DevOps and agile practices can also butt up against established security mechanisms. DevOps culture is “the heart of agility and emphasizes frequent releases, highly automated—and often remote—build processes, constant configuration, and distributed teams,” said Markku Rossi, CTO of SSH.com. “In DevOps environments, the development teams are directly in contact with production systems. There are daily releases of code directly into the live production servers, and the traditional boundaries between development, test, and production environments have eroded.” The challenge is to provide “the ability to secure, monitor, control, and audit the connectivity into sensitive data and systems; something that has been in place and optimized in a traditional software environment for years,” Rossi continued. Traditional security systems are not suited for today’s accelerated and rapid pace of software delivery, he added.
What happens, Rossi related, is “developers and database admins typically game the system, bypassing the enterprise privileged access management by throwing in their own access keys unmonitored and unmanaged. Legacy privileged access management is also an agile administrative and operational roadblock, and source of friction. Managing the lifecycle of hundreds or thousands of access identities over time creates unmanageable complexity, which increases the risk of misconfigured and unmanaged, untracked access. It also means admins, developers, and expensive consultants are either constantly managing or waiting for access instead of doing productive work.”
Another challenge has been the nature of applications found in the data center. To deal with massive scale, the alternative microservices approach emerged, but it quickly became apparent there was a technology gap in supporting communications for cloud-native applications, said Arsalan Farooq, chief of strategy for Netifi. “For example, people wanting to scale while retaining usage of relational databases were cut off from reactive programming due to existing standards. These challenges require new technologies, such as R2DBC, an API that allows asynchronous, non-blocking code that works efficiently with relational databases.”
Microservices, while showing great promise in helping to break down and replace monolithic systems and applications, also still require caution. The microservices approach has almost a 9-year history and has many success stories and solid practices, but there’s still a lot of hype around microservices and too many projects which fail, said Jeff Fried, director of product management at InterSystems. “I’ve experienced lots of operational and security challenges in stitching together microservices across multiple cloud services—applications which could be built quickly but were very challenging to run. I’ve also seen too many cases of the abstraction obscuring the reality: data-intensive applications where a microservices implementation resulted in huge, unnecessary data transfers or data duplication.”
Data managers can also make greater strides toward agility by elevating their roles and visibility within organizations. “By looking at more ways to automate across the stack, data managers can spend less time on maintenance and instead help their organizations become more agile through new insights from data instead of just keeping the lights on,” said Venzl. Venzl pointed to autonomous database technologies as an example of a way to “help reduce the time needed to monitor, repair, and scale critical business assets to eliminate the IT complexity that can slow the roll out of new applications.
Furt urges that “data managers advocate for the ability to dynamically harmonize their data into a consistent 360-degree view that can be flexible enough to respond to changes in data and requirements. They should strive to integrate all the silos of data into this consolidated view.”
Additionally, it is important that data managers not build walls of accountability in their delivery pipeline, Thrift emphasized. “Teams must be equipped with the skills and resources to develop, test, deploy, and host their solution without passing accountability onto another group.”