Categories
Project Experience

Centralized Automated Vault Solution

Confidential Client

FORTUNE 500 / GLOBAL INSURANCE CO.

Achieved desired outcomes

Challenge

The client requested a long-term AWS cloud strategy which required a working, tested, proof of concept, and an implementation plan for role-based access that met specific security and performance criteria. The client explicitly requested:

  • Reusable, predictable, repeatable, and auditable deployment patterns for an agile-based delivery model,
  • Automated rotating credentials every N++ days
  • A high-availability architecture – all software-defined, all enterprise deployable

Solution

Working closely with the client, the Trility team provided multiple options and recommendations guiding early architecture iterations leading to the baseline proof of concept. As part of the implementation, Trility continued to work with the client’s team members using HashiCorp’s Terraform to automate and deploy Vault. The system was set up in clusters to achieve high availability with the least amount of human interaction and was deployed throughout four environments: Learning, Development, Pre-Production, and Production.

Outcomes

  • Delivered proof of concept and early roadmapping
  • Seamless transition to integrated implementation teams comprised of both Trility and client teams
  • Built a centralized, automated Vault solution to enable the use of secret role-based access in automated pipelines
  • Achieved four nines (99.995% availability) 
  • Three environments – Development, Test, and Production – use this pattern
  • Provided mentoring on HashiCorp’s Terraform to achieve a repeatable and automated state

Reusable Patterns

  • Role-based access template for the enterprise cloud user base
  • Terraform deployment patterns used for coaching internal cloud engineering teams
  • Reusable enterprise Vault template serves every group in client’s cloud (and more) for authorized based roles

Want to Automate Permissions?

If you need to refactor or automate permissions in a cloud, on-prem, or hybrid ecosystem, we can help you equip your people and your company to build better.

For this client, HashiCorp products were the ideal solution. Learn more about our partnership with HashiCorp or get in touch with us to navigate to a simplified, automated, secured solution.

Categories
Cloud & Infrastructure

My Cheat Sheet for Understanding the Benefits of Cloud Computing

Here’s my take on the benefits of cloud computing. You can search and find several, but I thought I’d share my perspective from a typical end-user. Early on, I used this free Microsoft online course to understand the benefits: Cloud Concepts – Principles of cloud concepts. It does a great job of explaining the benefits (and more) that everyone markets and sells. And again, many of these benefits require 100% code and it is not blatantly stated in the course. My cheat sheet builds on this specific page to help you understand what the heck it all means. 

Elasticity – You pay for the computing power when you need it vs. all the time. I always think about this example: A Pizza Co. website on Superbowl night can add “enough power” to ensure the high volume of orders is processed in a manner that makes the customer happy.  With elasticity, you don’t have to pay for the high ceiling of computing power 24/7/365; however, you have it available whenever the need arises. 

I’d like to note, I use the term “power” instead of the technical term “resources.” If you are working from home now and you don’t have enough resources allocated to you, it means you might experience lag time when clicking between “stuff” you are working on. System elasticity is one thing that could help solve this problem for you.

Also, you may be learning more about VPNs (virtual private networks) and VPCs (virtual private computers). The VPN is where several people are accessing your company’s secure private place to work and the VPC is literally your “virtual computer” in that network. It’s a real-time copy of all the things you do on your company-provided desktop or laptop.

Scalable – This always felt the same as elasticity to me, but it’s where IT chooses to add resources so you have enough power to get stuff done. When adding to a server it’s vertical scaling and adding another server in addition, it’s horizontal. When you do it horizontally, you can leverage where better. 

An example for where to scale horizontally, ties nicely to the next benefit…

Accessible from anywhere – You can add power anywhere using horizontal scaling, which makes your environment  more accessible. 

Your teams in the Eastern Hemisphere can work from a server in that region (faster processing power). When they log off and leave work, you reduce “computing power” on that server and increase computing power for those working in the Western Hemisphere on a different server. This also applies to a business operating in the United States from coast-to-coast. For example, east coast workers access the cloud providers database located in the eastern region. 

