Skip to content

Posts tagged ‘DevOps’

Why Security Needs To Be Integral To DevOps

Why Security Needs To Be Integral To DevOps

Bottom Line: DevOps and security teams need to leave one-time gating inspections in the past and pursue a more collaborative real-time framework to achieve their shared compliance, security and time-to-market goals.

Shorter product lifecycles the need to out-innovate competitors and exceed customer expectations with each new release are a few of the many reasons why DevOps is so popular today. Traditional approaches to DevOps teams collaborating with security aren’t working today and product releases are falling behind or being rushed to-market leading to security gaps as a result.

Based on conversations with DevOps team leaders and my own experience being on a DevOps team the following are factors driving the urgency to integrate security into DevOps workflows:

  • Engineering, DevOps and security teams each have their lexicon and way of communicating reinforced by siloed systems.
  • Time-to-market and launch delays are common when engineering, DevOps and security don’t have a unified system to use that includes automation tools to help scale tasks and updates.
  • Developers are doing Application Security Testing (AST) with tools that aren’t integrated into their daily development environments, making the process time-consuming and challenging to get done.
  • Limiting security to the testing and deployment phases of the Software Development Lifecycle (SDLC) is a bottleneck that jeopardizes the critical path, launch date and compliance of any new project.
  • 70% of DevOps team members have not been trained on how to secure software adequately according to a DevSecOps Global Skills survey.

Adding to the urgency is the volume of builds DevOps teams produce in software companies and enterprises daily and the need for having security integrated into DevOps becomes clear. Consider the fact that Facebook on Android alone does 50,000 to 60,000 builds a day according to research cited from Checkmarx who is taking on the challenge of integrating DevOps and security into a unified workflow. Their Software Security Platform unifies DevOps with security and provides static and interactive application security testing, newly launched software composition analysis and developer AppSec awareness and training programs to reduce and remediate risk from software vulnerabilities.

Synchronizing Security Into DevOps Delivers Much Needed Speed & Scale

DevOps teams thrive in organizations built for speed, continuous integration, delivery and improvement. Contrast the high-speed always-on nature of DevOps teams with the one-time gating inspections security teams use to verify regulatory, industry and internal security and compliance standards and it’s clear security’s role in DevOps needs to change. Integrating security into DevOps is proving to be very effective at breaking through the roadblocks that stand in the way of getting projects done on time and launched into the market.  Getting the security and DevOps team onto the same development platform is needed to close the gaps between the two teams and accelerate development. Of the many approaches available for accomplishing this Checkmarx’s approach to integrating Application Security Testing into DevOps shown below is among the most comprehensive:

Why Security Needs To Be Integral To DevOps

Making DevOps A Core Strength Of An Organization

By 2025 nearly two-thirds of enterprises will be prolific software producers with code deployed daily to meet constant demand and over 90% of new apps will be cloud-native, enabling agility and responsiveness according to IDC FutureScape: Worldwide IT Industry 2020 Predictions. IDC also predicts there will be 1.6 times more developers than now, all working in collaborative systems to enable innovation. The bottom line is that every company will be a technology company in the next five years according to IDC’s predictions.

To capitalize on the pace of change happening today driven by DevOps, organizations need frameworks that deliver the following:

  • Greater agility and market responsiveness – Organizations need to create operating models that integrate business, operations and technology into stand-alone businesses-within-the-business domains.
  • Customer Centricity at the core of business models – The best organizations leverage a connected economy to ensure that they can meet and exceed customer expectations.  By creating an ecosystem that caters to every touchpoint of the customer journey using technology, these organizations seem to anticipate their customer needs and deliver the goods and services needed at the right time via the customer’s preferred channel.  As a result, successful organizations see growth from their existing customer base while they acquire new ones.
  • Have a DNA the delivers a wealth of actionable Insights – Organizations well-positioned to turn data into insights that drive actions to serve and anticipate customer needs are ahead of competitors today regarding time-to-market.  These organizations know how to pull all the relevant information, capabilities and people together so they can act quickly and efficiently in making the right decisions. They are the companies that will know the outcome of their actions before they take them and they will be able to anticipate their success.

BMC’s Autonomous Digital Enterprise framework, shown below highlights how companies that have an innovation mindset and the three common traits of agility, customer centricity and actionable insights at their foundation have greater consistency and technology maturity in their business model characteristics compared to competitors. They also can flex and support fundamental operating model characteristics and key technology-enabled tenets. These tenets include delivering a transcendent customer experience, automating customer transactions and providing automation everywhere seeing enterprise DevOps as a natural evolution of DevOps, enabling a business to be more data-driven and achieving more adaptive cybersecurity in a Zero-Trust framework.

Why Security Needs To Be Integral To DevOps

Conclusion

Meeting the challenge of integrating security in DevOps provides every organization with an opportunity to gain greater agility and market responsiveness, become more customer-centric and develop the DNA to be more data-driven. These three goals are achievable when organizations look to how they can build on their existing strengths and reinvent themselves for the future. As DevOps success goes so goes the success of any organization. Checkmarx’s approach to putting security at the center of DevOps is helping to break down the silos that exist between engineering, DevOps and security. To attain greater customer-centricity, become more data-driven and out-innovate competitors, organizations are adopting frameworks including BMC’s Autonomous Digital Enterprise to reinvent themselves and be ready to compete in the future now.

 

 

 

 

10 Ways AI Is Improving New Product Development

10 Ways AI Is Improving New Product Development

  • Startups’ ambitious AI-based new product development is driving AI-related investment with $16.5B raised in 2019, driven by 695 deals according to PwC/CB Insights MoneyTree Report, Q1 2020.
  • AI expertise is a skill product development teams are ramping up their recruitment efforts to find, with over 7,800 open positions on Monster, over 3,400 on LinkedIn and over 4,200 on Indeed as of today.
  • One in ten enterprises now uses ten or more AI applications, expanding the Total Available Market for new apps and related products, including chatbots, process optimization and fraud analysis, according to MMC Ventures.

From startups to enterprises racing to get new products launched, AI and machine learning (ML) are making solid contributions to accelerating new product development. There are 15,400 job positions for DevOps and product development engineers with AI and machine learning today on Indeed, LinkedIn and Monster combined. Capgemini predicts the size of the connected products market will range between $519B to $685B this year with AI and ML-enabled services revenue models becoming commonplace.

Rapid advances in AI-based apps, products and services will also force the consolidation of the IoT platform market. The IoT platform providers concentrating on business challenges in vertical markets stand the best chance of surviving the coming IoT platform shakeout. As AI and ML get more ingrained in new product development, the IoT platforms and ecosystems supporting smarter, more connected products need to make plans now how they’re going to keep up. Relying on technology alone, like many IoT platforms are today, isn’t going to be enough to keep up with the pace of change coming.   The following are 10 ways AI is improving new product development today:

  • 14% of enterprises who are the most advanced using AI and ML for new product development earn more than 30% of their revenues from fully digital products or services and lead their peers is successfully using nine key technologies and tools. PwC found that Digital Champions are significantly ahead in generating revenue from new products and services and more than a fifth of champions (29%) earn more than 30% of revenues from new products within two years of information. Digital Champions have high expectations for gaining greater benefits from personalization as well. The following graphic from Digital Product Development 2025: Agile, Collaborative, AI-Driven and Customer Centric, PwC, 2020 (PDF, 45 pp.) compares Digital Champions’ success with AI and ML-based new product development tools versus their peers:

10 Ways AI Is Improving New Product Development

 

  • 61% of enterprises who are the most advanced using AI and ML (Digital Champions) use fully integrated Product Lifecycle Management (PLM) systems compared to just 12% of organizations not using AI/ML today (Digital Novices). Product Development teams the most advanced in their use of AL & ML achieve greater economies of scale, efficiency and speed gains across the three core areas of development shown below. Digital Champions concentrate on gaining time-to-market and speed advantages in the areas of Digital Prototyping, PLM, co-creation of new products with customers, Product Portfolio Management and Data Analytics and AI adoption:

