Integrate our deployment activities with our change approval process vii. Reduce reliance on separation of duties 2. Ch. 22 – Information Security as Everyone’s Job, Every Day a. Many DevOps organizations often assembling applications from third-party components and integrating them with our business logic. We inherit the vulnerabilities of these 3rd party components ii. Examine dependencies for known agreement for automated changes to become standard changes. d. REDUCE RELIANCE ON SEPARATION OF DUTY i. Separation of duties impedes feedback and limits ability to take responsibility for quality of

to execute strategy and roadmap. i. DESIGN TEAM BOUNDARIES IN ACCORDANCE WITH CONWAY’S LAW i. Separation impedes collaboration ii. Requires significant collaboration to overcome j. CREATE LOOSELY-COUPLED

just monitor what’s up or down. ii. Modern Monitoring architecture 1. Data Collection at business logic, application, & environments layer a. Events, logs, & metrics b. Common service to centralize, rotate

Toggles 1. Selectively enable/disable features without code deployments 2. Wrap UI or application logic in conditional statements or strategy patterns 3. Support easy roll back 4. Support graceful performance

employ people with skills in that product. The cost of custom development is falling: More and more logic is abstracted away by frameworks and design patterns. Incremental delivery and staged investments