I find visuals really help. You can view region maps for the major public cloud providers: AWS, Azure, and Google Cloud. A properly managed cloud enables accessibility using this flexible benefit. Your company can buy and locate its servers wherever it wants from day to day, hour to hour, and yes, even minute to minute.

Reduced infrastructure and maintenance costs – You also aren’t paying to maintain computer hardware which gives your people capacity to innovate rather than constantly completing hardware setup, upgrades, and other IT-related tasks. Historically, you needed huge server rooms that frequently needed updated and maintained. The cloud removes those needs.

Reliable – Redundancy can be built in. However, it can be done more effectively and efficiently if done in code. This means you have backups and backups of backups to ensure uptime for your people and your customers. So if for some reason, the public cloud service provider has a service failure in one region, it has a backup in place in another one. So you never miss a customer transaction or a team member can always login and access their files and applications. 

I learned about this when writing up a project description for a client who needed a roadmap and implementation for a centralized and automated solution for role-based access that allowed for rotating credentials every certain number of days and it needed to be highly available.

Human terms: A process to notify employees that they needed to change their login every 30, 60, or 90 days and that it always works with backup and redundancies in place. (Highly annoying, but very critical nowadays.)

By using HashiCorp’s Vault and Terraform (100% code), the client’s process was automated and set up to achieve 99.99% availability with the least amount of human interaction. Meaning it should only experience 8.64  seconds/day of downtime, shown in the chart below. 

Learn how you can build a Centralized Automated Vault Solution.

If you want to sound extra smart, you can refer to this as “four nines.” Think about the impact on your business: If you sell pizzas and have 97% availability, consider how many potential lost orders could occur in 43 minutes of downtime on Superbowl night.

Possibly more relevant: Consider all the employees working from home now, how does 43 minutes of downtime impact your business when multiplied by the number of employees logged on at a given time?

Availability Chart

Highly Available Chart
Source: Wikipedia, Highly available

Physically Secure – Physical security is provided by the cloud service provider. If you go back to those maps, these companies have fortresses to secure the data centers located around the globe. However, it’s still your responsibility to mitigate logical security risks and threats in your implemented solutions. What do I mean by logical? This is an entire article in itself that I’m planning to write next. Or you can read this article on becoming a Security-First Organization or Cloud Breaches Prove DevOps Needs Dedicated Testers.

Regulatory Compliant – Many public cloud providers publish their current compliance against domestic and international standards across many industries including HIPAA, HiTrust, PCI, NIST-CSF, NIST 800-53, SOC Type II, etc. By leveraging a provider that has already achieved these standards, it frees you up to concentrate on the compliance of the software stacks you put on top of their infrastructure ecosystems. 

Clarity on cloud computing

In writing, How to Truly Transform Your Business with Cloud Computing, I found the need to explain the full advantages of moving your business to the cloud in the most simple terms. If this cheat sheet sparked thoughts or questions, I’d love to hear them by connecting with me via LinkedIn or email.

Categories
Cloud & Infrastructure

How to Truly Transform Your Business with Cloud Computing

It’s as if the lightbulbs in my brain were all replaced with dimmer switches when I joined Trility Consulting a year ago. I had an opportunity to learn yet another industry in my marketing career and before me were some really smart, pragmatic experts willing to teach me.

As a journalism major from a long, long time ago, I thought my curiosity and ability to ask any question without feeling stupid would be invaluable. Don’t get me wrong, they were. However, learning how software developers and engineers build technology solutions in the cloud has so many facets there were questions I didn’t even know to ask. The golden nuggets always seem to come from follow-up or clarifying questions.

I’ve had several light bulb moments in the last year. So many that I now describe these moments as my light bulb is now just less dim. My colleague describes it as…

“Your learning light gets brighter as your understanding increases over time.”

– Jennifer Davis

So I’m sharing the lesson and explaining in terms that hopefully even non-technical business leaders and decision-makers can understand. 

Why? Moving your business to the cloud was critical in sustaining your business before COVID-19. Now, it’s necessary. And it’s necessary that you transform your business for the better vs. just move it to the cloud.

Here is the takeaway:

Finding value in a cloud solution requires constantly nudging that dimmer switch up to steadily optimize performance and reduce costs – and it requires 100% code.