10 Ways AI Is Improving New Product Development

  • AI is actively being used in the planning, implementation and fine-tuning of interlocking railway equipment product lines and systems.  Engineer-to-order product strategies introduce an exponential number of product, service and network options. Optimizing product configurations require an AI-based logic solver that can factor in all constraints and create a Knowledge Graph to guide deployment. Siemens’ approach to using AI to find the optimal configuration out of 1090 possible combinations provides insights into how AI can help with new product development on a large scale. Source: Siemens, Next Level AI – Powered by Knowledge Graphs and Data Thinking, Siemens China Innovation Day, Michael May, Chengdu, May 15, 2019.

10 Ways AI Is Improving New Product Development

  • Eliminating the roadblocks to getting new products launched starts with using AI to improve demand forecast accuracy. Honeywell is using AI to reduce energy costs and negative price variance by tracking and analyzing price elasticity and price sensitivity as well. Honeywell is integrating AI and machine-learning algorithms into procurement, strategic sourcing and cost management getting solid returns across the new product development process. Source: Honeywell Connected Plant: Analytics and Beyond. (23 pp., PDF, no opt-in) 2017 Honeywell User’s Group.

10 Ways AI Is Improving New Product Development

  • Relying on AI-based techniques to create and fine-tune propensity models that define product line extensions and add-on products that deliver the most profitable cross-sell and up-sell opportunities by product line, customer segment and persona. It’s common to find data-driven new product development and product management teams using propensity models to define the products and services with the highest probability of being purchased. Too often, propensity models are based on imported data, built-in Microsoft Excel, making their ongoing use time-consuming. AI is streamlining creation, fine-tuning and revenue contributions of up-sell and cross-sell strategies by automating the entire progress. The screen below is an example of a propensity model created in Microsoft Power BI.

10 Ways AI Is Improving New Product Development

  • AI is enabling the next generation of frameworks that reduce time-to-market while improving product quality and flexibility in meeting unique customization requirements on every customer order. AI is making it possible to synchronize better suppliers, engineering, DevOps, product management, marketing, pricing, sales and service to ensure a higher probability of a new product succeeding in the market. Leaders in this area include BMC’s Autonomous Digital Enterprise (ADE). BMC’s ADE framework shows the potential to deliver next-generation business models for growth-minded organizations looking to run and reinvent their businesses with AI/ML capabilities and deliver value with competitive differentiation enabled by agility, customer centricity and actionable insights. The ADE framework is capable of flexing and responding more quickly to customer requirements than competitive frameworks due to the following five factors: proven ability to deliver a transcendent customer experience; automated customer interactions and operations across distributed organizations; seeing enterprise DevOps as natural evolution of software DevOps; creating the foundation for a data-driven business that operates with a data mindset and analytical capabilities to enable new revenue streams; and a platform well-suited for adaptive cybersecurity. Taken together, BMC’s ADE framework is what the future of digitally-driven business frameworks look like that can scale to support AI-driven new product development. The following graphic compares the BMC ADE framework (left) and the eight factors driving digital product development as defined by PwC (right) through their extensive research. For more information on BMC’s ADE framework, please see BMC’s Autonomous Digital Enterprise site. For additional information on PwC’s research, please see the document Digital Product Development 2025: Agile, Collaborative, AI-Driven and Customer Centric, PwC, 2020 (PDF, 45 pp.).

