Why is AIOps an Industrial Benchmark for Organizations to Scale in this Economy?

Ashish Joseph

Business Environment Overview

In this pandemic economy, the topmost priorities for most companies are to make sure the operations costs and business processes are optimized and streamlined. Organizations must be more proactive than ever and identify gaps that need to be acted upon at the earliest.

The industry has been striving towards efficiency and effectivity in its operations day in and day out. As a reliability check to ensure operational standards, many organizations consider the following levers:

  1. High Application Availability & Reliability
  2. Optimized Performance Tuning & Monitoring
  3. Operational gains & Cost Optimization
  4. Generation of Actionable Insights for Efficiency
  5. Workforce Productivity Improvement

Organizations that have prioritized the above levers in their daily operations require dedicated teams to analyze different silos and implement solutions that provide the result. Running projects of this complexity affects the scalability and monitoring of these systems. This is where AIOps platforms come in to provide customized solutions for the growing needs of all organizations, regardless of the size.

Deep Dive into AIOps

Artificial Intelligence for IT Operations (AIOps) is a platform that provides multilayers of functionalities that leverage machine learning and analytics.  Gartner defines AIOps as a combination of big data and machine learning functionalities that empower IT functions, enabling scalability and robustness of its entire ecosystem.

These systems transform the existing landscape to analyze and correlate historical and real-time data to provide actionable intelligence in an automated fashion.

Data Center Migration Planning Tools

AIOps platforms are designed to handle large volumes of data. The tools offer various data collection methods, integration of multiple data sources, and generate visual analytical intelligence. These tools are centralized and flexible across directly and indirectly coupled IT operations for data insights.

The platform aims to bring an organization’s infrastructure monitoring, application performance monitoring, and IT systems management process under a single roof to enable big data analytics that give correlation and causality insights across all domains. These functionalities open different avenues for system engineers to proactively determine how to optimize application performance, quickly find the potential root causes, and design preventive steps to avoid issues from ever happening.

AIOps has transformed the culture of IT war rooms from reactive to proactive firefighting.

Industrial Inclination to Transformation

The pandemic economy has challenged the traditional way companies choose their transformational strategies. Machine learning-powered automations for creating an autonomous IT environment is no longer a luxury. The usage of mathematical and logical algorithms to derive solutions and forecasts for issues have a direct correlation with the overall customer experience. In this pandemic economy, customer attrition has a serious impact on the annual recurring revenue. Hence, organizations must reposition their strategies to be more customer-centric in everything they do. Thus, providing customers with the best-in-class service coupled with continuous availability and enhanced reliability has become an industry standard.

As reliability and scalability are crucial factors for any company’s growth, cloud technologies have seen a growing demand. This shift of demand for cloud premises for core businesses has made AIOps platforms more accessible and easier to integrate. With the handshake between analytics and automation, AIOps has become a transformative technology investment that any organization can make.

As organizations scale in size, so does the workforce and the complexity of the processes. The increase in size often burdens organizations with time-pressed teams having high pressure on delivery and reactive housekeeping strategies. An organization must be ready to meet the present and future demands with systems and processes that scale seamlessly. This why AIOps platforms serve as a multilayered functional solution that integrates the existing systems to manage and automate tasks with efficiency and effectivity. When scaling results in process complexity, AIOps platforms convert the complexity to effort savings and productivity enhancements.

Across the industry, many organizations have implemented AIOps platforms as transformative solutions to help them embrace their present and future demand. Various studies have been conducted by different research groups that have quantified the effort savings and productivity improvements.

The AIOps Organizational Vision

As the digital transformation race has been in full throttle during the pandemic, AIOps platforms have also evolved. The industry did venture upon traditional event correlation and operations analytical tools that helped organizations reduce incidents and the overall MTTR. AIOps has been relatively new in the market as Gartner had coined the phrase in 2016.  Today, AIOps has attracted a lot of attention from multiple industries to analyze its feasibility of implementation and the return of investment from the overall transformation. Google trends show a significant increase in user search results for AIOps during the last couple of years.

Data Center Consolidation Initiative Services

While taking a well-informed decision to include AIOps into the organization’s vision of growth, we must analyze the following:

  1. Understanding the feasibility and concerns for its future adoption
  2. Classification of business processes and use cases for AIOps intervention
  3. Quantification of operational gains from incident management using the functional AIOps tools

AIOps is truly visioned to provide tools that transform system engineers to reliability engineers to bring a system that trends towards zero incidents.

Because above all, Zero is the New Normal.

About the Author –

Ashish Joseph is a Lead Consultant at GAVS working for a healthcare client in the Product Management space. His areas of expertise lie in branding and outbound product management. He runs a series called #BizPective on LinkedIn and Instagram focusing on contemporary business trends from a different perspective. Outside work, he is very passionate about basketball, music, and food.

Container Security

Anandharaj V

We live in a world of innovation and are beneficiaries of new advancements. New advancements in software technology also comes with potential security vulnerabilities.

‘Containers’ are no exception. Let us first understand what a container is and then the vulnerabilities associated with it and how to mitigate them.

What is a Container?

You might have seen containers in the shipyard. It is used to isolate different cargos which is transported via ships. In the same way, software technologies use a containerization approach.

Containers are different from Virtual Machines (VM) where VMs need a guest operating system which runs on a host operating system (OS). Containers uses OS virtualization, in which required processes, CPU, Memory, and disk are virtualized so that containers can run without a separate operating system.

In containers, software and its dependencies are packaged so that it can run anywhere whether on-premises desktop or in the cloud.

IT Infrastructure Managed Services

Source: https://cloud.google.com/containers

As stated by Google, “From Gmail to YouTube to Search, everything at Google runs in containers”.