To demonstrate this, I’m sharing my first so-called light bulb moment and then how nine months later, I didn’t truly grasp the lesson in that moment. I must admit, it shames me a little bit as a journalism major.  However, I’ve been told this lesson isn’t easily grasped – especially by non-technical people, even leaders and decision-makers who are in a position to really transform the way companies operate. 

It really is the Matrix. Everything is code.

Last fall, I sat in a lunch ’n’ learn and I asked about how Identity Access and Management (IAM)* permissions work in Amazon Web Services (AWS). In a previous job, I had a part in helping adding/adjusting/deleting users and permissions, so I had a basic understanding of how to maintain users in an on-premise environment.** 

*IAM regulates who has access to what and to what extent, i.e., role-based permissions.
**On-premise means your servers, applications, databases, etc., all exist on-site and you most likely have a locked server room that is very chilly and a great place to cool off if you’ve biked to work. 

The person leading this session showed how Trility typically approaches centralized IAM permissions to ensure the highest security practices. It’s done in code vs. what I remember being a series of menus and checkboxes to update/add/remove roles or users to our on-premise server. Which also meant it was on-demand and manual. Giving access to a new hire meant I could be a blocker for them to login. 

I asked, “So it’s like the Matrix? Everything is code?” 

Answer, “Yes.”

My clarifying question, “Is everything in code?”

Again, “Yes.”

Sweet. My light bulb popped on. Or so I thought. It was really just less-dim. 

I walked away from this conversation assuming everything built in the cloud had to be 100% code and this is how everyone does it. 

The Catch: Everything can be code – but not always 

Fast forward to this spring: I learned, unfortunately, not everyone builds in the cloud using 100% code. To take full advantage of the cloud, you need to consider doing it all in code – or at least take the steps towards it.

I offer up my cheat sheet of what those full advantages are and what that translates to those who don’t code.  

This light bulb moment happened at another lunch ’n’ learn where an example AWS instance was pulled up for an upcoming DevOps Meetup our company was hosting in Omaha. It provided a visual context and I asked a question that off-handedly led to learning that some people may click through settings vs. writing permissions in 100% code. 

For those interested, here’s the video of the DevOps Meetup where you can learn how to manage multiple AWS resources spread across AWS multiple regions in a simple, cost-effective way using Terraform. 

“So you don’t have to code in the cloud?” I asked.

“No,” was the short answer. 

I got a longer answer explaining why, but will offer a less-long answer in my terms:

Yes, there are just as many menus and boxes that can be checked in AWS, Google, Azure, or any other cloud services provider. 

Yes, it will allow you to move to the cloud in days, weeks, or even one month and you could even possibly do a complete lift ’n’ shift, which is pretty much always a bad idea but there could be a valid, contextual reason. And if you do this, you can’t just walk away and consider it done. You need to refactor everything and do it very, very quickly. 

You can choose this route, but…

And it’s a big but.

It won’t allow you to reap the benefits of cloud computing. Going this route, you could end up paying more or not achieving the return on investment that everyone sells: Move to the cloud. It costs less.

Innovating with the full power of the cloud at your disposal AND saving time, money, team capacity requires doing the work in code and building reusable patterns.

What do you mean by repeatable patterns? 

I asked this once and here’s my answer:

Think of code as a living template that’s housed in a repository which serves as the single source of truth for every digital aspect of your business. It is updated in one place and is pushed out (deployed) to all the places that use this code. For example, if you have IAM permissions that are both centralized and automated, this code can be reused for any new application that is needed. If you were developing a new application, the software developer can use automated tests (or at least manual, daily tests) against that code to confirm permissions and logins work for a new application. This applies to “any code templates” for automated critical integrations (such as security measures). This translates to bugs and issues being found daily vs. waiting to reactively try to solve them a week or months later when the application needs launched.

As a marketer, I just uncovered a major value proposition for my company and I didn’t learn it until 10 months into the job. By assuming everything built in the cloud had to be code, I did not realize this was a differentiator for Trility. It can also be a differentiator for your business. 

