Any IT professional who’s called in when a leading company makes the headlines for a technological disaster may be tempted to tell you that such unfortunate events can be entirely prevented. Notably, DevOps is about coupling the responsibility to use reliable software process improvement methodology [in this case, to protect client information] with the equally relevant reality that data breaches like the one you’ve just experienced are inherently unavoidable.
Still, as inevitable as vulnerabilities are, there are many measures which can be taken to mitigate risk. In 30 years of experience in the field, I’ve found that the weakest link is most often an abundance of human error. People, though well intentioned, are fallible, and as a result, their code is also.
Companies like yours can protect themselves and their infrastructure by automating building the entire system from a credit card and creating backups of all the data. Furthermore, if you automate system alerting, you’ll know the moment that you’re under attack.
Before releases, I might ask the team responsible if:
- They have baselined the existing code so that we can reliably restore, if necessary.
- They have baselined the new release so that we can verify that the correct code has been deployed.
- The new release has been tested and approved for release production.
- They have notified the stakeholders that a new release is coming so that they are not surprised.
- Their support team is alert and ready to handle any calls or issues which might arise when the release is deployed.
- They have tested the system thoroughly enough to have a baseline to which they can compare (i.e. will they be able to identify which bugs are new and which predated the release), and they have established what this new release provides the user (e.g. defects fixed, new features, etc).
- They have divided the deployment into the smallest increments that can be delivered (if not, they’re increasing risk with a ‘Big Bang Deploy’).
- There are any other predictable/identifiable risks to other systems when the release is deployed.
- They have full backups of the current system.
- They have rehearsed full system disaster recovery.
If 10 items seems overwhelming, then I would encourage you to remember the words of the 16th President of the USA:
The best way to accelerate your delivery pipeline is to understand what would interfere with it and to prepare for any disruptions ahead of time.
If a breach should occur (and from time to time, it will), I might ask the release team:
- What they are seeing that leads them to believe there is a problem.
- Who should be notified that there is a problem.
- If it would be appropriate to take the system offline now.
- If we can take a snapshot of the existing system (complete with the problem) for later forensic analysis.
- If we need a full system restore or if restoring an application will suffice.
- How long the restore can be expected to take and what the necessary steps are.
- What risks can be associated with the restore and how we can prepare for them.
- Who performs each task, who gives the approvals, and who notifies others when relevant.
No one likes to have their data compromised, but your public relations people have a much stronger leg to stand on when your IT department can clearly and definitively not just state, but also provide evidence that they are following the industry standard best practices including the new IEEE 2675-2021 industry standard for DevOps.
There are just a few more questions that I would encourage a release team to consider at the tail-end of a breach like this one:
- What can we learn from the forensic analysis of the corrupted system baseline?
- What went well? What could be improved?
- Going forward, what can we do to ensure that we can immediately detect problems and restore application baselines (and full system baselines, when necessary)?
With an appreciation for software security best practices and an eye on improvement, Fitbit, a product already beloved by many, can emerge stronger, better, and more trusted than ever before.
Written by Bob Aiello
0 Comments