Business Continuity During the Pandemic with VDI

The global COVID-19 pandemic has forced organizations around the world to adopt business processes & working styles they never imagined would be practical, sustainable, or productive in the long term. With governments suspending all business activities in the wake of the pandemic, and with nationwide lockdowns & travel restrictions, core business processes have been challenged. Thrown into the ocean of uncertainty, businesses have had no choice but to adapt in order to keep their heads above the water and swim to safety!

One of the main challenges for organizations during the pandemic has been to ensure a secure workplace for their employees. To steer through the challenges posed by the pandemic, businesses have had to embrace the remote work culture. Work From Home (WFH) which was once a privilege quickly became the only possible way to work! To that end, VDI (Virtual Desktop Infrastructure) hasproved to be the game-changer, enabling employees to connect & work securely from the comfort of their homes.

What is VDI?

Virtual Desktop Infrastructure (VDI) allows employees to securely access desktop applications and servers from outside their physical office premises. They are provided with computing capacity via virtual machines, enabling them to work from any remote location. Virtual machines allow a business to deploy applications and operating systems via a dedicated host server.

An organization can deploy business data, dedicated applications, and many more components of IT infrastructure to employees through a VDI. Business resources and applications are deployed to the employees in a virtual data center. Virtual desktop resources are delivered as a service by leveraging the internet. Unlike a physical desktop, you don’t need an endpoint device to connect to these business resources. The virtual desktop resources are managed in a data center and are delivered over a reliable network. Employees can use the applications deployed via VDI as if they are running locally – from any device.

Desktop Virtualization and VDI

Desktop virtualization creates a virtual version of the end user’s desktop environment. A virtual OS is created from the end user’s physical desktop via virtualization. VDI is a deployment model of desktop virtualization that is used by businesses for remote work. There are other deployment models for desktop virtualization like remote desktop services and DaaS (Desktop-as-a-Service).

In VDI a desktop image travels through the internet to the employee’s device. VDI is always deployed with the help of a server in a data center. Once deployed, users can interact with desktop applications and operating systems remotely.

Why is VDI a great solution?

Many firms around the globe have already started using VDI for providing a secure workplace to their employees. The major pros of VDI that ensure seamless business continuity are:

  • Centralized Monitoring:

With centralized monitoring and management VDI enables tighter control and saves a lot of time & effort for routine IT tasks. IT administrators can modify or patch virtual desktops at any time and can make changes to all the virtual desktops in a network at the same time.

  • Data Recovery:

With VDI, essential business data will be backed up in the data center. This data backup process is typically automated. Employees can run a virtual desktop recovery program if they face abrupt shutdowns or connection losses. If an end user’s device gets stolen, the connectivity of that device to the VDI can be terminated. Such features ensure that data is always safeguarded.

  • Enhanced Accessibility:

VDI empowers users to securely access their desktop from anywhere, at any time, and from any device, to gain access to their business files & applications. They do not have to use high-performing devices as computing capacity is also deployed under VDI – any PC, tablet, smartphone, or thin client can be used. This helps create a flexible work environment for employees.

  • Personalized Work Environment:

Virtual desktop environments are highly customizable to suit user preferences and business needs. For any ad-hoc requirements, virtual desktops can be quickly customized as required – much faster than a physical desktop.

Is VDI Cost-effective?

A business does not have to invest in any special hardware to deploy VDI. No specialized training is required to be able to use VDI. Virtual desktops are easy to manage & use and work exactly like a physical desktop. Deployment of large-scale virtual desktops involves much lower IT costs than physical infrastructure. For example, deploying a virtual desktop Mac would be less expensive than buying an Apple desktop. Resources can be deployed as required, and when needed, resulting in reduction in wastage and IT operating costs.  

In a Nutshell

The global VDI market size is expected to be USD 30 billion by 2026. VDI lends itself reliably to organizations as a business continuity strategy. It also empowers employees with tremendous flexibility in their work environment. Choose a reliable VDI for your organization and deliver a seamless working experience today! You can find information on zDesk, GAVS’ award-winning VDI + DaaS solution here.

Fireside Chat with Dr. Vinita Chauhan-Ramprasath

Dr. Vinita Chauhan

1. Tell us something about your childhood. What values had been instilled in you that helped you excel later in your life?

I think we all have our modest beginnings; I have certainly had mine. Growing up, we were comfortable but never outrageously wealthy. My parents were extremely hard workers and that is something they both instilled in me and my sister. We had everything we needed, but there weren’t a lot of luxuries and we didn’t miss them. Another thing our parents were very unequivocally insistent about was a good education. My father lost his father at a young age and then proceeded to educate himself and ended up getting his doctorate with a scholarship. My mother came from a family that put education above all else. Hard work and the value of education are two things that were instilled in us early in our lives.

2. What have been some of the biggest challenges in your life and how that has shaped you?

When I moved to the US, I lived on my own for the first time and so many things were new and different. Every immigrant has gone through that phase but for me that was especially hard because I was so sheltered before that. Getting a hang of the education system that was so different was also a task. After working in academic research for a while, there was a point when I realized didn’t want to be in academia. I had enrolled in an MBA program that I really enjoyed. When I went back from my maternity leave, I wasn’t willing to give up on my research position yet. There was one semester when my son was still an infant, I was taking 5 classes, working 30 hours a week in my lab, and teaching 2 online courses. It was a result of pure planning, and a lot of support from my husband; my days planned to the minute. It was a very trying time but was extremely rewarding.

