Modern Governance and the Service Mesh

As part of Gene Kim’s IT Revolution Forum papers project, we wrote a paper entitled DevOps Automated Governance Reference Architecture. This paper aimed to create an architecture that could reduce the toil and increase the effectiveness of enterprise risk and internal audit. When we finished writing the second version in 2021, we turned it into a bestselling novel called Investments Unlimited. (IUI). IUI describes what happens when an investment bank fails an audit and how they respond. As a result, we are calling this Modern Governance. We will discuss the genesis of the IUI story, then examine some of the new risk opportunities with cloud native implementations like Service Mesh, ISTIO, and Envoy. L7 proxies are replacing traditional L3 traffic management primates, which are controlled by APIs and simple configuration files. In addition, NIST has been actively documenting these potential risks (see NIST 800-204). In order to take advantage of these new opportunities, enterprises must become better, faster, and safer.



John Willis

John Willis has worked in the IT management industry for more than 35 years. Currently he is a Distinguished Researcher at Kosli. Before that John worked as an Evangelist at Docker Inc. Prior to ...