Container Vulnerabilities and Countermeasures

Containers Image Vulnerabilities

While creating a container, an image may be patched without any known vulnerabilities. But a vulnerability might have been discovered later, while the container image is no longer patched. For traditional systems, it can be patched when there is a fix for the vulnerability without making any changes but for containers, updates should be upstreamed in the images, and then redeployed. So, containers have vulnerabilities because of the older image version which is deployed.

Also, if the container image is misconfigured or unwanted services are running, it will lead to vulnerabilities.

Countermeasures

If you use traditional vulnerability assessment tools to assess containers, it will lead to false positives. You need to consider a tool that has been designed to assess containers so that you can get actionable and reliable results.

To avoid container image misconfiguration, you need to validate the image configuration before deploying.

Embedded Malware and Clear Text Secrets

Container images are collections of files packaged together. Hence, there are chances of malicious files getting added unintentionally or intentionally. That malicious software will have the same effect as of the traditional systems.

If secrets are embedded in clear text, it may lead to security risks if someone unauthorized gets access.

Countermeasures

Continuous monitoring of all images for embedded malware with signature and behavioral detection can mitigate embedded malware risks.

 Secrets should never be stored inside of containers image and when required, it should be provided dynamically at runtime.

Use of Untrusted Images

Containers have the advantages of ease of use and portability. This capability may lead teams to run container images from a third party without validating it and thus can introducing data leakage, malware, or components with known vulnerabilities.

Countermeasures

Your team should maintain and use only trusted images, to avoid the risk of untrusted or malicious components being deployed.

Registry Risks

Registry is nothing but a repository for storing container images.

  1. Insecure connections to registries

Images can have sensitive information. If connections to registries are performed over insecure channels, it can lead to man-in-the-middle attacks that could intercept network traffic to steal programmer or admin credentials to provide outdated or fraudulent images.

You should configure development tools and containers while running, to connect only over the encrypted medium to overcome the unsecured connection issue.

  1. Insufficient authentication and authorization restrictions

As we have already seen that registries store container images with sensitive information. Insufficient authentication and authorization will result in exposure of technical details of an app and loss of intellectual property. It also can lead to compromise of containers.

Access to registries should authenticated and only trusted entities should be able to add images and all write access should be periodically audited and read access should be logged. Proper authorization controls should be enabled to avoid the authentication and authorization related risks.

Orchestrator Risks

  1. Unbounded administrative access

There are many orchestrators designed with an assumption that all the users are administrators but, a single orchestrator may run different apps with different access levels. If you treat all users as administrators, it will affect the operation of containers managed by the orchestrator.

Orchestrators should be given the required access with proper role-based authorization to avoid the risk of unbounded administrative access.

  1. Poorly separated inter-container network traffic

In containers, traffic between the host is routed through virtual overlay networks. This is managed by the orchestrator. This traffic will not be visible to existing network security and management tools since network filters only see the encrypted packets traveling between the hosts and will lead to security blindness. It will be ineffective in monitoring the traffic.

To overcome this risk, orchestrators need to configure separate network traffic as per the sensitivity levels in the virtual networks.

  1. Orchestrator node trust

You need to give special attention while maintaining the trust between the hosts, especially the orchestrator node. Weakness in orchestrator configuration will lead to increased risk. For example, communication can be unencrypted and unauthenticated between the orchestrator, DevOps personnel, and administrators.

To mitigate this, orchestration should be configured securely for nodes and apps. If any node is compromised, it should be isolated and removed without disturbing other nodes.

Container Risks

  1. App vulnerabilities

It is always good to have a defense. Even after going through the recommendations, we have seen above; containers may still be compromised if the apps are vulnerable.

As we have already seen that traditional security tools may not be effective when you use it for containers. So, you need a container aware tool which will detect behavior and anomalies in the app at run time to find and mitigate it.

  1. Rogue containers

It is possible to have rogue containers. Developers may have launched them to test their code and left it there. It may lead to exploits as those containers might not have been thoroughly checked for security loopholes.

You can overcome this by a separate environment for development, test, production, and with a role-based access control.

Host OS Risks

  1. Large attack surface

Every operating system has its attack surface and the larger the attack surface, the easier it will be for the attacker to find it and exploit the vulnerability and compromise the host operating system and the container which run on it.

You can follow the NIST SP 800-123 guide to server security if you cannot use container specific operating system to minimize the attack surface.

  1. Shared kernel

If you only run containers on a host OS you will have a smaller attack surface than the normal host machine where you will need libraries and packages when you run a web server or a database and other software.

You should not mix containers and non-containers workload on the same host machine.

If you wish to further explore this topic, I suggest you read NIST.SP.800-190.


References

About the Author –

Anandharaj is a lead DevSecOps at GAVS and has over 13 years of experience in Cybersecurity across different verticals which include Network Security, application Security, computer forensics and cloud security.

IAST: A New Approach to Finding Security Vulnerabilities

Roberto Velasco
CEO, Hdiv Security

One of the most prevalent misconceptions about cybersecurity, especially in the mainstream media and also among our clients, is that to conduct a successful attack against an IT system it is necessary to ‘investigate’ and find a new defect in the target’s system.

However, for most security incidents involving internet applications, it is enough to simply exploit existing and known programming errors.

For instance, the dramatic Equifax breach could have been prevented by following basic software security best-practices, such as patching the system to prevent known vulnerabilities. That was, in fact, one of the main takeaways from the forensic investigation led by the US federal government.

One of the most important ways to reduce security risks is to ensure that all known programming errors are corrected before the system is exposed to internet traffic. Research bodies such as the US NIST found that correcting security bugs early on is orders of magnitude cheaper than doing so when the development has been completed.