(Yes, my marketing head hangs in shame, but my journalistic brain says: “Hey, people need to know this, so share.”)

While Trility isn’t the only firm with this mindset, there are several companies and individuals who haven’t had the capacity to fully leverage this approach. In the race to move to the cloud, companies have many challenges, one of which is capacity.

Balancing capacity to maintain and capacity to innovate

Technology teams are busy maintaining IT systems. Moving to the cloud requires learning a new way of working. You may hire a team or contract people to come in and do the work. When choosing these options, I encourage you to ensure your contracts include training or documentation that equips your people for maintaining and iterating with the necessary “future-state skills.” Otherwise, you just have a new system and a new vendor who has guaranteed themselves billable hours for months or years to come. 

Equip your people to build in the cloud

To change the way you do business in the short- and long-term, you need to enable your own teams for the long haul. My advice to those midway through a migration, operating in a hybrid situation, or still contemplating how to do it:

Equip them with the opportunity to learn to do it all in code. 

  • It will require understanding their capacity. These are the same people tasked with maintaining current systems and providing support. 
  • It may require hiring a firm to come in and train and teach your people. Make sure you hire a firm that builds this way.
  • It may require outsourcing a project. Again, your people will need to understand how to maintain it after that consultant is gone. If you go this route, ensure training and documentation are included from any firm you select.

Whatever you do, ensure in the contract that you are setting up your people for success when the contract ends. At Trility, we’ve found great success in providing services in this way.

What else have I learned?

What I’ve learned so far is, the cloud isn’t just another datacenter. It is a new way of doing work. I realize I’m only scratching the surface. However, as I learn more and more about value propositions, 100% software-defined cloud is making more and more sense to me daily.

If you found this insightful, read: My Cheat Sheet for Understanding the Benefits of Cloud Computing. It builds on this article to help you understand what the heck this stuff all means. 

I plan to keep sharing my less dim light bulb moments in the simplest of terms.

If this article sparked thoughts or questions, I’d love to hear them so I can continue to bring clarity to a complex and now a very necessary way to do work. Feel free to connect with me on LinkedIn or email me.

Categories
Operational Modernization

Part II and III: Exploring Human-Centric Transformation

Podcast Companion Infographic

Bâton Global and Trility Consulting® teamed up to discuss how data and technology supports the transition towards a distributed workforce in a series of podcasts, particularly during and post- COVID-19.

The infographic below provides key actions shared in Part II and III, which focus on designing everything around the human experience and addressing the areas with friction in moving to a simple flow-based experience.

As teams work remotely and customer experiences shift even more quickly to on-demand, digital experiences. Key challenges include: casting a vision everyone understands, measuring performance and operational health, finding and using correct and complete data, developing a virtualization strategy, and ensuring personal safety and information security.

Listen to the Series

Part I

Join Kavi Chawla, Wade Britt, and Matthew D. Edwards as they discuss how this industry can address transformation aimed at simplifying and automating processes for team members, stakeholders, and ultimately customers by protecting their most valuable asset – people.

Part II

The second episode further uncovers the idea of flow, the necessity of performance metrics that measure throughput, qualitative experience, and humanistic value, as well as the subsequent implications on organizational culture and data management. 

Part III

The episode further considers the concept of managing data in a virtual world, ways that companies like Uber are guiding trends in customer experience, and the ensuing implications on the virtual workplace and data management. 

Part IV

In the final episode, you’ll hear how leading financial services organizations are meeting these challenges head-on and positioning their teams for success. Featuring Amy Hunold-Van Gundy, Head of Talent Management at Principal Financial Group and Brad Rasmussen, CIO at Merchants Bonding Company along with Kavi Chawla, Wade Britt, and our own Matthew Edwards.

Categories
Operational Modernization

Part I: Exploring Human-Centric Transformation

Podcast Companion Infographic

Bâton Global and Trility Consulting® teamed up to discuss how data and technology supports the transition towards a distributed workforce in a series of podcasts, particularly during and post- COVID-19.

This is the first of two companion infographics to the podcast series, which summarizes discussions of the strategies and tactic organizations can consider when responding to the industry headwinds and pressures – including those amplified or created by the pandemic.