10 Ways AI Is Improving New Product Development

  • Using AI to analyze and provide recommendations on how product usability can be improved continuously. It’s common for DevOps, engineering and product management to run A/B tests and multivariate tests to identify the usability features, workflows and app & service responses customers prefer. Based on personal experience, one of the most challenging aspects of new product development is designing an effective, engaging and intuitive user experience that turns usability into a strength for the product. When AI techniques are part of the core new product development cycle, including usability, delivering enjoyable customer experiences, becomes possible. Instead of a new app, service, or device is a chore to use, AI can provide insights to make the experience intuitive and even fun.
  • Forecasting demand for new products, including the causal factors that most drive new sales is an area AI is being applied to today with strong results. From the pragmatic approaches of asking channel partners, indirect and direct sales teams, how many of a new product they will sell to using advanced statistical models, there is a wide variation in how companies forecast demand for a next-generation product. AI and ML are proving to be valuable at taking into account causal factors that influence demand yet had not been known of before.
  • Designing the next generation of Nissan vehicles using AI is streamlining new product development, trimming weeks off new vehicle development schedules. Nissan’s pilot program for using AI to fast-track new vehicle designs is called DriveSpark. It was launched in 2016 as an experimental program and has since proven valuable for accelerating new vehicle development while ensuring compliance and regulatory requirements are met. They’ve also used AI to extend the lifecycles of existing models as well. For more information, see the article, DriveSpark, “Nissan’s Idea: Let An Artificial Intelligence Design Our Cars,” September 2016.
  • Using generative design algorithms that rely on machine learning techniques to factor in design constraints and provide an optimized product design. Having constraint-optimizing logic within a CAD design environment helps GM attain the goal of rapid prototyping. Designers provide definitions of the functional requirements, materials, manufacturing methods and other constraints. In May 2018, General Motors adopted Autodesk generative design software to optimize for weight and other key product criteria essential for the parts being designed to succeed with additive manufacturing. The solution was recently tested with the prototyping of a seatbelt bracket part, which resulted in a single-piece design that is 40% lighter and 20% stronger than the original eight component design. Please see the Harvard Business School case analysis, Project Dreamcatcher: Can Generative Design Accelerate Additive Manufacturing? for additional information.

Additional reading:

2020 AI Predictions, Five ways to go from reality check to real-world payoff, PwC Consulting

Accenture, Manufacturing The Future, Artificial intelligence will fuel the next wave of growth for industrial equipment companies (PDF, 20 pp., no opt-in)

AI Priorities February 2020 5 ways to go from reality check to real-world pay off, PwC, February, 2020 (PDF, 16 pp.)

Anderson, M. (2019). Machine learning in manufacturing. Automotive Design & Production, 131(4), 30-32.

Bruno, J. (2019). How the IIoT can change business models. Manufacturing Engineering, 163(1), 12.

Digital Factories 2020: Shaping The Future Of Manufacturing, PwC DE., 2017 (PDF, 48 pp.)

Digital Product Development 2025: Agile, Collaborative, AI Driven and Customer Centric, PwC, 2020 (PDF, 45 pp.)

Enabling a digital and analytics transformation in heavy-industry manufacturing, McKinsey & Company, December 19, 2019

Global Digital Operations 2018 Survey, Strategy&, PwC, 2018

Governance and Management Economics, 7(2), 31-36.

Greenfield, D. (2019). Advice on scaling IIoT projects. ProFood World

Hayhoe, T., Podhorska, I., Siekelova, A., & Stehel, V. (2019). Sustainable manufacturing in industry 4.0: Cross-sector networks of multiple supply chains, cyber-physical production systems and AI-driven decision-making. Journal of Self-

Industry’s fast-mover advantage: Enterprise value from digital factories, McKinsey & Company, January 10, 2020

Kazuyuki, M. (2019). Digitalization of manufacturing process and open innovation: Survey results of small and medium-sized firms in japan. St. Louis: Federal Reserve Bank of St Louis.

‘Lighthouse’ manufacturers lead the way—can the rest of the world keep up?  McKinsey & Company, January 7, 2019

Machine Learning in Manufacturing – Present and Future Use-Cases, Emerj Artificial Intelligence Research, last updated May 20, 2019, published by Jon Walker

Machine learning, AI are most impactful supply chain technologies. (2019). Material Handling & Logistics

MAPI Foundation, The Manufacturing Evolution: How AI Will Transform Manufacturing & the Workforce of the Future by Robert D. Atkinson, Stephen Ezell, Information Technology and Innovation Foundation (PDF, 56 pp., opt-in)

Mapping heavy industry’s digital-manufacturing opportunities, McKinsey & Company, September 24, 2018

McKinsey, AI in production: A game changer for manufacturers with heavy assets, by Eleftherios Charalambous, Robert Feldmann, Gérard Richter and Christoph Schmitz

McKinsey, Digital Manufacturing – escaping pilot purgatory (PDF, 24 pp., no opt-in)

McKinsey, Driving Impact and Scale from Automation and AI, February 2019 (PDF, 100 pp., no opt-in).