3. How did you discover your passion for STEM?

I always enjoyed Biology. I found it fascinating and I was also fortunate enough to have some great Biology teachers. One of my teachers ended up mentoring me and helped me explore various opportunities. That was a big turning point for me. She tried to nurture my interests and talked to me about my options going forward. Studies have shown that school-going girls, lose interest in STEM at an early age, more so than boys, if not nurtured and supported appropriately. Girls take it harder when they make mistakes, and we need to show them to learn from it and continue moving forward.

4. What were the biggest leadership shifts in the past year?

We have all been trying to do our best juggling work and our family’s health. And we’re all in this together. There have been times my sons walked into the room while I was in meetings and no one batted an eyelid. Leaders understand that we are all managing things at home too and allow us the flexibility to do so. People step up to the challenge they are presented if we give them an opportunity to do so and the pandemic has clearly tested all of us.

5. Could you tell us something about how to manage remote teams?

I personally like to have video calls with my team members and know what is happening in their lives even outside of work. Our physical and mental health and well-being makes everything else possible, being mindful of that is important. It is also important to empower our teams to feel confident enough to come up with the best solutions. It is very fulfilling for me to see my team members come up with better ways of doing things and prove me wrong. A manager’s number one priority is to ensure that everyone is working to the best of their ability.

6. How important do you think is Diversity and Inclusion for corporates?

We are resistant to change but change is the only constant. Look at what the last year has taught us. Diversity, inclusion, and equity are considered buzzwords in corporate world, but they are important in every facet of life. There is a story about 4 people looking at a box as a problem but from different angles. So, it is a different problem for each of them, that results in different solution. Being inclusive fosters creativity and innovation.

Valuing our employees empowers them to be better performers. I have been fortunate to have leaders, both male and female, who have shown faith in me. I am particularly proud of working with Premier. Our leaders ensure that everyone is given a seat at the table and is heard and that makes everyone, in turn, want to do a better job.  

7. How would you describe an ideal technology partner?

The number one thing would be for them to understand our business. They must have the capability and resources to fulfill our business needs. Another important thing is clear communication. However, one thing that the pandemic reinforced was that the highest priority should be the ability to transform. Even if we don’t have an immediate need, we must have the capability to learn and adapt.

8. As someone from the healthcare industry, what message would you like to give to our readers especially about vaccination?

India is at a stage right now where US was sometime ago. We’ve had over a year to prepare for this and yet we aren’t adequately organized. On top of it, there is a debate about the vaccines raging on. The technology that these vaccines are based on has been widely researched. I would request people not to be skeptical of them. It will not make you immune from the infection, but it will ensure that you don’t die from COVID. Complications from COVID can have severe, adverse, long-term effects.

Please wear your masks, social distance if you step out of your homes and make the right decision for yourself and your families and get the vaccine when you are eligible.

About Dr. Chauhan –

Vinita Chauhan-Ramprasath was born and raised in India and spent most of her childhood in Mumbai. She graduated with her B.Sc. in Chemistry and Biochemistry from Mumbai and then received her M.Sc. in Biochemistry. Vinita moved to the United States in August 2000 and received her Doctorate in Diagnostic Medicine and Pathobiology. She got married in 2006 and moved to Charlotte where she worked as a research faculty at University of North Carolina at Charlotte before getting her MBA and joining Premier Inc. Currently Vinita works as a Director of ITS Operations where she manages the GAVS-Premier partnership as well as a part of the integration management office within Premier. Vinita lives in Charlotte, NC with her husband Ram and her two sons Neel and Nikhil and their dog Dakota.

API Security

Logaiswar S

“An unsecured API is literally an ‘all you can eat buffet’ for hackers.”

What is API security?

API security is the protection of network-exposed APIs that an organization, both owns and uses. APIs are becoming the preferred method to develop new-age applications. They are one of most common ways to interact between microservices and containers like systems and apps. API are developed using REST or SOAP methods. However, the true strength of API security depends on how there are implemented.

Master Data Management Software Tools

REST API Security Vs SOAP API Security

REST APIs use HTTP and Support Transport Layer Security Encryption (TLS). It is a standard that makes the connection private and checks whether the data transferred between the two systems (client and server) is encrypted. REST API is faster than SOAP because of the statelessness of nature. REST API doesn’t need to store or repackage data.

SOAP APIs use built protocols known as Web services. These protocols are defined using a rule set that is guided by confidentiality and authentication. SOAP API has not been around for as long as REST API. SOAP API is more secure than REST API as it uses Web security for transmission long with SSL.

Why is API security important?

Organizations use API to connect services and transferred data. The major data breaches through API are broken, exposed, or hacked APIs. The way API security is used depends on what kind of data is transferred.

Security testing of APIs is currently a challenge for 35% of organizations, that need better capabilities than what current DAST and SAST technologies offer to automatically discover APIs and conduct testing. Organizations are moving from monolithic web applications to modern applications such as those that make heavy use of client-side JavaScript or ones that utilize microservices architecture.

