Security & Risk Management group) 1. Authentication/authorization decisions 2. System and data access 3. System and application changes, especially privileged changes 4. Data changes (CRUD) 5. Invalid CREATE SELF-SERVICE ACCESS TO TELEMETRY AND INFORMATION RADIATORS i. Spread the information – anyone who wants or needs the information can readily access it without production access or other privileged TESTING INTO OUR RELEASE i. A/B testing requires fast CD to support ii. Use feature toggles to control experiments, cohort creation, etc. iii. Use telemetry to measure outcomes iv. Etsy open-sourced

as Code  Turned over repeatable and automatable tasks to the product team wherever possible. Control our destiny  Started to engineer solutions for issues related to product configuration and deployment Route Adds – requires heightened security access  Database Data Script Execution  Load Balancer Node Disablement  OS and Security Patching  Requesting access to technology specific dashboards and consoles

kubeadm init --config /etc/kubeadm-init.yaml #初始化集群 当出现Your Kubernetes control-plane has ini�alized successfully!这行时说明初始化 k8s成功了 记住最后2行命令，是用来让node结点加入集群的命令（含token） ★第2章、部署k8s版本>=1 kubeadm init --config /etc/kubeadm-init.yaml #初始化集群 当出现Your Kubernetes control-plane has ini�alized successfully!这行时说明初始化 k8s成功了 记住最后2行命令，是用来让node结点加入集群的命令（含token） ★附、crictl命令 csi-node-driver-fn7zd 2/2 Running 2 (10m ago) 11m # Remove the taints on the control plane so that you can schedule pods on it. # kubectl describe node master1.cof-lee.com | grep

container security, east/west traffic management, a zero-trust model, a whitelist, Role-Based Access Control (RBAC), continuous monitoring, signature-based continuous scanning using Common Vulnerabilities

advance, and that we have a way to (try to) control them.  The relationship between uncertainty, risk, and change is far too complicated for such control when delivering IT systems, where complexity silos in a way that values skills and contributions. Shadow IT—rogue IT, IT that is out of the control of the IT organization. It is what has saved IT up to this point. It is a powerful phenomenon that that we have not yet learned to take advantage of, caught up as we are in the contractor-control model of IT. Shadow IT is what happens when the IT organization is unable to meet the needs of a part of

environments matched Prod. They fixed forward, but changes not put back into version control. Focused on version control and automated environment creation – time reduced from 8 weeks to 1 day b. ENABLE system are shared in a version control repository ii. Version control is for everyone in the value stream iii. Everything, everything, everything is checked into version control 1. Application code & dependencies includes pre-production and build processes 9. Tools iv. 2014 State of DevOps Report – use of version control by Ops was the highest predictor of both IT performance & organizational performance d. MAKE INFRASTRUCTURE

of the time, the tasks would spend in queue a total of nine hours time the seven steps…” Change Control  “We need to tighten up our change controls… what’s preventing us from getting there?”  “That right.” Lesson: Don’t let your change control process become a change prevention process. Don’t let your change control board become a bottleneck. The change control board is not the place to decide whether whether a change is a good idea, the role of change control board is to ensure changes have been properly coordinated with and agreed to by proper stakeholders. Attributions [1] Amazon, http://www.amazon

integrity and code signing – all contributors should have their own key and sign all commits to version control. All created packages should be signed and hash recorded for auditing h. ENSURE SECURITY OF OUR types of test code) 4. Ensure every CI process is in an isolated container 5. Make the version control credentials of the CI system read-only 3. Ch. 23 – Protecting the Deployment Pipeline a. INTEGRATE demonstrate high success rates and low MTTR iii. Link and provide traceability from planning to version control to production implementation for visibility and auditing c. WHAT TO DO WHEN CHANGES ARE CATEGORIZED

dominated the IT world because it appears to offer predictability, control, and efficiency, the key values of the contractor-control model. But it doesn’t. Requirements: Requirements are a way of controlling used to set boundaries for developers when they began a project. In other words, a vehicle for control. But standardization also imposes costs by:  limiting agility and adding bureaucratic waste: exceptions nevertheless gives all stakeholders good insight into the status of the initiative. It allows me to have control—or at least influence—over the direction of the initiative. It is based on a positive, supportive

fail to comprehend. We usually think of ourselves as sitting in the driver’s seat, with ultimate control over the decisions we make and the direction our life takes; but alas, this perception has more negotiation, monetary bonuses vs. recognition and appreciation The Problem of Procrastination and Self-Control – Why We Can’t Make Ourselves Do What We Want to Do  Example: Vehicle Maintenance, E-mail  Experiment: