You asked, We Answer!

Thank you for asking Bespin Global a valuable question at IDC Cloud Roadshow GCC 2021. We have made sure that we answer all your questions.

Don't see your question answered below? Please reach out to us at marketing@bespinglobal.ae and we'll be happy to assist you.

Do you advise Government entities to go to Cloud, and if yes, what type of Cloud solution do you recommend?

Yes, Bespin Global advises Government entities to go to cloud! Amongst the many reasons, one of the top reasons is that cloud computing gives government entities a higher level of security and scalability that isn’t usually available with in-house IT systems. We can’t recommend a specific cloud solution until we perform an assessment to determine sensitivity level of the data and type of workload. However, based on our experience, the hybrid model is extensively being used by government entities today.

What are the biggest challenges faced by us in the cloud today from your perspective?

One of the biggest challenges being faced is the difficulty to meet all the governance & compliance rules and policies for customers with varying needs.

What are the best practices for government entities to host any of the systems due to sensitivity of the data (public or private cloud)?

We cannot recommend until an assessment has been performed to determine sensitivity level of the data and type of workload. However, based on our experience, the hybrid model is extensively being used by government entities today.

What are the different types of cloud ?

Public, private and hybrid.

How can we ensure security and compliance in the cloud ?

As AWS Premier Consulting Partner, we can assure you that AWS supports more security standards and compliance certifications than any other cloud provider, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, etc. helping customers satisfy compliance requirements for virtually every regulatory agency around the globe.

How will we assure Cloud security?

The SASE model (Secure access services edge) is ideal to ensure security on the cloud. Secure access service edge combines networking and security functions in the cloud to deliver seamless, secure access to applications, anywhere users work.Core functions include software-defined wide area network, secure web gateway, firewall as a service, cloud access security broker, and zero-trust network access.

What are the security benefits of cloud ?

The benefits vary based on the chosen XaaS model. Depending on what chosen, security aspects can be offloaded to the cloud provider.
Software-as-a-service (SaaS) — Customers are responsible for securing their data and user access.
Platform-as-a-service (PaaS) — Customers are responsible for securing their data, user access, and applications.
Infrastructure-as-a-service (IaaS) — Customers are responsible for securing their data, user access, applications, operating systems, and virtual network traffic.

How is DevOps different from agile methodology?

Agile makes development cycles more efficient whereas DevOps enables collaboration between development and operation teams. We recommend that organizations use a combination of both Agile and DevOps to achieve the required results.

What are some things businesses can do to lessen the likelihood of negative reactions to the introduction and implementation of change management while transforming towards the digital first world?

Good communication shows how digital transformation is in everybody’s benefit by demonstrating that extra work is worth the effort by communicating:

– that inaction is not an option and consequences if they refuse to change.

– the impact of failing to embrace digital could have great effects on their jobs. This will help reshuffle priorities and speed up change.

What are some areas to explore within DevOps?

Devops is a culture that can be implemented in any operation like development, testing, or implementation.

How will you approach a project that needs DevOps implementation?

A needs analysis will be performed by evaluating requirements. After an assessment is done, we use appropriate tools to implement DevOps.

What are the differences between cloud and traditional datacenters?

The main difference between a cloud and a data center is that a data center refers to on-premise hardware and infrastructure while the cloud refers to off-premise computing. The cloud stores your data in the public cloud while a data center stores your data on your hardware .

What is DevOps Minimal cost of production ?

DevOps is NOT a product. It is a culture to enable your business to go to market faster.

We are on Private Cloud and would stay there. No plans for public cloud. How is DevOps going to help us and what benefits do we get from this?

If your private cloud is built to scale, then most of the DevOps practices can be applied similar to public cloud.

How can we ensure that DevOps concept is applied on the environment? Does it need awareness or order from the decision maker to apply?

Both. It is not a one person task and rather requires cross functional teams to work together. It is a culture not a product or service.