How API Security works?

API security depends on authentication and authorization. Authentication is the first step; it is used to verify that the client application has the required permission to use API. Authorization is the subsequent step that determines what data and action an authentication application can access while interacting with API.

APIs should be developed with protective features to reduce the system’s vulnerability to malicious attacks during API calls.

The developer is responsible for ensuring the developed API successfully validates all the input collected from the user during API calls. The prepared statements with blind variables are one of the most effective ways to prevent API from SQL injection. XSS can be easily handled by cleaning the user input from the API call. Cleaning the inputs helps to ensure that potential XSS vulnerabilities are minimized.   

Best Practice for Secure API

Some basic security practice and well-established security control if the APIs are shared publicly are as follows:

  • Prioritize security: Potential loss for the organization happens using unsecured APIs, so make security a priority and build the API securely as they are being developed.
  • Encrypt traffic using TLS: Some organizations may choose not to encrypt API payload data that is considered to be non-sensitive, but for organizations whose API exchange sensitive data, TLS encryption should be essential.
  • Validate input: Never pass input from an API through to the endpoint without validating it first.
  • Use a WAP: Ensure that it can understand API payloads.
  • Use token: Establish trusted identities and then control access to services and resources by using tokens.
  • Use an API gateway: API gateways act as the major point of enforcement for API traffic. A good gateway will allow you to authenticate traffic as well as control and analyze how your APIs are used.

Modern API Data breach

USPS Cooperate Database Exposure

The weakness allowed an attacker to query the USPS website and scrape a database of over 60 million cooperate users, email addresses, phone numbers, account numbers, etc.

Exploitation

The issue was authentication-related which allowed unauthorized access to an API service called ‘informed visibility’, which was designed to deliver real-time tracking data for large-scale shipping operations.

This tracking system was tied into web API in a way that users could change the search parameters and view and even in some cases modify the information of other users. Since there wasn’t a robust anti-scraping system in place, this mass exposure was compounded by the automated and unfettered access available.

Lessons Learned

Providers giving extreme power to a specific service or function without securing every permutation of its interaction flow can lead to such exploits. To mitigate API-related risks, coding should be done with the assumption that the APIs might be abused by both internal and external forces.

References:

  1. https://www.redhat.com/en/topics/security/api-security
  2. https://searchapparchitecture.techtarget.com/definition/API-security
  3. https://nordicapis.com/5-major-modern-api-data-breaches-and-what-we-can-learn-from-them/

About the Author –

Logaiswar is a security enthusiast with core interest in Application & cloud security. He is part of the SOC DevSecOps vertical at GAVS supporting critical customer engagements.

Challenges Enable Change and Success

Vijayalakshmi Rajesh

In this hyper-connected digital age, one may misconceive a ‘challenge’ to be a deadlock and associate it with negativity. To me a challenge always implies an opportunity. Opportunity to explore newer ways of reaching success. I strongly believe that without challenges life would be mundane. The rapid improvements and progress we see today were challenges overcome by someone.

To solve any problem, we need to accept its existence and understand its dynamics. Only then can we come up with solutions. When I started my career as a marketing professional, I was the only lady in my team and a fresher too. I had to overcome many challenges. I always had the attitude to keep fighting. At times, I had no support as I was the only one swimming against the tide. But I never gave up!

I salute my mother for raising me to never shy away from challenges. I would like to share my memories of the wonderful days I spent with her. My mother had a charming personality. I admired her patience. She was a multitasker. To me, no one could match her skills at embroidery and knitting. Her zeal and enthusiasm towards life inspire me even today. I remember during my school days, I often found her immersed in her handiwork, which she also taught many women who subsequently started their businesses. After school, I would look at the work she had done that day. While she was busy in the kitchen, I would hold the cloth in my hand and closely examine the artwork. While the front side was beautiful, the backside attracted me more because it would reveal the effort put in to create the masterpiece. For my wedding, my mother gifted me a beautifully embroidered handkerchief. I immediately flipped it to look at the techniques used to keep the backside neat. My mother said something beautiful then. She said, “I noticed how you always check the work behind before looking at the actual finished product on the front. This goes on to show that you are a person who will view challenges first and learn through them. Never give up your attitude to fight and your eye for detail.”

My mother’s values have led me onto a successful path in CSR. I get immense satisfaction whenever I complete projects. I remember a child, about 6 years old, from the school where I built a library. She came to me with a flower in her hand which she had picked on her way to school and told me, “Ma’am we are grateful for all these books. I am going to read all the books and become a doctor one day.” I could feel my mother patting me on my back and my eyes welling up because only I knew the challenges I had to face in delivering the project. But these little things mean a lot to me.

I have recently noticed an interesting paradigm, especially among the younger generation. Some are not only fighting their own problems, but they are also trying to resolve the problems faced by others.

To quote an example. I read about Jayalakshmi from Pudukottai, Tamil Nadu, India, in a leading daily. She was selected to visit NASA’s Kennedy Space Centre in the US after winning a competition. Through her plea for financial support, she secured excess funding. She then channelized the surplus funds to build public toilets in her village. She also convinced her fellow villagers who were hesitant about the idea to build toilets. To me, this is extraordinary because she has challenged the status quo and won the battle for many!

To everyone out there I would say – Challenges are just as difficult as we perceive them to be. We can overcome them if we view them as opportunities. Explore the world of endless possibilities with a fighting spirit. Today we have a vaccine for COVID, created in the shortest span of time by scientists. No vaccine has been readied from scratch in less than a year. The days of “It has always been done this way” are long gone!

About the Author –

Vijayalakshmi comes with 20 years of Marketing and Academic experience. She is the Founder and Managing Trustee at ZRII TRUST. ZRII was formed as a platform to deliver high-impact social projects through Corporate Social Responsibility (CSR) funds.

Her work includes raising awareness about modern-day issues that women and children face. She is actively involved in ensuring safer and improved workspaces for women. Some of her trophy programs are under women empowerment which includes a year-long training program for women of southern Tamil Nadu, a driver training program for women to drive app-based cabs, and placement of women in factories.

Vijayalakshmi is an ombudsperson at GAVS and guides GAVS in our endeavor to be a gender-balanced and respectful workplace.

Why is AIOps an Industrial Benchmark for Organizations to Scale in this Economy?

Ashish Joseph

Business Environment Overview

In this pandemic economy, the topmost priorities for most companies are to make sure the operations costs and business processes are optimized and streamlined. Organizations must be more proactive than ever and identify gaps that need to be acted upon at the earliest.

The industry has been striving towards efficiency and effectivity in its operations day in and day out. As a reliability check to ensure operational standards, many organizations consider the following levers:

  1. High Application Availability & Reliability
  2. Optimized Performance Tuning & Monitoring
  3. Operational gains & Cost Optimization
  4. Generation of Actionable Insights for Efficiency
  5. Workforce Productivity Improvement

Organizations that have prioritized the above levers in their daily operations require dedicated teams to analyze different silos and implement solutions that provide the result. Running projects of this complexity affects the scalability and monitoring of these systems. This is where AIOps platforms come in to provide customized solutions for the growing needs of all organizations, regardless of the size.

Deep Dive into AIOps

Artificial Intelligence for IT Operations (AIOps) is a platform that provides multilayers of functionalities that leverage machine learning and analytics.  Gartner defines AIOps as a combination of big data and machine learning functionalities that empower IT functions, enabling scalability and robustness of its entire ecosystem.

These systems transform the existing landscape to analyze and correlate historical and real-time data to provide actionable intelligence in an automated fashion.

Data Center Migration Planning Tools

AIOps platforms are designed to handle large volumes of data. The tools offer various data collection methods, integration of multiple data sources, and generate visual analytical intelligence. These tools are centralized and flexible across directly and indirectly coupled IT operations for data insights.

The platform aims to bring an organization’s infrastructure monitoring, application performance monitoring, and IT systems management process under a single roof to enable big data analytics that give correlation and causality insights across all domains. These functionalities open different avenues for system engineers to proactively determine how to optimize application performance, quickly find the potential root causes, and design preventive steps to avoid issues from ever happening.

AIOps has transformed the culture of IT war rooms from reactive to proactive firefighting.

Industrial Inclination to Transformation

The pandemic economy has challenged the traditional way companies choose their transformational strategies. Machine learning-powered automations for creating an autonomous IT environment is no longer a luxury. The usage of mathematical and logical algorithms to derive solutions and forecasts for issues have a direct correlation with the overall customer experience. In this pandemic economy, customer attrition has a serious impact on the annual recurring revenue. Hence, organizations must reposition their strategies to be more customer-centric in everything they do. Thus, providing customers with the best-in-class service coupled with continuous availability and enhanced reliability has become an industry standard.

As reliability and scalability are crucial factors for any company’s growth, cloud technologies have seen a growing demand. This shift of demand for cloud premises for core businesses has made AIOps platforms more accessible and easier to integrate. With the handshake between analytics and automation, AIOps has become a transformative technology investment that any organization can make.

As organizations scale in size, so does the workforce and the complexity of the processes. The increase in size often burdens organizations with time-pressed teams having high pressure on delivery and reactive housekeeping strategies. An organization must be ready to meet the present and future demands with systems and processes that scale seamlessly. This why AIOps platforms serve as a multilayered functional solution that integrates the existing systems to manage and automate tasks with efficiency and effectivity. When scaling results in process complexity, AIOps platforms convert the complexity to effort savings and productivity enhancements.

Across the industry, many organizations have implemented AIOps platforms as transformative solutions to help them embrace their present and future demand. Various studies have been conducted by different research groups that have quantified the effort savings and productivity improvements.

The AIOps Organizational Vision

As the digital transformation race has been in full throttle during the pandemic, AIOps platforms have also evolved. The industry did venture upon traditional event correlation and operations analytical tools that helped organizations reduce incidents and the overall MTTR. AIOps has been relatively new in the market as Gartner had coined the phrase in 2016.  Today, AIOps has attracted a lot of attention from multiple industries to analyze its feasibility of implementation and the return of investment from the overall transformation. Google trends show a significant increase in user search results for AIOps during the last couple of years.

