Modern Governance and the Service Mesh

As part of Gene Kim’s IT Revolution Forum papers project, we wrote a paper entitled DevOps Automated Governance Reference Architecture. This paper aimed to create an architecture that could reduce the toil and increase the effectiveness of enterprise risk and internal audit. When we finished writing the second version in 2021, we turned it into a bestselling novel called Investments Unlimited (IUI). IUI describes what happens when an investment bank fails an audit and how they respond. As a result, we are calling this Modern Governance. In this presentation will discuss the genesis of the IUI story, then examine some of the new risk opportunities with cloud native implementations like Service Mesh, ISTIO, and Envoy. In this new cloud native world network layer 7 proxies are replacing traditional layer 3 traffic management primitives, which are controlled by APIs and simple configuration files. In addition, NIST has been actively documenting these potential risks (see NIST 800-204). In order to take advantage of these new risk opportunities, enterprises must continually learn to become better, faster, and safer.



John Willis

The IT management experience of John Willis spans over 40 years. Currently, he works at a startup called Kosli that focuses on modern governance. He has worked as a consultant and evangelist for Red ...