When composing a text in a text editor, the spelling and grammar corrector highlights the mistakes in the text. Similarly, there are security tools known as AST (Application Security Testing) that find programming errors that introduce security weaknesses. ASTs report the file and line where the vulnerability is located, in the same way, that a text editor reports the page and the line that contains a typo.

In other words, these tools allow developers to build software that is largely free of security-related programming errors, resulting in more secure applications.

Just like it is almost impossible to catch all errors in a long piece of text, most software contains many serious security vulnerabilities. The fact that some teams do not use any automated help at all, makes these security weaknesses all the most prevalent and easy to exploit.

Let’s take a look at the different types of security issue detection tools also known as ASTs, or vulnerability assessment tools, available in the market.

The Traditional Approach

Two mature technologies capture most of the market: static code analysis (SAST) and web scanners (dynamic analysis or DAST). Each of these two families of tools is focused on a different execution environment.

The SAST static analysis, also known as white-box analysis because the tool has access to the source code of the application, scans the source code looking for known patterns that indicate insecure programming that could lead to a vulnerability.

The DAST dynamic analysis replicates the view of an attacker. At this point, the tool executes hundreds or thousands of queries against the application designed to replicate the activity of an attacker to find security vulnerabilities. This is a black-box analysis because the point of view is purely external, with no knowledge of the application’s internal architecture.

The level of detail provided by the two types of tools is different. SAST tools provide file and line where the vulnerability is located, but no URL, while DAST tools provide the external URL, but no details on the location of the problem within the code base of the application. Some teams use both tools to improve visibility, but this requires long and complex triaging to manage the vulnerabilities.

The Interactive AST Approach

The Interactive Application Security Testing (IAST) tools combine the static approach and the dynamic approach. They have access to the internal structure of the application, and to the way it behaves with actual traffic. This privileged point of view is ideal to conduct security analysis.

From an architecture point of view, the IAST tools become part of the infrastructure that hosts the web applications, because an IAST runs together with the application server. This approach is called instrumentation, and it is implemented by a component known as an agent. Other platforms such as Application Performance Monitoring tools (APMs) share this proven approach.

Once the agent has been installed, it incorporates automatic security sensors in the critical execution points of the application. These sensors monitor the dataflow between requests and responses, the external components that the application includes, and data operations such as database access. This broad-spectrum coverage is much better than the visibility that SAST and DAST rely on.

In terms of specific results, we can look at two important metrics – how many types of vulnerabilities the tool finds, and how many of the identified vulnerabilities are false positives. Well, the best DAST is able to find only 18% of the existing vulnerabilities on a test application. And even worse, around 50% of the vulnerabilities reported by the best SAST static analysis tool are not true problems!

IT Automation with AI

Source: Hdiv Security via OWASP Benchmark public result data

The IAST approach provides these tangible benefits:

  1. Complete coverage, because the entire application is reviewed, both the custom code and the external code, such as open-source components and legacy dependencies.
  2. Flexibility, because it can be used in all environments; development, quality assurance (QA), and production.
  3. High accuracy, because the combination of static and dynamic point of views allow us to find more vulnerabilities with no false positives.
  4. Complete vulnerability information, including the static aspects (source code details) and dynamic aspects (execution details).
  5. Reduction of the duration of the security verification phase, so that the time-to-market of the secure applications is shorter.
  6. Compatible with agile development methodologies, such as DevSecOps, because it can be easily automated, and reduces the manual verification activities

IAST tool can add tons of value to the security tooling of any organization concerned with the security of the software.

In the same way that everyone uses an automated spell checker to find typos in a document, we believe that any team would benefit from an automated validation of the security of an application.

However, the AST does not represent a security utopia, since they can only detect security problems that follow a common pattern.

About the Author –

Roberto Velasco is the CEO of Hdiv Security. He has been involved with the IT and security industry for the past 16 years and is experienced in software development, software architecture and application security across different sectors such as banking, government and energy. Prior to founding Hdiv Security, Roberto worked for 8 years as a software architect and co-founded ARIMA, a company specialized in software architecture. He regularly speaks at Software Architecture and cybersecurity conferences such as Spring I/O and APWG.eu.

Post – Pandemic Recruiting Practices

Prabhakar Kumar Mandal

The COVID pandemic has transformed business as we know it. This includes recruitment. Right from the pre-hire activities to the post-hire ones, no hiring practices will be exempt from change we’re witnessing. To maintain a feasible talent acquisition program now and in the coming years, organizations face a persistent need to reimagine the way they do things at every step of the hiring funnel. 

Enterprise IT Support Services USA

In my perspicacity, following are the key aspects to look at:

1. Transforming Physical Workspaces

Having employees be physically present at workplace is fraught with challenges now. We envision many companies transitioning into a fully or partially remote workforce to save on costs and give employees more flexibility.

This means companies that maintain a physical headquarter will be paying much closer attention to the purpose those spaces really serve—and so will the candidates. The emphasis now will be on spaces of necessity—meeting areas, spaces for collaborative work, and comfortable, individual spaces for essential workers who need to be onsite. 

2. Traveling for interviews will be an obsolete

It’s going to be a while before non-essential travel assumes its pre-corona importance. In a study of traveler attitudes spanning the U.S., Canada, the U.K., and Australia, the portion of people who said they intended to restrict their travel over the next year increased from 24% in the first half of March to 40% in the second half of March.

Candidates will be less willing than they once were to jump on a plane for an in-person interview when a video conference is a viable alternative. 

3. Demand for workers with cross-trained skills will increase

Skills-based hiring has been on the rise now and will keep increasing as businesses strive to do more with a lesser headcount. We anticipate organizations to increasingly seek out candidates who can wear multiple hats. 