Data Center Consolidation Initiative Services

While taking a well-informed decision to include AIOps into the organization’s vision of growth, we must analyze the following:

  1. Understanding the feasibility and concerns for its future adoption
  2. Classification of business processes and use cases for AIOps intervention
  3. Quantification of operational gains from incident management using the functional AIOps tools

AIOps is truly visioned to provide tools that transform system engineers to reliability engineers to bring a system that trends towards zero incidents.

Because above all, Zero is the New Normal.

About the Author –

Ashish Joseph is a Lead Consultant at GAVS working for a healthcare client in the Product Management space. His areas of expertise lie in branding and outbound product management. He runs a series called #BizPective on LinkedIn and Instagram focusing on contemporary business trends from a different perspective. Outside work, he is very passionate about basketball, music, and food.

Significance of CI CD Process in DevOps

Muraleedharan Vijayakumar

Developing and releasing software can be a complicated process, especially as applications, teams, and deployment infrastructure grow in complexity themselves. Often, challenges become more pronounced as projects grow. To develop, test, and release software quickly and consistently, developers and organizations have created distinct strategies to manage and automate these processes.

Did you know?  Amazon releases a new production code once every 11.6 seconds.

Why CI/CD/CD?

The era of digital transformations demands faster deployments into production. Faster deployments do not warrant defective releases, the solution – ‘DevOps’. The development team, operations team, and IT services team have to work in tandem and the magic circle that brings all of them together is DevOps.

To adopt a DevOps culture, implementing the right DevOps tools with the right DevOps process is essential. Continuous integration/continuous delivery/continuous deployment (CI/CD/CD) help us developers and testers ship the software faster and safer in a structured environment.

The biggest obstacle that needs to be overcome in constructing a DevOps environment is scalability. There are no definite measures on the scalability of an application or product development, but DevOps environment should be ready to scale to meet business and technology needs. It lays a strong foundation for building an agile DevOps for the business.

Continuous Integration and Deployment has seen many benefits in the software delivery process. Initiating automated code builds once checks are completed, running automated test suites, flagging errors and breaking builds if not adhered to compliance have eased the way of deploying a stable release into staging or production environment and eliminating manual errors and human bias.

How is CI/CD/CD Set Up?

Version control tools play an important role in the success of our DevOps pipeline. And designing a good source stage is pivotal to our CI/CD success. It ensures that we can version code, digital assets, and binary files (and more) all in one spot. This enables teams to communicate and collaborate better — and deploy faster.

Our code branching strategy determines how and when developers branch and merge. When deciding on a strategy it is important to evaluate what makes sense for our team and product. Most version control systems will let you adopt and customize standard strategies like mainline, trunk-based, task/feature branching, etc.,

Typical Branching Model Followed

A basic workflow starts with code being checked out. When the work in the branch is committed, CI processes are triggered. This can be done with a merge or pull request. Then the CI/CD pipeline kicks into high gear.

The goal of CI/CD is to continuously integrate changes to find errors earlier in the process, as known as ‘Shift Left’.  The ultimate goal of having an automated CI/CD process in place to identify errors or flag non-compliance at an early stage of the development process. This increases the project’s velocity by avoiding late-stage defects and delays. It creates an environment where code is always ready for a release. With the right branching strategy, teams are equipped to deliver success.

Continuous Integration: Integrating newly developed code with the central repository is continuous integration. Automated CI results in automated builds that are triggered to merge the newly developed codes into the repository. As part of this process, plugins can be added to perform static code analysis, security compliance checks, etc., to identify if the newly added code would have any impact on the application. If there are compliance issues, the automated build breaks, and the same is reflected to the developer with insights. Automated CI helps in increasing the productivity of the developers and the team.

Continuous Delivery: At the end of a successful CI, Continuous Delivery is triggered. CD ensures to automate the software delivery process and commits to deliver the integrated code into the production stage without any bugs or delays. CD helps in merging the newly developed code into the main branch of the software so that a ready to production product is available with all the checks in place.CD also checks the quality of the code and performs tests to check whether it can release the functional build to the production environment.

Continuous Deployment: The final and most critical part of DevOps is Continuous Deployment. After the successful merging of certified code, the pipelines are triggered to deploy the code into the production environment. These pipelines are also triggered automatically. The pipelines are constructed to handle the target environment be it jar or container deployments. The most important aspect of this pipeline is to tag the releases that are also done in the production environment. If there are rollbacks these tags help the team to roll back to the right version of the build.

CI/CD/CD is an art that needs to be crafted in the right and most efficient way that will help the software development team achieve their success at a faster pace.

Different Stages & Complete DevOps Setup

What is the CI/CD/CD  Outcome?

Cyber Security Mdr Services

About the Author –

Murleedharan is a senior technical manager and has managed, developed, and launched cutting edge business intelligence and analytics platforms using big data technologies. He has experience in hosting the platform in Microsoft Azure by leveraging the MS PaaS. He is a product manager for zDesk – A Virtual Desktop offering from GAVS.
His passion is to get a friction-less DevOps operational in an environment to bring down the deployment time to a few seconds.

Design-led Organization: Creative Thinking as a Practice!