Multi-Tenancy is still the biggest threat in Cloud. What steps are we taking to mitigate this?

There are multiple options on the cloud. For example, dedicated hosting allows you to use per socket / per use for VMs.

What is the difference between continuous delivery and continuous deployment?

Continuous deployment is an agile methodology for software development whereby any code commits are given automated tests and released into production where they are immediately visible to end-users. Conversely, continuous delivery involves the release of new code to quality assurance for testing on a rapid, continuous basis.

How do artificial intelligence (AI) innovations augment Agile and DevOps and foster a growing culture of responsibility for quality across all teams?

Due to the number of relatively simple and often repetitive tasks, Artificial Intelligence for Agile/DevOps can automate to help realize great efficiencies in the CI/CD pipeline.

What About DevSecOps?

DevSecOps means thinking about application and infrastructure security from the start. It also means automating some security gates to keep the DevOps workflow from slowing down.

How are geographically distributed teams adopting a business-oriented focus while deploying applications across environments?

By implementing agile methodologies.

What is the role of configuration management in DevOps?

One of the components of DevOps is configuration management. The key role of Conf management is to achieve automation. And automation is the core result by adopting DevOps.

Can you share any business case for Automotive sector?

Yes. Please refer to
https://www.bespinglobal.ae/luxury-car-dealership/
https://www.bespinglobal.ae/dubicars-partners-with-bespin-global-to-drive-growth-through-cloud-solutions/

While we implement a test automation strategy, what about data management for the test?

Implementing Test Data Management Processes and Tools with test automation is a must, as efficient management of data utilized for testing is necessary to supplement the testing efforts and to maximize return on investment for the highest levels of success and coverage.

Security is one of the main challenges. It has been noticed that some clients or customers try to move to cloud to transfer the security risk to the service providers and the cloud service providers try to push more to IAS rather than PAS and SAS to avoid taking the security's responsibility. From your point of view, how do we deal with such challenges?

This depends on the model chosen by the client which will help define what security aspect of the shared responsibility model will each party be responsible for.

Software-as-a-service (SaaS) — Customers are responsible for securing their data and user access.
Platform-as-a-service (PaaS) — Customers are responsible for securing their data, user access, and applications.
Infrastructure-as-a-service (IaaS) — Customers are responsible for securing their data, user access, applications, operating systems, and virtual network traffic.

How can we provide awareness to all the staff?

By training and enabling cross functional teams and making change a positive aspect of the work environment.

How does continuous monitoring help maintain the entire architecture of the system?

Helps in evaluating the current setup in order to take decisions in cost optimization, security, and operation ehancement.

Does Bespin have security-oriented activities?

Yes. We offer SASE modelled XDR for cloud workloads as well as Management of the Security solutions deployed on public cloud workloads

How does DevOps value stream management provide DevOps teams and stakeholders with key insights and metrics to identify, measure and guide their actions??

DevOps VSM is a visual representation of how IT and business build, deploy, and manage workflows. It helps build, analyze, and share the work in all stages with developers and stakeholders for better understanding all around. By mapping out the current DevOps stream, identifying the waste in it, and building new DevOps stream, it communicates the changes to the organization.

What are the challenges with DevOps implementation?

There are many. One of them is the lack of actual tool knowledge from the various tools available. Adding to this, focusing on choosing the right tools before understanding the bigger picture will lead to failure.

What is the aim of DevOps?

Automation and collaboration.

How does continuous monitoring help you maintain the entire architecture of the system?

Ensures that all services, applications, and resources are running on the servers properly.
Monitors the status of servers and determines if applications are working correctly or not.
Enables continuous audit, transaction inspection, and controlled monitoring.

What is required to adopt DevOps ASAP?

Automate the little and regular processes to begin with.

How does COVID-19 Pandemic impact on an organization's cloud security strategies and management?