Additionally, as machines take on more jobs that were once reserved for people, we will see even greater demand for uniquely human skills like problem solving and creative thinking. Ravi Kumar, president of Infosys Ltd., summed it up perfectly in an interview with Forbes: “machines will handle problem-solving and humans will focus on problem finding.” 

4. Recruiting events will look a lot different 

It’s unclear when large-scale, in-person gatherings like job fairs will be able to resume, but it will likely be a while. We will likely see most events move to a virtual model, which will not only reduce risk but significantly cut costs for those involved. This may open new opportunities to allocate that budget to improve some of the other pertinent recruiting practices on this list. 

Digital Transformation Services and Solutions

5. Time to hire may change dramatically

The current approach is likely to change. For example, that most people who took a new job last year were not searching for one: Somebody came and got them. Businesses seek to fill their recruiting funnel with as many candidates as possible, especially ‘passive candidates’, who are not looking to move. Frequently employers advertise jobs that do not exist, hoping to find people who might be useful later or in a different framework. We are always campaigning the importance of minding our recruiting metrics, which can help us not only to hire more competently but identify interruptions in our recruiting process.

Are there steps in the hiring process, like screening or onboarding, that can be accelerated to balance things out? Are there certain recruitment channels that typically yield faster hires than others that can be prioritized? These are important questions to ask as you analyze the pandemic’s impacts to your hiring funnel. 

6. How AI can be leveraged to screen candidates?

AI is helping candidates get matched with the right companies. There are over 100 parameters to assess the candidates. This reduces wastage of time, money, and resources. The candidates are marked on their core strengths. This helps the recruitment manager to place them in the apt role.

The current situation presents the perfect opportunity for companies to adopt new tools. Organizations can reassess their recruitment processes and strategies through HR-aligned technology.

Post-pandemic hiring strategy

This pertains more to the industries most impacted by the pandemic, like businesses in the hospitality sector, outdoor dining, and travel to name a few. Many of the applicants in this domain have chosen to make the shift towards more promising or booming businesses.

However, once the pandemic blows over and restrictions are lifted, you can expect suffering sectors to come back with major recruitment changes and fierce competition over top talent.

Companies that take this time to act by cultivating relationships and connections with promising talent in their sphere, will have the advantage of gathering valuable data from probable candidates.

About the Author –

Prabhakar is a recruiter by profession and cricketer by passion. His focus is on hiring for the infra verticle. He hails from a small town in Bihar was brought up in Pondicherry. Prabhakar has represented Pondicherry in U-19 cricket (National School Games). In his free time he enjoys reading, working on his health and fitness and spending time with his family and friends.

Business Intelligence Platform RESTful Web Service

Albert Alan

Restful API

RESTful Web Services are REST architecture based web services. Representational State Transfer (REST) is a style of software architecture for distributed systems such as the World Wide Web. In this architectural style, data and functionality is considered resources and are accessed using Uniform Resource Identifiers (URIs), typically links on the Web.

RESTful Web Service

REST has some advantages over SOAP (Simple Objects Access Protocol) but is similar in technology since it is also a function call via HTTP protocol. REST is easier to call from various platforms, transfers pure human-readable data in JSON or XML and is faster and saves resources.

In the basic idea of REST, an object is accessed via REST, not its methods. The state of the object can be changed by the REST access. The change is caused by the passed parameters. A frequent application is the connection of the SAP PI via the REST interface.

When to use Rest Services

  • You want to access BI platform repository objects or perform basic scheduling.
  • You want to use a programming language that is not supported by another BI platform SDK.
  • You want to extract all the query details and number of records per query for all the reports like Webi and Crystal, etc.
  • You want to extract folder path of all reports at once.

Process Flow

RESTful Web Service

RESTful Web Service Requests

To make a RESTful web service request, you need the following:

  • URL – The URL that hosts the RESTful web service.
  • Method – The type of HTTP method to use for sending the request, for example GET, PUT, POST, or DELETE.
  • Request header – The attributes that describe the request.
  • Request body – Additional information that is used to process the request.

Common RWS Error Messages

RESTful Web Service

Restful Web Service URIs Summary List

URLResponseComments
  /v1Service document that contains a link to the /infostore API.This is the root level of an infostore resource
  /v1/infostoreFeed contains all the objects in BOE system/v1/infostore
  /v1/infostore/ <object_id>Entry corresponding to the info object with SI_ID=./v1/infostore/99
      /v1/logon/longReturns the long form for logon, which contains the user and password authentication template.Used to logon to the BI system based on the authentication method.
  /v1/users/ <user_id>  XML feed of user details in BOE systemYou can Modify user using PUT method and DELETE user using DELETE method.
    /v1/usergroups/ <usergroup_id>    XML feed of user group details in BOE systemSupport GET and PUT and DELETE method. You can Modify user group using PUT method and DELETE user group using DELETE method.
  v1/folders/ <folder_id>XML feed displays the details of the folder, can be used to modify the details of the folder, and delete the folder.You modify the folder using PUT method and DELETE the folder using DELETE method
  /v1/publicationsXML feed of all publications created in BOE systemThis API supports GET method only.

Extended Workflow

 The workflow is as follows:

  • To Pass the Base URL

GET http:///localhost:6405/biprws/v1/users

  • To Pass the Headers

  • To Get the xml/json response

Automation of Rest Call

The Business Intelligence platform RESTful Web Service  (BI-REST-SDK) allows you to programmatically access the BI platform functionalities such as administration, security configuration and modification of the repository. In addition, to the Business Intelligence platform RESTful web service SDK, you can also use the SAP Crystal Reports RESTful Web Services  (CR REST SDK) and SAP Web Intelligence RESTful Web Services (WEBI REST SDK).

Implementation

An application has been designed and implemented using Java to automate the extraction of SQL query for all the webi reports from the server at once.

