06-22, 16:15–16:40 (Europe/Amsterdam), Grote Zaal
As part of Gene Kim's IT Revolution Forum papers project, we wrote a paper entitled DevOps Automated Governance Reference Architecture. This paper aimed to create an architecture that could reduce the toil and increase the effectiveness of enterprise risk and internal audit. When we finished writing the second version in 2021, we turned it into a bestselling novel called Investments Unlimited. (IUI). IUI describes what happens when an investment bank fails an audit and how they respond. As a result, we are calling this Modern Governance. We will discuss the genesis of the IUI story, then examine some of the new risk opportunities with cloud native implementations like Service Mesh, ISTIO, and Envoy. L7 proxies are replacing traditional L3 traffic management primates, which are controlled by APIs and simple configuration files. In addition, NIST has been actively documenting these potential risks (see NIST 800-204). In order to take advantage of these new opportunities, enterprises must become better, faster, and safer.
John Willis has worked in the IT management industry for more than 35 years. Currently he is an Evangelist at Docker Inc. Prior to Docker Willis was the VP of Solutions for Socketplane (sold to Docker) and Enstratius (sold to Dell). Prior to to Socketplane and Enstratius Willis was the VP of Training & Services at Opscode where he formalized the training, evangelism, and professional services functions at the firm. Willis also founded Gulf Breeze Software, an award winning IBM business partner, which specializes in deploying Tivoli technology for the enterprise. Willis has authored six IBM Redbooks for IBM on enterprise systems management and was the founder and chief architect at Chain Bridge Systems.