Gogul R G

This is the first article in the series of ‘Design-led organization’ writing about creative thinking as a practice in GAVS. It is the first step for the readers to explore the world of design and creativity. So, let’s get started!

First let’s see what is design thinking is all about

There is a common misconception that design thinking is new. But when you look back, people have applied a human-centric creative process to build meaningful and effective solutions. Design has been practiced for ages to build monuments, bridges, automobiles, subway systems, etc. Design is not only limited to aesthetics, it is more of a mindset to think of a solution. Design thinking is a mindset to iteratively think about a complex problem and come up with a viable solution

Thinking outside of the box can provide an innovative solution to a sticky problem. However, thinking outside of the box can be a real challenge as we naturally develop patterns of thinking that are based on the repetitive activities and commonly accessed knowledge surround ourselves. It takes something to detach away from a situation where we’re too closely involved to be able to find better possibilities.

To illustrate how a fresh way of thinking can create unexpectedly good solutions, let’s look at a famous incident. Some years ago, an incident occurred where a truck driver had tried to pass under a low bridge. But, he failed, and the truck became firmly lodged under the bridge.

IT Infrastructure Managed Services

The driver was unable to continue driving through or reverse out. The struck truck caused massive traffic problems, which resulted in emergency personnel, engineers, firefighters, and truck drivers gathering to negotiate various solutions to dislodge the truck.

Emergency workers were debating whether to dismantle parts of the truck or chip away at parts of the bridge. Each of one were looking for a solution with their respective level of expertise. A boy walking by and witnessing the intense debate looked at the truck, at the bridge, then looked at the road and said, “Why not just let the air out of the tires?” to the absolute amazement of all the specialists and experts trying to resolve the issue.

When the solution was tested, the truck could drive with ease, having suffered only the damage caused by its initial attempt to pass underneath the bridge. It symbolizes the struggles we face where often the most obvious solutions are the ones hardest to come by because of the self-imposed constraints we work within.  

“Challenging our assumptions and everyday knowledge is often difficult for us humans, as we rely on building patterns of thinking in order not to have to learn everything from scratch every time.

Let’s come back to our topic “What is Design thinking?” Tim Brown, Executive Chairman of IDEO – an international design and consulting firm quoted design thinking as below.

“Design thinking is a human-centered approach to innovation that draws from the designer’s toolkit to integrate the needs of people, the possibilities of technology, and the requirements for business success.

Now let’s think about our truck example. A boy with his fresh mindset provides a simple solution to address a complex problem. Yeah! this is the sweet spot. Everyone is creative and capable of thinking like a designer, and out of the box, to come up with a solution. This way of inculcating design as a mindset for a solution is known as Design thinking.

Yes, you read it right, everyone is creative…

We forget that back in kindergarten, we were all creative. We all played and experimented with weird things without fear or shame. We didn’t know enough not to. The fear of social rejection is something we learned as we got older. And that’s why it’s possible to regain our creative abilities, even decades later. In the field of design and user experience, there are individuals to stick with a methodology a while, they will end up doing amazing things. They come up with break through ideas or suggestions and work creatively with a team to develop something truly innovative. They surprise themselves with the realization that they are a lot more creative than they had thought. That early success shakes up how they see themselves and makes them eager to do more.

We just need to rediscover what we already have: the capacity to imagine, or build upon, new to the world ideas.  But the real value of creativity doesn’t emerge until you are brave enough to act on those ideas.

Geshe Thupten Jinpa, who has been the Dalai Lama’s chief English translator for more than twenty years, shared an insight about the nature of creativity. Jinpa pointed out that there’s no word in the Tibetan language for ‘creativity’ or ‘being creative’. The closest translation is ‘natural’. In other words, if you want to be more creative, you should be more natural! So…be natural!

At your workplace, the complex problems can be easily sorted out when you find a solution using creativity with the mindset of design thinking. Creativity can be improved by following the below steps.

  1. Go for a walk.
  2. Play your favorite games.
  3. Move your eyes.
  4. Take a break and enjoy yourself.
  5. Congratulate yourself each time you do something well.
  6. Estimate time, distance, and money.
  7. Take a route you never have taken before.
  8. Look for images in mosaics, patterns, textures, clouds, stars…
  9. Try something you have never done before.
  10. Do a creative exercise.
  11. Start a collection (stamps, coins, art, stationery, anything you wish to collect)
  12. Watch Sci-Fi or fantasy films.
  13. Change the way you do things – there are no routine tasks, only routine way of doing things.
  14. Wear a color you do not like.
  15. Think about how they invented equipment or objects you use daily.
  16. Make a list of 10 things you think are impossible to do and then imagine how you could make each one possible.
  17. For every bad thing that happens to you, remember at least 3 good things that happened.
  18. Read something you have not read yet.
  19. Make friends with people on the other side of the world.
  20. When you have an idea, make a note of it, and later check to see if it happened.
  21. Connect a sport with your work.
  22. Try food you never tried before.
  23. Talk to grandparents and relatives and listen to their stories.
  24. Give an incorrect answer to a question.
  25. Find links between people, things, ideas, or facts.
  26. Ask children how to do something and observe their creativity.