We’ve actually seen a higher adoption to cloud during COVID. This has resulted in many enterprises trying to replicate on-prem security on the cloud. Unfortunately, this doesn’t always work. Cloud Security is a little different. Security is more oriented towards zero trust, IAM and SASE.

Will this be included in DevSecOps ?

If the question is, “do we do DevSecOps?”, then the answer is Yes. Need more clarity what *this* is.

What is the visibility and control available with customers?

It depends on the business model of the organization.

What does a good end-to-end test look like for the code base?

End to end testing is the category of tests that’s drawn at the top of the testing pyramid which gives a guideline to the number of tests we should have. Because they are easy to write and maintain, and fast to run, it’s valuable to have many unit tests. Unit test is the lowest level of testing where programmers write a small routine to test the routine they are actually writing.

There are different agile platforms on the market. How do we select which one suits our apps environment?

By performing an initial Assessment, we can understand the business cycle and apps environment and we would then be able to recommend a platform based on your current workload.

How can we be agile to implement these technologies in a secure way ?

The best place to start automating security best practices is the CI/CD pipeline. With the help of static and dynamic analysis tools we can identify vulnerabilities that were missed out during the development and testing stages. The idea is to improve the security and quality of the overall code.

What is the difference between a centralized and distributed version control system?

Centralized Version Control is a version control system using server/client model and server contains all the history of source code. Distributed Version Control is a version control where each client can have same copy of source code as server has and both server and client maintain history of source code.

When it comes to using the agile platform, license cost is expensive? How do we go about it?

Some modules provide pay-as-u-go model.

Do you recommend to use hybrid cloud model in the beginning before going to native cloud?

No. An assessment will give the answer based on ur workload.

Was the presentation short ?

Was it? 10 minutes is barely enough 😉

How can Multicloud strategy help companies to overcome some of the challenges in digital transformation?

Companies can select the best provider for each specific workload, and don’t become beholden to a single cloud provider’s services, infrastructure, or pricing model.

Is DevOps only for AWS cloud services or also used for Azure and Google ?

DevOps is not related to a public or private cloud provider.

When is AWS coming to UAE ?

First half of 2022. We are excited!

Also, when using agile tools, coding is a problem to debug. What is your comment on this?

This means that there is an issue in the agile process because if the best practices are applied right, debugging won’t be an issue.

From your side, can your security practice overcome latest incoming threats?

This is a generic question. What we aim to provide is a framework with a converged offering of delivering unified threat and data protection capabilities. Cloud security is unique and we aim to offer a solution where we can help secure cloud workloads

What are the core operations of DevOps with application development and infrastructure?

Combining two distinct departments and processes (development and operations) leads to increased transparency and focus on continuous integration, continuous delivery, continuous testing, continuous deployment, continuous operations, and continuous collaboration.

How secure is it? Is it really safe to maintain our data on cloud?

As AWS Premier Consulting Partner, we can assure you that AWS supports more security standards and compliance certifications than any other offering, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping customers satisfy compliance requirements for virtually every regulatory agency around the globe.

Which scripting language is most important for a DevOps engineer?

There is no specific language that we would recommend.

There is an increased scrutiny from regulators specially for financial and healthcare sector. How do you see the future of cloud for those sectors in the view of compliance hurdles?

A lot of the public cloud offerings already have certifications like HIPAA, DESC’s compliance, PCIDSS etc. This offsets the need to have infra compliant and customers can focus on the application level compliance.

How is DevOps helpful to developers?

Helps developers in:

Automation
CI/CD, Testing
going to market faster
reducing risk
makes it easy to rollback changes

How can I guarantee data protection when using cloud?

By using security services on the cloud which helps to implement PCI- DSS compliance, for example.

How do we Fail early and successfully with an eye towards security risk mitigation as part of the DevOps workflow?

By implementing the right DevOps tools.

Do you provide services on Prem for secure development of applications?

No, our services are designed for public cloud implementations only.