Tools used:

  • Postman (Third party application)
  • Eclipse IDE

The structure of the application is as below:

The application file comprises of the required java jar files, java class files, java properties files and logs. Java class files (SqlExtract) are the source code and will be compiled and executed using command prompt as:

Step 1

  • Javac -cp “.;java-json.jar;json-simple-1.1.jar;log4j-1.2.17.jar” SqlExtract.java

 The above command compiles the java code.

Step 2

  • Java -cp “.;java-json.jar;json-simple-1.1.jar;log4j-1.2.17.jar” SqlExtract.java

 The above command runs the compiled java file.

The java properties file (log4j) is used to set the configurations for the java code to run. Also, the path for the log file can be set in the properties file.

RESTful Web Service

The logs (SqlExtractLogger) consist of the required output file with all the extracted query for the webi reports along with the data source name, type and the row count for each query in the respective folder in the path set by the user in properties file.

RESTful Web Service

The application is standalone and can run in any windows platform or server which has java JRE (version greater than 1.6 – preferred) installed in it.

Note: All the above steps required to execute the application are consolidated in the (steps) file.

Conclusion

SAP BO provides Restful web service to traverse through its repository, to fetch structural info and to modify the metadata structure based on the user requirements. When integrated with programming languages like python, java, etc., extends the scope to a greater extent, allowing the user to automate the workflows and to solve the backtracking problems.

Handling Restful web service needs expertise in server administration and programming as changes made to the metadata are irreversible.

References

About the Author –

Alan is a SAP Business Intelligence consultant with a critical thinking and an analytical mind. He believes in ‘The more extensive a man’s knowledge of what has been done, the greater will be his power of knowing what to do’.

Mentoring – a Win-Win Situation

Rama Vani Periasamy

“If I have seen further it is by standing on the shoulders of giants.” — Isaac Newton

Did you know the English word ‘Mentor’ actually originated from the Greek epic ‘The Odyssey’?

When Odysseus had to leave his kingdom to lead his army in the Trojan war, his son Telemachus was left under the guidance of a friend ‘Mentor’. Mentor was supposed to guide and groom Telemachus during his developmental years and make him independent. The word ‘Mentor’ was thus incorporated in the English language. We use the word in the same context that existed in Greek Mythology – to guide a person, make him/her an independent thinker, and a doer.

In the age of technology, there may be tools and enormous amounts of data to get a competitive advantage, but they’re no match for a mentor. The business hall of fame is adorned with the names of people who discovered that finding a mentor made all the difference.

A lot of people have been able to achieve greater heights than they imagined because they were able to tap into their potential and that is the energy mentoring brings in.

In today’s world, a lot of corporate offices offer mentoring programs that cut across age groups (called the cross-gens), backgrounds, and experiences that benefit everyone. But sometimes the mechanisms and expectations of a mentoring program are not clear which makes the practice unsuccessful. Today’s young generation think they have the internet to quench the thirst of their knowledge. They do not see mentors as guiding beacons to success but only help them meet their learning needs. Citing it with an example, mentoring is equivalent to teaching a man to not just fish, but also share the experiences, tricks, and tips, so that he becomes an independent fisher.  More often, our current generation fails to understand that even geniuses like Aristotle and Bill Gates needed a mentor in their lives.

When mentoring is so powerful, why don’t we nurture the relationship? What stops us? Is time a factor? Not really. Any relationship needs some amount of time to be invested and so is the case with mentoring. Putting aside a few hours a month is an easily doable task, especially for something that is inspiring and energizing. Schedules can always be shuffled for priorities.

Now that we know that we have the time, why is it always hard to find a mentor? To begin with, how do you find a mentor? Well, it is not as difficult as we think. When you start looking for them, you will eventually find one. They are everywhere but may not necessarily be in your workplace.

We have the time, we have a mentor, so what are the guidelines in the mentoring relationship?

The guidelines can be extracted very much in the word ‘MENTOR’.

M=Mission: Any engagement works only if you have something to work on. Both the mentor and mentee must agree on the goals and share their mission statement. Creating a vision and a purpose for the mentoring relationship adds value to both sides and this keeps you going. Articulating the mission statement would be the first activity, to begin with in a mentor-mentee relationship.

 E=Engage: Agree on ways to engage that works with your personalities and schedules. Set ground rules on the modes of communications. Is that going to be a one-one conversation periodically or remote calls? Find out the level of flexibility. Is an impromptu meeting fine? Can Emails or text messages be sent? Decide on the communication medium and time.

 N=Network: Expanding your network with that of your mentor or mentee and cultivating productive relationships will be the key to success. While expanding your network will be productive, remember to tread carefully. Seek permissions, respect, and even ask for an introduction before you reach out to the other person’s contacts.

 T=Trust: Build and maintain trust with your mentoring partner by telling the truth, staying connected, and being dependable. And as the mentorship grows, clear communication and honesty will deepen the relationship. Building trust takes time so always keep the lines of communication open.

O=Opportunity: Create opportunities for your mentee or mentor to grow. Being in a mentor-mentee relationship is like a two-way lane, where you can come across opportunities from both sides, which may not be open for non-mentors/mentees. Bringing in such opportunities will only help the other person achieving his/her goal or the mission statement that was set at the beginning.

R=Review and Renew: Schedule a regular time to review progress and renew your mentoring partnership. This will help you keep your progress on track and it will also help you look for short goals to achieve. Reviewing is also going to help retrospect if a different strategy is to be laid out to achieve your goals.

Mentoring may sound irrelevant and unnecessary while we are surviving a pandemic and going through bouts of intense emotions. But I feel it is even more necessary during this most unusual situation we’re facing. Mentoring could be one of the ways to combat anxiety and depression caused by isolation and the inability to meet people face-to-face.

