DevOps is designed to automate the build deployment and integration process using CI/CD pipelines, containers and automation orchestration tools like Jenkins, Chef, Ansible or Terreform amongst others. However, DevOps falls short in the area of system operations, security and compliance. Organizations are coming up stop-gap options like Site Reliability Engineers or Platform Engineering groups. However these efforts are not well defined and do not have a strong framework driven by best practices. The infographic below provides an overview of the current state.
Hard-core systems operations and management that typically include security event and incident management, vulnerability management, continuous monitoring and incident response, systems operations and financial operations are largely left out or not well defined with ambiguity and duplication. This is a serious gap in the current “state-of-the-art” given than typically 60-70% of a total system cost is associated with the Operations & Maintenance activity.Just like DevOps has streamlined the build and deploy process using the CI/CD pipelines, AIOps provides a scalable operations, automation and management framework. AIOps starts where DevOps stops.
stackArmor’s founders and engineers have been been migrating and managing systems in the cloud since 2009 and have first-hand experience in developing cloud operations and management best practices. We have developed AISecOpsTM as a holistic cloud operations and security management framework that covers the full-stack and incorporates AI to deliver automated response and incident management.
stackArmor AISecOpsTM is an implementation and delivery focused methodology that uses full-stack telemetry data and automation to help organizations deliver a reliable, secure and cost-effective IT service that is continuously optimized and includes End-User, System, Security and Financial operations. Our methodology is designed for security and compliance focused markets including financial services, healthcare, public sector and government customers that must comply with NIST, HIPAA, FFIEC, FedRAMP, NIST 800-53, NIST 800-171 or ISO security standards.
Cloud operations and security must be treated as a holistic discipline to ensure the confidentiality, integrity and availability of cloud-hosted assets. For example in the area of pay-as-you-go cloud computing models, the ability to optimize the performance of cloud-based applications pays rich dividends in operational savings. Some organizations report being able to save up to 20% of their IaaS spend through a rigorous monthly tracking & optimization ensuring that “orphaned storage”, right-sizing VM’s,and using the right pricing model. Most IT organizations are ill-equipped and not focused on the financial aspects of cloud computing. Similarly, there are serious emerging challenges in the security operations arena – traditional security frameworks tend to be reactive in nature – the ability to perform forensic and trending analytics have been primary use cases. But with the advent of the NIST cybersecurity framework, high-profile incidents like Target and the increased cyber threat, organizations must implement real-time, automated solutions to contain the security costs and yet deliver a viable “armor” against threats.