Start doing the above-mentioned steps to inculcate a creative mindset and apply it in your day-to-day work. Companies like GE health care, Procter & Gamble, UBER practiced design thinking and implemented in their new product launches and for solving complex problems in their organizations. Be natural to be more creative! When you are more creative, you can apply design thinking for seeking any solution for a complex problem in your work.

This is the first article in the series of Design led Organization in GAVS. Keep watching this space for more articles on design and keep exploring the world of design-thinking!

References:

About the Author –

Gogul is a passionate UX designer with 8+ years of experience into designing experiences for digital channels like Enterprise apps, B2C, B2B apps, Mobile apps, Kiosk, Point of Sale, Endless aisle, telecom products. He is passionate about transforming complex problems into actionable solutions using design.

Center of Excellence – Security

The Security Center of Excellence was instituted to set standards in the practice and be the point of contact for technical solutions, problem solving, etc. The broad objectives of this CoE are as follows:

  • Develop and maintain technical assets that can be leveraged across GAVS.
  • Enable Quality Governance by providing support in gating of architecture and design related deliverables.
  • Enable Operational Governance by establishing cadence for tech review of projects.
  • Create domain-based SMEs within the practice.
  • Train and upskill members in the practice.
  • Improve customer satisfactory index by implementing new ideas and innovations across all engagements.
  • Create additional SOC services for market competency.
  • Automation – Detect, investigate and remediate cyberthreats with playbooks and response workflows.

COVID and the changing nature of threat landscape

For many industries, it has been challenging period ever since the COVID outbreak, more so for those in security. Clearly, the bad actors have lot of time at their disposal which is reflective in the innovative techniques being used to attack targets. The level of vigilance required in monitoring the alerts and application of threat hunting techniques is key to diagnosing problems at initial stages of compromise in the worst-case scenario.

Microsoft Cloud Solution Provider

Remote Infrastructure Monitoring Services
Source: IBM X-Force Research

For enterprises that have no clue about MDR (Managed Detection and Response), this is a good time for them to start. We have innovative, cost effective solutions – “Make Hay while the Sun shines”. Small and large corporations alike have lost business and money because of lapse in security controls and monitoring. Now is not the time to make headlines that you are the victim of a major breach.

Our team is developing a vulnerability alerting tool, which we intend to equip customers with to provide qualified bulletin alerts, i.e. alerts only on vulnerabilities that affect them. This is a first of a kind in the market. This will greatly benefit existing and new customers.

Expanding into IAM and PAM

Security practice is expanding into Identity & Access Management (IAM) and Privileged Access Management (PAM) services. With new customers being onboarded into this focus areas for products such as Sailpoint, Thycotic, Ping, Cyberark, Okta and Azure PIM, we are expanding our talent pool through recruitment and through training and certification. This should largely benefit our existing customers and prospects who intend to leverage our security practice to fulfil their cyber security needs.

Expansion of our Red Team

Our Red Team within the practice has been expanded with many talented members, including some with bug bounty bragging rights. This has enormously helped in performing intensive tests on our internal product platforms, security assessments for customers. We have also extensively invested on tools for the Red Team to help them reduce assessment times.

Certification drive

With some more analysts having certified across AZ-500, Cyberark and trained on Darktrace. GAVS’ security analysts are taking full advantage to increase their knowledge thanks to the generosity of our alliances and training sites like Pluralsight. Even the mighty Microsoft opened their learning website for free, enabling young talent to equip themselves with critical DevOps and Cloud security skills.

As part of CoE initiatives, we have;

  • Aligned our security roadmap based on industry trends and to ensure solutions tailored for customer pain points.
  • Extended our SOC practice with IAM and PAM in 2020.
  • Identified domain-based SME and product-based SME for quick support.

We are currently in the process of creating security products, GVAS and GSMA, to help customer in proactively identifying and addressing vulnerabilities and self-maturity assessment of their cybersecurity posture. We are also underway to add Operational security to our Security practice.

If you have any questions about the CoE, you may reach out to them at COE_INFOSEC@gavstech.com

CoE Team Members

  • Venkatakrishnan A
  • Shivaram J
  • Alex Nepolian Lawrence
  • Ravindran Girikrishnan
  • Aravindah Sadhasivam Subramanian
  • Vijayakumar Veerapandiyan
  • Thubati Uday
  • Ganta Venkata Sandeep
  • Sundaramoorthy S
  • Sukanya Srinivasan

Center of Excellence – Java

The Java CoE was established to partner with our customers and aid them in realizing business benefits through effective adoption of cutting-edge technologies; thus, enabling customer success.

Objectives

  • Be the go-to team for anything related to Java across the organization and customer engagements.
  • Build competency by conducting training and mentoring sessions, publishing blogs, whitepapers and participating in Hackathons.
  • Support presales team in creating proposals by providing industry best solutions using the latest technologies, standards & principles.
  • Contribute a certain percent of revenue growth along with the CSMs.
  • Create reusable artifacts, frameworks, solutions and best practices which can be used across organization to improve delivery quality.