Mentoring can be done virtually through video calls, by setting up a time to track the progress of your goals and discuss challenges/accomplishments.  Mentoring also proves to be the place to ask difficult questions because it is a “No Judging” relationship and the absolute safe place to deal with work-related anxiety and fear. I still recall my early days as a campus graduate where I was assigned a ‘Buddy’, the go-to person. With them, I’d discussed a lot of my ‘what’, ‘why’ and ‘how’ questions of the work and the corporate world, which I had resisted opening up to my supervisors.

Mentoring takes time. Remember the first day you struggled to balance on your bicycle and may have fallen down hurting your knees? But once you learned to ride, you would have loved your time on the saddle. The same applies to mentoring. Investing the time and effort in mentoring will energize you even better than a few hours of Netflix or scrolling on Instagram. Let us create a culture that shares knowledge, guides & encourages nonstop, like how Socrates taught Plato, Plato taught Aristotle and Aristotle held the beacon for many. There is an adage that goes “when you are ready to become a teacher, the student appears”.

“A mentor is someone who allows you to see the hope inside yourself.” — Oprah Winfrey

The article is based on the book “One Minute Mentoring” by Ken Blanchard & Claire Diaz Ortiz.

About the Author –

Rama is that everyday woman you see who juggles between family and a 9 hours work life. She loves reading history, fiction, attempting half marathons, and traveling.
To break the monotony of life and to share her interest in books & travel, she blogs and curates at www.kindleandkompass.com

Significance of CI CD Process in DevOps

Muraleedharan Vijayakumar

Developing and releasing software can be a complicated process, especially as applications, teams, and deployment infrastructure grow in complexity themselves. Often, challenges become more pronounced as projects grow. To develop, test, and release software quickly and consistently, developers and organizations have created distinct strategies to manage and automate these processes.

Did you know?  Amazon releases a new production code once every 11.6 seconds.

Why CI/CD/CD?

The era of digital transformations demands faster deployments into production. Faster deployments do not warrant defective releases, the solution – ‘DevOps’. The development team, operations team, and IT services team have to work in tandem and the magic circle that brings all of them together is DevOps.

To adopt a DevOps culture, implementing the right DevOps tools with the right DevOps process is essential. Continuous integration/continuous delivery/continuous deployment (CI/CD/CD) help us developers and testers ship the software faster and safer in a structured environment.

The biggest obstacle that needs to be overcome in constructing a DevOps environment is scalability. There are no definite measures on the scalability of an application or product development, but DevOps environment should be ready to scale to meet business and technology needs. It lays a strong foundation for building an agile DevOps for the business.

Continuous Integration and Deployment has seen many benefits in the software delivery process. Initiating automated code builds once checks are completed, running automated test suites, flagging errors and breaking builds if not adhered to compliance have eased the way of deploying a stable release into staging or production environment and eliminating manual errors and human bias.

How is CI/CD/CD Set Up?

Version control tools play an important role in the success of our DevOps pipeline. And designing a good source stage is pivotal to our CI/CD success. It ensures that we can version code, digital assets, and binary files (and more) all in one spot. This enables teams to communicate and collaborate better — and deploy faster.

Our code branching strategy determines how and when developers branch and merge. When deciding on a strategy it is important to evaluate what makes sense for our team and product. Most version control systems will let you adopt and customize standard strategies like mainline, trunk-based, task/feature branching, etc.,

Typical Branching Model Followed

A basic workflow starts with code being checked out. When the work in the branch is committed, CI processes are triggered. This can be done with a merge or pull request. Then the CI/CD pipeline kicks into high gear.

The goal of CI/CD is to continuously integrate changes to find errors earlier in the process, as known as ‘Shift Left’.  The ultimate goal of having an automated CI/CD process in place to identify errors or flag non-compliance at an early stage of the development process. This increases the project’s velocity by avoiding late-stage defects and delays. It creates an environment where code is always ready for a release. With the right branching strategy, teams are equipped to deliver success.

Continuous Integration: Integrating newly developed code with the central repository is continuous integration. Automated CI results in automated builds that are triggered to merge the newly developed codes into the repository. As part of this process, plugins can be added to perform static code analysis, security compliance checks, etc., to identify if the newly added code would have any impact on the application. If there are compliance issues, the automated build breaks, and the same is reflected to the developer with insights. Automated CI helps in increasing the productivity of the developers and the team.

Continuous Delivery: At the end of a successful CI, Continuous Delivery is triggered. CD ensures to automate the software delivery process and commits to deliver the integrated code into the production stage without any bugs or delays. CD helps in merging the newly developed code into the main branch of the software so that a ready to production product is available with all the checks in place.CD also checks the quality of the code and performs tests to check whether it can release the functional build to the production environment.

Continuous Deployment: The final and most critical part of DevOps is Continuous Deployment. After the successful merging of certified code, the pipelines are triggered to deploy the code into the production environment. These pipelines are also triggered automatically. The pipelines are constructed to handle the target environment be it jar or container deployments. The most important aspect of this pipeline is to tag the releases that are also done in the production environment. If there are rollbacks these tags help the team to roll back to the right version of the build.

CI/CD/CD is an art that needs to be crafted in the right and most efficient way that will help the software development team achieve their success at a faster pace.

Different Stages & Complete DevOps Setup

What is the CI/CD/CD  Outcome?

Cyber Security Mdr Services

About the Author –

Murleedharan is a senior technical manager and has managed, developed, and launched cutting edge business intelligence and analytics platforms using big data technologies. He has experience in hosting the platform in Microsoft Azure by leveraging the MS PaaS. He is a product manager for zDesk – A Virtual Desktop offering from GAVS.
His passion is to get a friction-less DevOps operational in an environment to bring down the deployment time to a few seconds.

