Jun 7, 2018
Introduction
As the world adopts blockchain technologies, your IT infrastructure — and its
predictability — become critical. Many companies lack the levels of automation
and control needed to survive in this high-opportunity, high-threat environment.
Are your software, cloud, and server systems automated and robust enough? Do you
have enough quality control for both your development and your online operations?
Or will you join the list of companies bruised by huge data breaches and loss o
f control over their own computer systems? If you are involved in blockchain, or
any industry for that matter, these are the questions you need to ask yourself.
Blockchain will require you to put more information online than ever before,
creating huge exposures for organizations that do not have a handle on their
security. Modern DevOps technologies, including many open-source systems, offer
powerful solutions that can improve your systems to a level suitable for use with
blockchain.
Are companies REALLY ready for Blockchain technology?
The answer to it is most of the companies are NOT and those who are need to audit
or reevaluate whether they are. The reason is BlockChain puts data to public making
it prone to outside attacks if systems are not hardenend and updated on timely
manner.
Big companies such as Equifax had millions of records stolen, Heartland credit
processing was hacked and eventually had to pay 110 million and Airbus A400M due
to wrong installation of manual software patch resulted in death of everyone on
on the plain. These are few of many such big companies that was hacked due to poorly
implemented IT technology.
Once hailed as unhackable, blockchains are now getting hacked. According to a MIT
technology review, hackers have stolen nearly $2 billion worth of cryptocurrency
since the beginning of 2017.
Big Question: Why Companies are getting hacked ?
Blockchain itself isn't always the problem. Sometimes the blockchain is secure
but the IT infrastructure is not capable to supporting it. There are cases where
open firewalls, unencrypted data, poor testing and manual errors were reasons
behind the hacking.
So, the question to ask is: Is the majority of your IT infrastructure secure and reliable enough to support Blockchain Technology ?
What is an IT Factory ?
IT factory as per Aaron Contorer, founder and Chariman of FP Complete is divided into 3 parts
Development
Deployment
System Operations
If IT factory is implemented properly at each stage it could result in a new and better IT services leading to a more reliable, scalable and secure environment.
Deployment is a bridge that allows software running on a developer laptop all the
way to a scalable system and running Ops for monitoring. With DevOps practice,
we can ensure all the three stages of IT factory implemented.
But, the key to build a working IT factory is Automation that ensure each step
in the deployment process is reliable. With microservices architecture ,building
and testing a reliable containerized based system is much easier now compared to
the earlier days.
The only way to ensure a reliable, reproducible system is if companies start
automating each step of their software life cycle journey. Companies that are ensuring
good DevOps practices have a robust IT infrastructure compared to those that are
NOT.
DevOps for Blockchain
DevOps tools helps BlockChain better as it can ensure all code is tracked, tested,
deployed automatically, audited and Quality Assurance tested along each stage of
the delivery pipeline.
The other benefits of having DevOps methods implemented in BlockChain is that it
reduces the overall operational cost to companies, speeds up the overall pace of
software development and release cycle, improves the software quality and increases
the productivity.
The following DevOps methods, if implemented in Blockchain, can be very helpful
1. Engineer for Safety
With proper version control tool like GITHUB , source code can be viewed, tracked with proper history of all changes to the base
Development tools used by developers should be of the same version, should be tracked and should be uniform across the project
Continuous Integration (CI) pipeline must be implemented at the development
stage to ensure nothing breaks on each commit. There are tools such as Jenkins,
Bamboo, Code Pipeline and many more that can help in setting up a proper CI .
Each commit should be properly tested using test case management system with proper unit test cases for each commit
Each Project should also have an Issue tracking system like JIRA, GITLAB etc to ensure all requests are properly tracked and closed.
2. Deploy for Safety
Continuous Deployment via DevOps tools to ensure code is automatically deployed to each environment
Each environment (Development, Testing, DR, Production) should be a replica of each other
Allow automation to setup all relevant infrastructure related to allow successful deployment of code
Setup infrastructure as code (IAC) to provision infrastructure that helps in reducing manual errors
Sanity of each deployment by running test cases to ensure each component is functioning as expected
Running Security testing after each Deployment on each environment
Ensure system can be RollBack/Rollforward without any manual intervention like Canary/Blue-Green Deployment
Use container based deployments that provide more reliability for deployments
3. Operate for Safety
Set up Continuous Automated Monitoring and Logging
Set up Anomaly detection and alerting mechanism
Set up Automated Response and Recovery for any failures
Ensure a Highly Available and scalable system for reliability
Ensure data is encrypted for all outbound and inbound communication
Ensure separation of admin powers, database powers, deployment powers , user access etc. The more the powers are separated the lesser the risk
4. Separate for Safety
Separate each system internally from each other by using multiple small networks. For Eg: database/backend on private subnets while UI on public subnets
Set Internal and MutFirewalls ensure the database systems are protected with no access
Separate Responsibility and credentials for reduce risk of exposure
5. Human systems
Despite keeping hardware and software checks, most the breaking of blockchain systems today has happened because of "People" or "Human Errors".
Most people try hacks/workaround to get stuff working on production with no knowledge
on the impacts it could do on the system. Sometimes these stuff are not documented
making it hard for the other person to fix it. Sometimes asking others to login
to unauthorized systems by sharing credentials over calls paves a path for unsecure
systems
To ensure companies must,
Train people to STOP doing manual efforts to fix a broken system.
Train people NOT to do "Social Engineering" like asking colleagues to login to systems on their behalf, sharing passwords etc.
6. Quality Assurance
Need to review the Architectural as well as best practices are ensured in the product life cycle
Need to ensure the code deploy pipeline has scope for penetration Testing
Need to ensure there is weekly/monthly auditing of metrics, logs , systems to check for threats to the systems
Each component and patch on system should be tested and approved by QA before rolling out to Production
Companies could also hire third parties to audit their system on their behalf
How to get there ?
The good news is "IT IS POSSIBLE". There is no need for giant or all-in-one solutions.
Companies that are starting fresh need to start at the early phase of development
to building a reliable system by focussing on above 6 points mentioned above. They
need to start thinking on all areas in the "Plan and Design" phase itself.
For companies who are already on production or nearing production does not need
to have to start fresh . They can start making incremental progress but it needs
to start TODAY.
Automation is the only SCIENCE in IT that can reduce errors and help towards building
a more and more reliable system. It will in the future save money and resources that
can be redirected to focus on other areas.
To conclude, FP Complete has been a leading consultant
on providing DevOps services. We excel at what we do and if you are looking to implement
DevOps in your BlockChain. Please feel free to reach out to us for free consultations.