Focus Areas

  1. Design Thinking: Setting up a strong foundation of “Design Thinking and Engineering Mindset” is paramount for any business. We aim to do so in the following way:
IT Infrastructure Managed Services

2. Solution and Technology: Through our practice, we aim to equip GAVS with solution-oriented technology leaders who can lead us ahead through disruptive times

IT Operations Management Software

3. Customer success

  • Identify opportunities in accounts based on the collaboration with CSMs, understand customer needs, get details about the engagement, understand the focus areas and challenges.
  • Understand the immediate need of the project, provide solution to address the need.
  • Java council to help developers arrive at solutions.
  • Understand architecture in detail and provide recommendation / create awareness to use new technologies
  • Enforce a comprehensive review process to enable quality delivery.

Accomplishments

  • Formed the CoE team
  • Identified the focus Areas
  • Identified leads for every stream
  • Socialized the CoEwithin GAVS
  • Delivered effective solutions across projects to improve delivery quality
  • Conducted trainings on standards and design-oriented coding practices across GAVS
  • Publishedblogs to bring in design-oriented development practices
  • Identified the areas for creating re-usable artefacts (Libraries / Frameworks)
  • Brainstormed and finalized the design for creating Frameworks (For the identified areas)
  • Streamlined the DevOps process which can be applied in any engagement
  • Built reusable libraries, components and frameworks which can be used across GAVS
  • Automated the Code Review process
  • Organized and conducted hackathons and tech meetups
  • Discovered potential technical problems/challenges across teams and offered effective solutions, thereby enabling customer success
  • Supported the presales team in creating customized solutions for prospects

Upcoming Activities

  • Establishing tech governance and align managers / tech leads to the process
  • Setting up security standards and principles across domain
  • Buildingmore reusable libraries, components and frameworks which can be used across GAVS
  • Adopting Design Patterns / Anti-patterns
  • Enforcing a strong review process to bring in quality delivery
  • Enabling discussions with the customers
  • Setting up a customer advisory team

Contribution to Organizational Growth

As we continue our journey, we aim to support the revenue growth of our organization. Customer Success being a key goal of GAVS, we will continue to enable it by improving the quality of service delivery and building a solid foundation across all technology and process streams. We also want to contribute to the organization by developing a core competency around a strategic capability and reduce knowledge management risks.

If you have any questions about the CoE, you may reach out to them at COE_JAVA@gavstech.com

CoE Team Members

  • Lakshminarasimhan J
  • Muraleedharan Vijayakumar
  • Bipin V
  • Meenakshi Sundaram
  • Mahesh Rajakumar M
  • Ranjith Joseph Selvaraj
  • Jagathesewaren K
  • Sivakumar Krishnasamy
  • Vijay Anand Shanmughadass
  • Sathya Selvam
  • Arun Kumar Ananthanarayanan
  • John Kalvin Jesudhason

Observability versus Monitoring

Sri Chaganty

“Observability” has become a key trend in Service Reliability Engineering practice.  One of the recommendations from Gartner’s latest Market Guide for IT Infrastructure Monitoring Tools released in January 2020 says, “Contextualize data that ITIM tools collect from highly modular IT architectures by using AIOps to manage other sources, such as observability metrics from cloud-native monitoring tools.”

Like so many other terms in software engineering, ‘observability’ is a term borrowed from an older physical discipline: in this case, control systems engineering. Let me use the definition of observability from control theory in Wikipedia: “observability is a measure of how well internal states of a system can be inferred from knowledge of its external outputs.”

Observability is gaining attention in the software world because of its effectiveness at enabling engineers to deliver excellent customer experiences with software despite the complexity of the modern digital enterprise.

When we blew up the monolith into many services, we lost the ability to step through our code with a debugger: it now hops the network.  Monitoring tools are still coming to grips with this seismic shift.

How is observability different than monitoring?

Monitoring requires you to know what you care about before you know you care about it. Observability allows you to understand your entire system and how it fits together, and then use that information to discover what specifically you should care about when it’s most important.

Monitoring requires you to already know what normal is. Observability allows discovery of different types of ‘normal’ by looking at how the system behaves, over time, in different circumstances.

Monitoring asks the same questions over and over again. Is the CPU usage under 80%? Is memory usage under 75% percent? Or, is the latency under 500ms? This is valuable information, but monitoring is useful for known problems.

Observability, on the other side, is about asking different questions almost all the time. You discover new things.

Observability allows the discovery of different types of ‘normal’ by looking at behavior, over time, in different circumstances.

Metrics do not equal observability.

What Questions Can Observability Answer?

Below are sample questions that can be addressed by an effective observability solution:

  • Why is x broken?
  • What services does my service depend on — and what services are dependent on my service?
  • Why has performance degraded over the past quarter?
  • What changed? Why?
  • What logs should we look at right now?
  • What is system performance like for our most important customers?”
  • What SLO should we set?
  • Are we out of SLO?
  • What did my service look like at time point x?
  • What was the relationship between my service and x at time point y?
  • What was the relationship of attributed across the system before we deployed? What’s it like now?
  • What is most likely contributing to latency right now? What is most likely not?
  • Are these performance optimizations on the critical path?

About the Author –

Sri is a Serial Entrepreneur with over 30 years’ experience delivering creative, client-centric, value-driven solutions for bootstrapped and venture-backed startups.