By Scott Moses Murray and Soumik Sarkar

A Promethean Problem:

Let’s face it. Governance is eating the dust of agile development and cloud adoption.

With business units spinning up hundreds of teams to build, deploy and manage their applications in the cloud, the pace of change and the complexity of decentralized implementation are increasing at an unmanageable rate.

Microservices architecture promises to amplify this problem by orders of magnitude.

It’s an understatement to say governance is having a hard time catching up. Even the most stringent calls to follow best practices are drowned out by myriad keystrokes scrambling to meet ambitious delivery deadlines. Far more development policy guidelines are written than are ever read, much less followed. QA teams are short-staffed. Reasonably enough, no one expects a smooth rollout, so bi-weekly all-night deployments are the norm.

And management wonders why there are so many production issues and security breaks!

As long as it is driven by human effort, governance can’t hope to keep up with change driven by automation. This calls for an automated approach to governance.

The Solution:

This is why Crosscode developed the Governance Operating System™. A standard feature of Crosscode Panoptics™, GOeS™ sits on top of Panoptics’ graph of the dependencies between all your applications and databases. The graph maps the relationships between elements such as methods, database columns and message queues. This means you can create custom rules in GOeS™ to govern changes at even the most detailed level. GOeS™ sends you an alert on the platform of your choice whenever a change doesn’t comply with one of your rules.

Contact us to see Crosscode Panoptics™ GOeS™ in action.

GOeS™ in Detail:

You can receive a notification when an element is added, deleted or updated, or when an element meets conditions specified in your rule. Examples:

  • Application
    • Version
    • Database Dependency
    • API
  • Message Queues
    • Producer
    • Consumer
  • Package
    • Open CVE
  • Class
    • Added
    • Deleted
  • Method
    • Added
    • Deleted
    • Potential vulnerability discovered
  • Database
    • Added
    • Deleted
    • New dependency

 

A rule script in GOeS™ looks like this:

The above rule emails everytime a new application dependency is established with the SSN column. It results in an email like this:

Here is another example where the system posts all new security issues to slack (can be any other messaging system):

The above rule results in a slack message like the following :

We hope you will find this feature useful and use it to increase awareness of your ever-changing environment. We certainly plan to do that here at Crosscode!