local).

Challenge: To provide some level of assurance, an auditor would need to define these connections and specify a level of trust.

Request: Are teams considering sandboxing their DevOp activities to linkable (and able to document/whiteboard ondemand) systems, or are teams simply not leveraging such abstracted systems?

Curious on ideas on this premise, the reality, and any activities.

CloudBees Blog: Jenkins - The Man Behind The Curtain

blog.cloudbees.com

James D

DevOps Audit Defense Toolkit Discussion

Mar 12, 2014

Are you listed as a public company?
Are you being audited under attest standards (i.e., SOC or ISAE 3402)?
Are you doing DevOps (initial, limited, full speed ahead)?

Please comment below... I am working with Gene and the team here to begin solving this problem in our shared communities.

Show all 4 comments

Randy Tangco: We are evaluating how to start the DevOps implementation for our group with the hope of maturing it for the whole organization.

James D: +Randy Tangco If you are planning to implement it ... curious are you working solely within the development group, or reaching out to the business owners / audit / etc on the deployment plan?

Many small teams can spontaneously emerge with specific products (apps) in an organization, and others succeed through more organizational shifts. Appreciate you sharing your thoughts on strategy, as we have many in the community who can share +/- of each...

Randy Tangco: +James D I am working with a colleague in the data center who manages the release management of products that runs in our boxes. There are conversation with audit on this and based on what I have been provided, they get stuck on governance and discussion on this gets extended.

Do you have a reference architecture for the deployment plan that I can read and hopefully use to build our own deployment plan?

James D

DevOps Audit Defense Toolkit Discussion

Mar 12, 2014

""Users who can self-approve eg. developers"; #RunAsFastAsPossible" .. remarks from the twitter-infosec sphere.. Checky but important to know concern exists. I also am seeing serious organizations allowing common end-users to self-escalate their privileges, so there is a culture of proof for #DevOps in the #Audit & #infosec sphere.

Are you seeing the same cultural shift?

Mike Kavis: I am working with some of the largest F100 companies and I have not seen that yet. I see a push for self service provisioning, but not self-service privilege escalations. I think most of the organizations are too early in the devops and culture shift process to even give thought to that yet. Most are just trying to figure out the basics of how to break down silos and create trust.

Gene Kim: We've got "developers must never deploy their own code" captured as a common auditor objection/finding. Any other auditor objections y'all want to put on the list? Thanks!

Post has attachment

James D

Public

Mar 4, 2014

Test-ey

Add a comment...

Post has attachment

Public

Add a comment...

Glass Explorers Questions/Speculation

Nov 16, 2013

Broken .. err, well just not turning on anymore.. Yesterday Glass worked, and today the light comes on for charging, but non-responsive. Anyone had issue? Fixes? No visible damage and was simply sitting on desk.. so bummed #broken #fixes

Show all 4 comments

Michael Barker: I had a similar issue this morning. A message about non responsive system or something like that. I power cycled and it came back fine. There was a slight moment of panic though!

Francisco Medina: It's almost normal, but the hard reset solves almost all the issues. If you turn off your device it will not charge giving you issues like you can not turn glass on until you let your glass charging for somo hours. Remember that glass is a prototype and we are in charge to tell everything you notice to the glass team in order to get a better glass system in the near future...

James D: I am bummed... Tried all of those fixes... Held power button down with and w/o power cord plugged in.. I'll have to post this on the Explorer site and see if there are other options.. Felt weird not having it this weekend.

James D

Glass Explorers Discussion

Oct 29, 2013

Anyone had success in giving away their Glass Invites to help a charity fundraise? Many approaches .. i.e., Donate to X charity; share receipt; and it's yours... thoughts? These are all legit charities, just trying to make a better world here.. thx!

Show all 6 comments

James D: I'd be interested .. my thought was simply ' whoever donates the most to X charity by Y hour' receives the invite.. Worst case they get a deduction; best charity gets better funding, and of course .. we get someone willing to donate to a charity and join the community.

Ali Alali: +James D so what you're saying if I'm volunteering for a non-profit organization with a lot of hours, I could win the invitation? Becasue I have about 113 hours of volunteering.

Google Glass: +James D Thanks for asking. Referral codes can't be sold, but otherwise, it's up to you how you choose to use your invitations. We counting on you to help us grow our diverse community of Explorers.

By the way, thanks for looping us in, +Josh Wilson. :)

Wait while more posts are being loaded

Press question mark to see available shortcut keys