McKinsey, ‘Lighthouse’ manufacturers, lead the way—can the rest of the world keep up?,by Enno de Boer, Helena Leurent and Adrian Widmer; January, 2019.

McKinsey, Manufacturing: Analytics unleashes productivity and profitability, by Valerio Dilda, Lapo Mori, Olivier Noterdaeme and Christoph Schmitz, March, 2019

McKinsey/Harvard Business Review, Most of AI’s business uses will be in two areas,

Morey, B. (2019). Manufacturing and AI: Promises and pitfalls. Manufacturing Engineering, 163(1), 10.

Preparing for the next normal via digital manufacturing’s scaling potential, McKinsey & Company, April 10, 2020

Reducing the barriers to entry in advanced analytics. (2019). Manufacturing.Net,

Scaling AI in Manufacturing Operations: A Practitioners Perspective, Capgemini, January, 2020

Seven ways real-time monitoring is driving smart manufacturing. (2019). Manufacturing.Net,

Siemens, Next Level AI – Powered by Knowledge Graphs and Data Thinking, Siemens China Innovation Day, Michael May, Chengdu, May 15, 2019

Smart Factories: Issues of Information Governance Manufacturing Policy Initiative School of Public and Environmental Affairs Indiana University, March 2019 (PDF, 68 pp., no opt-in)

Smartening up with Artificial Intelligence (AI) – What’s in it for Germany and its Industrial Sector? (52 pp., PDF, no opt-in) McKinsey & Company.

Team predicts the useful life of batteries with data and AI. (2019, March 28). R & D.

The AI-powered enterprise: Unlocking the potential of AI at scale, Capgemini Research, July 2020

The Future of AI and Manufacturing, Microsoft, Greg Shaw (PDF, 73 pp., PDF, no opt-in).

The Rise of the AI-Powered Company in the Postcrisis World, Boston Consulting Group, April 2, 2020

Top 8 Data Science Use Cases in Manufacturing, ActiveWizards: A Machine Learning Company Igor Bobriakov, March 12, 2019

Walker, M. E. (2019). Armed with analytics: Manufacturing as a martial art. Industry Week

Wang, J., Ma, Y., Zhang, L., Gao, R. X., & Wu, D. (2018). Deep learning for smart manufacturing: Methods and applications. Journal of Manufacturing Systems, 48, 144–156.

Zulick, J. (2019). How machine learning is transforming industrial production. Machine Design

Protecting Privileged Identities In A Post-COVID-19 World

Protecting Privileged Identities In A Post-COVID-19 World

Bottom Line: Every organization needs to digitally reinvent their business, starting at the system level to safely sell and serve customers with minimal physical interaction.

The hard reset every business is going through creates a strong sense of urgency to increase the agility, speed, and scale of selling, as well as customer service options that protect the health of employees, customers, and partners. Customer experience needs to be the cornerstone of digital transformation, with the customers’ health and welfare being the highest priority. Businesses need to realize that digitally reinventing themselves is no longer optional. Every customer-facing system is going to need the best infrastructure, security, and stability for any business to survive and grow.

Securing Infrastructure Needs To Come First

COVID-19 was a wake-up call that companies need to operate as multi-channel players, allowing for physical but, more importantly, virtual presence. For instance, in retail, only those that will step up their efforts in building on-line ordering and associated nation-wide logistics networks will survive in the longer-term. If the cloud was considered an option in the past, it now is mandatory. In turn, the need for security has increased.

Starting with infrastructure, hybrid- and multi-cloud environments need to be augmented with additional system support, new apps, and greater security to support the always-on nature of competing in a virtual world. Providing self-service sales and support across any device at any time and keeping all systems synchronized is going to take more real-time integration, better security, more precise pricing, and so much more.