Part I

Join Kavi Chawla, Wade Britt, and Matthew D. Edwards as they discuss how this industry can address transformation aimed at simplifying and automating processes for team members, stakeholders, and ultimately customers by protecting their most valuable asset – people.

Listen to the Series

Part II

The second episode further uncovers the idea of Flow, the necessity of performance metrics that measure throughput, qualitative experience, and humanistic value, as well as the subsequent implications on organizational culture and data management. 

Part III

The episode further considers the concept of managing data in a virtual world, ways that companies like Uber are guiding trends in customer experience, and the ensuing implications on the virtual workplace and data management. 

Part IV

In the final episode, you’ll hear how leading financial services organizations are meeting these challenges head-on and positioning their teams for success. Featuring Amy Hunold-Van Gundy, Head of Talent Management at Principal Financial Group and Brad Rasmussen, CIO at Merchants Bonding Company along with Kavi Chawla, Wade Britt, and our own Matthew Edwards.

Categories
Cloud & Infrastructure

AWS Multi-Account, Multi-Region Networking with Terraform

Omaha DevOps Meetup Event

Eric Gerling of Trility Consulting spoke at the Omaha DevOps Meetup to share how to manage multiple AWS accounts with resources spread across multiple regions in a simple, cost-effective way. Required attributes included Infrastructure as Code (HashiCorp’s Terraform), single source of truth for AWS accounts, rapid deployment of new regions, and VPN access with access to dynamically created VPCs in multiple regions.

If you view the video on YouTube, the description includes a timeline of the event to jump to the areas of most value to you.

Training & Expertise

Trility offers formal training and our team members welcome opportunities to equip the next generation of software engineers and developers – whether it’s through meetups, events, or our integrated project delivery that includes training. To learn more, get in touch with us.

Categories
News

Trility’s Move Supports Continued Growth in Modern, Dynamic Space

A small group of business, delivery, and software systems engineers who enjoyed working together formalized their on-again, off-again contractual status three years ago when Trilty Consulting first opened its doors. Their expertise at helping companies build secure, scalable, and highly performant software systems with a security-by-design mindset and a strike team delivery model has led to continued growth – necessitating a new home to support their long-term plans.

“We have always had national clients with international footprints, so we’ve always had geographically distributed teams who live anywhere and work anywhere,” shared CEO Matthew D. Edwards. “We decided it was time to move into a space that enables more opportunities for meetings, training, events, and client-partner collaboration.”

While the timing may appear odd in light of current events, Trility’s leadership started the search last fall and found their new home inside NCMIC’s modern, dynamic headquarters located on 15 beautiful acres in Clive, Iowa.

New Address

14001 University Ave., Suite 300, Clive, IA 50325

Safely (and Securely) Maintaining Business 

While local team members regularly come to the office, Trility’s way of doing business is to work securely where needed. Now, they are also focused on doing it safely. This means teams are working remotely during this pandemic and will continue to do so until the new location is scheduled to reopen on June 1.

“The new space allows for more social distancing to ensure the safety of our team,” Edwards shared. “We look forward to the day when we can host an open house with our clients, friends, and family.” 

To keep informed on our future events, training, and job opportunities, sign up to receive updates from Trility.

Highly Available, Reliable Systems

Cloud security and reliability are a No. 1 priority to Trility. They are focused more than ever on helping companies securely enable a remote workforce long-term through cloud adoption or on-premise solutions.

With the majority of breaches in 2019 due to cloud storage misconfigurations, teams continue to be diligent and never compromise when it comes to security.

About Trility

Trility is a security-by-design business and technology consulting firm focused on helping clients defend and extend their market share in an era of rapid disruption. Trility simplifies, automates, and secures the journey and has a proven history of reliable delivery results in cloud and infrastructure, product design and development, information security, connected things, data strategy, and operational modernization.

Our outcome-based delivery method means you always know the status of your project’s compliance, quality, financial spend, and percent complete. Headquartered in Des Moines, Iowa, with teams in Omaha, Neb., and Chicago, Ill., our people live everywhere and work where needed to help clients navigate their business evolution with certainty. 

Categories
News

Remote Work Maturity Model: Where is Your Company During Coronavirus Pandemic?

The Internet is full of tips for “remote workers.” However, if you are a business leader who is responsible for enabling remote work, this Maturity Model can help you identify gaps you need to address and communicate timely decisions.

This Remote Work Maturity Model includes these four areas: Policies, Technology, Secured Technology, and ultimately maintaining Operational Productivity.

Having Policies & Technology in Place

Having the appropriate policies and technology is the first step in the Remote Work Maturity Model. You have policies that outline expectations and required behaviors, and all or some of your team may have laptops or devices that allow them to work from anywhere. Many companies have not yet needed to solve either of these problems and have been caught off-guard with the immediacy of COVID-19 pandemic. If you have both, now is a good time provide clarity on those expectations through communication.

Remote Work Maturity Model

Ensuring Security Measures are in Place

Having a portion or all of your workforce operating remotely adds new attack vectors that your information security team needs to address. Depending on applications, networks, and other solutions you have in place, adjustments might need to be made to existing security solutions. You might even realize you need to implement stronger, more stringent security measures. And again, re-educating your workforce about phishing, physically securing their devices, and avoiding malicious websites is critical. 

It’s also a good time to confirm if you have tested, secured technology solutions in place to prevent attacks. Encrypted devices? Redundant network connections? VPN solutions? Secure cloud configuration? Traffic monitoring? Logging? Alerting?

Remote Work Maturity Model

Keeping People Productive

Once you’ve confirmed policies and tested, secured technology solutions are in place, your focus is on maintaining the same level of operational productivity. Coordinating work and collaboration across teams, departments, and the entire organization presents an even greater challenge when dynamic changes occur this quickly. Teams must understand objectives, along with the necessary resources and collaboration tools to optimize engagement and productivity while working remotely. 

How you respond to the novel Coronavirus in keeping your team safe, productive, and secure, can serve as an experiment where your teams have the chance to discover new, more productive ways to work together.

Need Sound Advice Now?

The Trility team wants to equip you and your team to quickly adapt in order for your people to remain safe, productive, and secure.

Equipping you to keep people safe, productive, secure

We are a geographically distributed company with remote workers and clients located all over the United States and even internationally. As companies navigate these unprecedented times, we are offering “free-of-charge” conversations. If you need a sounding board for some of these gaps, we will do our best to connect you to the experts on our team.

Categories
Information Security

A Repeatable, Custom Solution for CCPA

How to Comply with CCPA Requirements

In this video, you’ll gain a high-level understanding of how your organization can comply with the California Consumer Privacy Act (CCPA) using a solution-based approach.

California Consumer Privacy Act: Solution Approach

1:00-3:29 Minutes | Defining the Business Problem

You’ll gain a basic understanding of the business problem CCPA presents to organizations by looking at it from two perspectives: The consumer making a request and an internal employee who is tasked with responding to the consumer request.

Demonstration of a Solution Approach to CCPA

3:30-5:42 | Consumer Request

You’ll walk through how a consumer would make a CCPA request from your website. CCPA requires organizations provide a Do Not Sell My Personal Information link on their websites that allows the consumer to make that request, as well as a request to delete their personal information or have their personal information shown to them.

5:42-10:00 | Internal Process

This section of the video shows how an internal team member can review and respond to a consumer requesting to have their information shown to them. This solution approach also allows for a manual review process that can be integrated with an automated one.

Not sure if CCPA applies to you?

Take a free assessment to determine if this privacy law impacts your business.

Categories
Connected Things

Internet of Things: Connecting the Physical World to Your Business

Companies are looking to use Internet of Things (IoT) to connect, modernize, or invent services and products. Extremely large volumes of sensitive data come out of IoT ecosystems. Preparing for how you plan to use and secure the data are essential conversations to have from the start.

See how Trility helped three clients build new products and services, expand solutions, and invent new ways to create efficiencies and experiences to their customer’s delight.

When we needed a team that could come in with practical solutions to our aggressive goals, we went with Trility because they offer predictable, repeatable software development processes that can scale to our needs.

Jesse / Samsung SmartThings