Center of Excellence – Security

The Security Center of Excellence was instituted to set standards in the practice and be the point of contact for technical solutions, problem solving, etc. The broad objectives of this CoE are as follows:

  • Develop and maintain technical assets that can be leveraged across GAVS.
  • Enable Quality Governance by providing support in gating of architecture and design related deliverables.
  • Enable Operational Governance by establishing cadence for tech review of projects.
  • Create domain-based SMEs within the practice.
  • Train and upskill members in the practice.
  • Improve customer satisfactory index by implementing new ideas and innovations across all engagements.
  • Create additional SOC services for market competency.
  • Automation – Detect, investigate and remediate cyberthreats with playbooks and response workflows.

COVID and the changing nature of threat landscape

For many industries, it has been challenging period ever since the COVID outbreak, more so for those in security. Clearly, the bad actors have lot of time at their disposal which is reflective in the innovative techniques being used to attack targets. The level of vigilance required in monitoring the alerts and application of threat hunting techniques is key to diagnosing problems at initial stages of compromise in the worst-case scenario.

Microsoft Cloud Solution Provider

Remote Infrastructure Monitoring Services
Source: IBM X-Force Research

For enterprises that have no clue about MDR (Managed Detection and Response), this is a good time for them to start. We have innovative, cost effective solutions – “Make Hay while the Sun shines”. Small and large corporations alike have lost business and money because of lapse in security controls and monitoring. Now is not the time to make headlines that you are the victim of a major breach.

Our team is developing a vulnerability alerting tool, which we intend to equip customers with to provide qualified bulletin alerts, i.e. alerts only on vulnerabilities that affect them. This is a first of a kind in the market. This will greatly benefit existing and new customers.

Expanding into IAM and PAM

Security practice is expanding into Identity & Access Management (IAM) and Privileged Access Management (PAM) services. With new customers being onboarded into this focus areas for products such as Sailpoint, Thycotic, Ping, Cyberark, Okta and Azure PIM, we are expanding our talent pool through recruitment and through training and certification. This should largely benefit our existing customers and prospects who intend to leverage our security practice to fulfil their cyber security needs.

Expansion of our Red Team

Our Red Team within the practice has been expanded with many talented members, including some with bug bounty bragging rights. This has enormously helped in performing intensive tests on our internal product platforms, security assessments for customers. We have also extensively invested on tools for the Red Team to help them reduce assessment times.

Certification drive

With some more analysts having certified across AZ-500, Cyberark and trained on Darktrace. GAVS’ security analysts are taking full advantage to increase their knowledge thanks to the generosity of our alliances and training sites like Pluralsight. Even the mighty Microsoft opened their learning website for free, enabling young talent to equip themselves with critical DevOps and Cloud security skills.

As part of CoE initiatives, we have;

  • Aligned our security roadmap based on industry trends and to ensure solutions tailored for customer pain points.
  • Extended our SOC practice with IAM and PAM in 2020.
  • Identified domain-based SME and product-based SME for quick support.

We are currently in the process of creating security products, GVAS and GSMA, to help customer in proactively identifying and addressing vulnerabilities and self-maturity assessment of their cybersecurity posture. We are also underway to add Operational security to our Security practice.

If you have any questions about the CoE, you may reach out to them at COE_INFOSEC@gavstech.com

CoE Team Members

  • Venkatakrishnan A
  • Shivaram J
  • Alex Nepolian Lawrence
  • Ravindran Girikrishnan
  • Aravindah Sadhasivam Subramanian
  • Vijayakumar Veerapandiyan
  • Thubati Uday
  • Ganta Venkata Sandeep
  • Sundaramoorthy S
  • Sukanya Srinivasan

Design Thinking 101

Vasudevan Gopalan

Is the end-user at the center of everything you do? Do you consider human emotions while conceptualizing a product or a solution? Well, let us open the doors of Design Thinking

What is Design Thinking?

  • Design thinking is both an ideology and a process, concerned with solving in a highly user-centric way.
  • With its human-centric approach, design thinking develops effective solutions based on people’s needs.
  • It has evolved from a range of fields – including architecture, engineering, business – and is also based on processes used by designers.
  • Design thinking is a holistic product design approach where every product touch point is an opportunity to delight and benefit our users.

Human Centred Design

With ‘thinking as a user’ as the methodology and ‘user satisfaction’ as the goal, design thinking practice supports innovation and successful product development in organizations. Ideally, this approach results in translating all the requirements into product features.

Part of the broader human centred design approach, design thinking is more than cross-functional; it is an interdisciplinary and empathetic understanding of our user’s needs. Design thinking sits right up there with Agile software development, business process management, and customer relationship management.

5 Stages of Design Thinking

Office 365 Migration
  • Empathize: This stage involves gathering insights about users and trying to understand their needs, desires, and objectives.
  • Define: This phase is all about identifying the challenge. What difficulties do users face? What are the biggest challenges? What do users really need?
  • Ideate: This step, as you may have already guessed, is dedicated to thinking about the way you can solve the problems you have identified with the help of your product. The product team, designers, and software engineers brainstorm and generate multiple ideas.
  • Prototype: The fourth stage brings you to turn your ideas into reality. By creating prototypes, you test your ideas’ fitness.
  • Test: You present the prototype to customers and find out if it solves their problem and provides users with what they need. Note that this is not the end of the journey; you need to get feedback from the users, adjust the product’s functionality, and test it again. This is a continuous process similar to the build-measure-learn approach in the lean start-up methodology.
Design Thinking

Benefits of Design Thinking in Software Development

1. Feasibility check: Design thinking enables software development companies to test the feasibility of the future product and its functionality at the initial stage. It enables them to keep end-user needs in mind, clearly specify all requirements and translate all this into product features.

2. No alarms and no surprises: Once you’ve tested your MVP and gathered feedback from users, the team can confidently proceed to the product development. You can be quite sure that there will be little to no difference between the approved concept and final version.

3. Clarity and transparency: Design thinking approach allow product designers/developers to broaden their vision, understand and empathise with the end-users’ problems and have a detailed blueprint of the solution they should eventually deliver.

4. Continuous improvement: The product can be (and sometimes should be) modified after its release when user feedback is at hand. It becomes clear which features work and which can be done away with. The product can undergo some series enhancements on the basis of feedback. This leaves place for continuous improvement and software development process becomes flexible and smooth.

Real-world Success Stories

1. PepsiCo

During Indra Nooyi’s term as PepsiCo’s CEO, the company’s sales grew 80%. It is believed that design thinking was at the core of her successful run. In her efforts to relook at the company’s innovation process and design experience, she asked her direct reportees to fill an album full of photos of what they considered represents good design. Uninspired by the result, she probed further to realize that it was imperative to hire a designer.

“It’s much more than packaging… We had to rethink the entire experience, from conception to what’s on the self to the post product experience.”, she told the Harvard Business Review.

While other companies were adding new flavours or buttons to their fountain machines, PepsiCo developed a touch screen fountain machine, a whole new interaction between humans and machines.

“Now, our teams are pushing design through the entire system, from product creation, to packaging and labelling, to how a product looks on the shelf, to how consumers interact with it,” she said.

2. Airbnb

Back in 2009, Airbnb’s revenue was limping. They realized that poor quality images of rental listings may have something to do with it. They flew some of their employees to a city and got them to take high quality photos and upload it on their website. This resulted in a 100% increase in their revenue.

Instead of focusing on scalability, the team turned inward and asked, ‘what does the customer need?’ This experiment taught them a few big lessons, empathy being just as important as code was one of them.

3. Mint.com

Mint.com is a web-based personal financial management website. Part of their success is attributed to the human-centric design of the website which tracks and visualizes how a person is spending their money. Bank accounts, investments, and credit cards can easily be synchronized on Mint, which then categorizes the expenses to help the user visualize their spending. They built a product that illustrates a core principle of design thinking: truly understanding the position and mindset of the user. They had 1.5 million customers within 2 years.

Design thinking is a human-centred approach to innovation that draws from the designer’s toolkit to integrate the needs of people, the possibilities of technology, and the requirements for business success.

References

https://www.researchgate.net/publication/226141981_Design_Thinking_A_Fruitful_Concept_for_IT_Development

https://blog.brainstation.io/how-5-ceos-used-design-thinking-to-transform-their-companies/

About the Author –

Vasu heads Engineering function for A&P. He is a Digital Transformation leader with ~20 years of IT industry experience spanning across Product Engineering, Portfolio Delivery, Large Program Management etc. Vasu has designed and delivered Open Systems, Core Banking, Web / Mobile Applications etc.
Outside of his professional role, Vasu enjoys playing badminton and focusses on fitness routines.

Business with a Heart

Balaji Uppili

People and technology are converging like never before, as the world is gripped by COVID – 19. Just a few months ago, nobody could have predicted or foreseen the way businesses are having to work today.  As we were strategizing on corporate governance, digital transformation and the best of resiliency plans to ensure business continuity, no one ever anticipated the scale and enormity of COVID 19.

Today, it has become obvious that COVID 19 has brought about the convergence of technology and humanity and how it can change the way businesses work and function.  While we as leaders have been thinking largely about business outcomes, this pandemic has triggered a more humane approach, and the approach is here to stay.  The humane approach will be the differentiator and will prove the winner.

There is no doubt that this pandemic has brought an urgent need to accelerate our digital capabilities. With the focus on strong IT infrastructure and remote working, workforces were able to transition to working from home, meeting through video conferencing, and surprisingly, this has turned to increase the humane aspect of business relations – it has now become alright for both parties to be seeing children, spouses or pets in meeting backgrounds, and that in itself has broken down huge barriers and formalities.  It is refreshing to see the emerging empathy that is getting stronger with every meeting, and increasing collaboration and communication. It is becoming increasingly clear that we have overlooked the important factor of how it is that people have been showing up to work.  Suddenly it is now more visible that people have equally strong roles within the family – when we see parents having to home-school their children, or having other care obligations, we are viewing their personal lives and are able to empathize with them more.  We are seeing the impact that business can have on people and their personal lives and this is a never like before opportunity for leaders to put our people first.

And with customers being the center of every business, the situation of not being able to do in-person meetings has now warranted newer ways to collaborate and further strengthen the customer-centricity initiatives even more.  It has become evident that no matter how much we as leaders are thinking of automating operations, it is human connections that run businesses successfully. Lots of things have been unraveled – Important business imperatives like criticality of clean workspace compliance, the fact that offshoring thousands of miles away is not factually a compromise, but a very cost-effective and efficient way of getting things done. Productivity has also increased, and work done this far by, has a positive impact of at least 20% or even more in certain situations. As boundaries and barriers are broken, the rigidities of who should work on something and when they should work on it have all become less rigid.  Employees are less regimental about time.  Virtual crowd outsourcing has become the norm – you throw an idea at a bunch of people and whoever has the ability and the bandwidth to handle the task takes care of it, instead of a formal task assignment, and this highlights the fungibility of people.

All in all, the reset in the execution processes and introducing much more of a humane approach is here to stay and make the new norm even more exciting.

About the Author –

Balaji has over 25 years of experience in the IT industry, across multiple verticals. His enthusiasm, energy, and client focus is a rare gift, and he plays a key role in bringing new clients into GAVS. Balaji heads the Delivery department and passionately works on Customer delight. He says work is worship for him and enjoys watching cricket, listening to classical music, and visiting temples.