Consumer electronics manufacturers’ biggest challenge is reinventing their infrastructure while selling and serving customers at the same time. Part of their biggest challenge is protecting privileged access credentials that have become fragmented across hybrid- and multi-cloud environments. Everyone I’ve spoken with is balancing the urgent need for new revenue through new channels on the one hand with intensity to secure infrastructure and the most valuable security assets of all, privileged access credentials.

According to a 2019 study by Centrify among 1,000 IT decision-makers, 74% of respondents whose organizations have been breached acknowledged that it involved access to a privileged account. These are typically used by a small set of technical personnel to access the most critical systems in the IT estate, including modern technologies such as cloud, DevOps, microservices, and more. The CIO of a local financial services and insurance company, who is a former student and friend, told me that “it’s often said that privileged access credentials are the keys to the kingdom, and in these turbulent times they’re the keys to keeping any business running.”

CIOs, CISOs, and their teams are focusing on four key areas today while digitally reinventing themselves to provide more flexible options for customers:

  • Secure every new self-service selling and service channel from breaches.
  • Fast-track cloud projects to become 100% virtual and available.
  • Simplify infrastructure management by integrating IT and Operations Management across hybrid and multi-cloud environments.
  • Improve compliance reporting as well as reduce audit costs and associated fines.

Legacy Privileged Access Management (PAM) Can’t Scale For Today’s Threats

Sophisticated social engineering and breach attempts are succeeding in misdirecting human responses to cyber threats, gaining access to valuable privileged access credentials in the process. Legacy PAM systems based on vaulting away shared and root passwords aren’t designed to protect hybrid cloud and multi-cloud environments. These DevOps systems include containers and microservices, APIs, machines, or services. Furthermore, multi-cloud environments create additional challenges because access management tools used for one vendor cannot be used with another.

Switching from in-person to self-service selling and service creates new challenges and an entirely new series of requirements for identity and access management. These requirements include securing a continually-increasing number of workloads that cause the amount of data in the cloud to grow exponentially. There’s also the need to centralize identities for consistent access controls across hybrid and multi-cloud environments – all happening while a business is busy digitally reinventing itself. Compounding all of these challenges is the need to excel at delivering an excellent user experience without sacrificing security in an increasingly self-service, always-on, 24/7 world.

Securing Privileged Access In A Post-COVID-19 World

If you’re looking for a sure sign any business will be around and growing in twelve months, look at how fast they are digitally reinventing themselves at the infrastructure level and protecting privileged access credentials first. Digital-first businesses are taking a more adaptive approach to consistently controlling access to hybrid infrastructure for both on-premises and remote users now.

Centrify and others are making rapid progress in this area, with Centrify’s Identity-Centric PAM taking a “never trust, always verify, enforce least privilege” approach to securing privileged identities. Centrify’s approach to Identity-Centric PAM establishes per-machine trust so it can defend itself from illegitimate users – whether human or machine  – or those without the right entitlements. It then grants least privilege access just-in-time based on verifying who is requesting access, the context of the request, and the risk of the access environment as is illustrated in the graphic below:

Protecting Privileged Identities In A Post-COVID-19 World

Conclusion

Improving customer experiences needs to be at the center of any digital transformation effort. As every business digitally transforms itself to survive and grow in a post-COVID-19 world out of necessity, they must also improve how they secure access to their cloud and on-premises infrastructure. Legacy PAM was designed for a time when all privileged access was constrained to resources inside the network, accessed by humans, using shared/root accounts.

Legacy PAM was not designed for cloud environments, DevOps, containers, or microservices. Furthermore, privileged access requesters are no longer limited to just humans, but also include machines, services, and APIs.

Privileged access requesters need greater agility, adaptability, and speed to support DevOps’ growing roadmap of self-service and increasingly safer apps and platforms. While privileged identities must be protected, DevOps teams need as much agility and speed as possible to innovate at the rapidly changing pace of how customers choose to buy in a post-COVID-19 world.

%d bloggers like this: