As the world adopts blockchain technologies, your IT infrastructure — and its
predictability — become critical. Many companies lack the levels of automation
and control needed to survive in this high-opportunity, high-threat environment.
Are your software, cloud, and server systems automated and robust enough? Do you
have enough quality control for both your development and your online operations?
Or will you join the list of companies bruised by huge data breaches and loss o
f control over their own computer systems? If you are involved in blockchain, or
any industry for that matter, these are the questions you need to ask yourself.
Blockchain will require you to put more information online than ever before,
creating huge exposures for organizations that do not have a handle on their
security. Modern DevOps technologies, including many open-source systems, offer
powerful solutions that can improve your systems to a level suitable for use with
Are companies REALLY ready for Blockchain technology?
The answer to it is most of the companies are NOT and those who are need to audit
or reevaluate whether they are. The reason is BlockChain puts data to public making
it prone to outside attacks if systems are not hardenend and updated on timely
Big companies such as Equifax had millions of records stolen, Heartland credit
processing was hacked and eventually had to pay 110 million and Airbus A400M due
to wrong installation of manual software patch resulted in death of everyone on
on the plain. These are few of many such big companies that was hacked due to poorly
implemented IT technology.
Once hailed as unhackable, blockchains are now getting hacked. According to a MIT
technology review, hackers have stolen nearly $2 billion worth of cryptocurrency
since the beginning of 2017.
Big Question: Why Companies are getting hacked ?
Blockchain itself isn't always the problem. Sometimes the blockchain is secure
but the IT infrastructure is not capable to supporting it. There are cases where
open firewalls, unencrypted data, poor testing and manual errors were reasons
behind the hacking.
So, the question to ask is: Is the majority of your IT infrastructure secure
and reliable enough to support Blockchain Technology ?
What is an IT Factory ?
IT factory as per Aaron Contorer, founder
and Chariman of FP Complete is divided into 3 parts
- System Operations
If IT factory is implemented properly at each stage it could result in a new and
better IT services leading to a more reliable, scalable and secure environment.
Deployment is a bridge that allows software running on a developer laptop all the
way to a scalable system and running Ops for monitoring. With DevOps practice,
we can ensure all the three stages of IT factory implemented.
But, the key to build a working IT factory is Automation that ensure each step
in the deployment process is reliable. With microservices architecture ,building
and testing a reliable containerized based system is much easier now compared to
the earlier days.
The only way to ensure a reliable, reproducible system is if companies start
automating each step of their software life cycle journey. Companies that are ensuring
good DevOps practices have a robust IT infrastructure compared to those that are
DevOps for Blockchain
DevOps tools helps BlockChain better as it can ensure all code is tracked, tested,
deployed automatically, audited and Quality Assurance tested along each stage of
the delivery pipeline.
The other benefits of having DevOps methods implemented in BlockChain is that it
reduces the overall operational cost to companies, speeds up the overall pace of
software development and release cycle, improves the software quality and increases
The following DevOps methods, if implemented in Blockchain, can be very helpful
1. Engineer for Safety
- With proper version control tool like GITHUB , source code can be viewed,
tracked with proper history of all changes to the base
- Development tools used by developers should be of the same version, should be
tracked and should be uniform across the project
- Continuous Integration (CI) pipeline must be implemented at the development
stage to ensure nothing breaks on each commit. There are tools such as Jenkins,
Bamboo, Code Pipeline and many more that can help in setting up a proper CI .
- Each commit should be properly tested using test case management system with
proper unit test cases for each commit
- Each Project should also have an Issue tracking system like JIRA, GITLAB etc
to ensure all requests are properly tracked and closed.
2. Deploy for Safety
- Continuous Deployment via DevOps tools to ensure code is automatically deployed
to each environment
- Each environment (Development, Testing, DR, Production) should be a replica
of each other
- Allow automation to setup all relevant infrastructure related to allow successful
deployment of code
- Setup infrastructure as code (IAC) to provision infrastructure that helps in
reducing manual errors
- Sanity of each deployment by running test cases to ensure each component is
functioning as expected
- Running Security testing after each Deployment on each environment
- Ensure system can be RollBack/Rollforward without any manual intervention like
- Use container based deployments that provide more reliability for deployments
3. Operate for Safety
- Set up Continuous Automated Monitoring and Logging
- Set up Anomaly detection and alerting mechanism
- Set up Automated Response and Recovery for any failures
- Ensure a Highly Available and scalable system for reliability
- Ensure data is encrypted for all outbound and inbound communication
- Ensure separation of admin powers, database powers, deployment powers , user
access etc. The more the powers are separated the lesser the risk
4. Separate for Safety
- Separate each system internally from each other by using multiple small networks.
For Eg: database/backend on private subnets while UI on public subnets
- Set Internal and MutFirewalls ensure the database systems are protected with no access
- Separate Responsibility and credentials for reduce risk of exposure
5. Human systems
Despite keeping hardware and software checks, most the breaking of blockchain
systems today has happened because of "People" or "Human Errors".
Most people try hacks/workaround to get stuff working on production with no knowledge
on the impacts it could do on the system. Sometimes these stuff are not documented
making it hard for the other person to fix it. Sometimes asking others to login
to unauthorized systems by sharing credentials over calls paves a path for unsecure
To ensure companies must,
- Train people to STOP doing manual efforts to fix a broken system.
- Train people NOT to do "Social Engineering" like asking colleagues
to login to systems on their behalf, sharing passwords etc.
6. Quality Assurance
- Need to review the Architectural as well as best practices are ensured in the
product life cycle
- Need to ensure the code deploy pipeline has scope for penetration Testing
- Need to ensure there is weekly/monthly auditing of metrics, logs , systems to
check for threats to the systems
- Each component and patch on system should be tested and approved by QA before
rolling out to Production
- Companies could also hire third parties to audit their system on their behalf
How to get there ?
The good news is "IT IS POSSIBLE". There is no need for giant or all-in-one solutions.
Companies that are starting fresh need to start at the early phase of development
to building a reliable system by focussing on above 6 points mentioned above. They
need to start thinking on all areas in the "Plan and Design" phase itself.
For companies who are already on production or nearing production does not need
to have to start fresh . They can start making incremental progress but it needs
to start TODAY.
Automation is the only SCIENCE in IT that can reduce errors and help towards building
a more and more reliable system. It will in the future save money and resources that
can be redirected to focus on other areas.
To conclude, FP Complete has been a leading consultant
on providing DevOps services. We excel at what we do and if you are looking to implement
DevOps in your BlockChain. Please feel free to reach out to us for free consultations.
Subscribe to our blog via email
Email subscriptions come from our Atom feed and are handled by Blogtrottr. You will only receive notifications of blog posts, and can unsubscribe any time.
Do you like this blog post and need help with DevOps, Rust or functional programming? Contact us.