Cloud Native ComputingContributory Expert VoicesDevSecOps

3 Ways to Prevent Cost Configuration Errors


When you think about the highest costs to productivity at the level of multinational organizations, there are quite a few things on the list. There’s the overhead cost of real estate, staffing, turnover, equipment, and inventory. But, in the age of cloud applications, there’s another cost that is increasingly biting into the profits of enterprise companies: Human error.

Given the rapid pace and iterative development that occurs within tech solutions like cloud services, container management, and digital infrastructure, it’s not surprising that we are witnessing an explosion in the monetary drain that human error has on large companies. Employees with varying technical prowess across the organizational structure must use complex software platforms as a major part of their job description. Even DevSecOps employees are prone to making expensive errors—with IBM estimates putting the average cost of a compromised credential breach well-above $4 Million.

Container management and cloud applications greatly magnify the impact of these mistakes. There’s no longer one central system that can be isolated and rebooted. Your company’s applications, data, and infrastructure are likely spread across multiple large-scale service providers through various kubernetes clusters, making it difficult to determine the location, nature, and extent of things like security breaches and configuration error.

It’s often said that Kubernetes is “insecure by default” and this truism includes the tendency for internal threats as well as external ones. Although the list of best practices and a solid communal understanding of container management continues to grow, numerous IT tendencies can lead to costly configuration errors.

The IT Cost of Human Error in Cloud Applications

To fully appreciate the extent to which human error elevates cost in the realm of cloud applications and services, it’s beneficial to learn from the mistakes of others. These important lessons don’t have the resonance of a 6 or 7-figure loss to hammer home the point completely, but avoiding those outcomes is crucial to staying ahead in today’s competitive marketplace. Here are some common configuration errors that can lead to pricey mistakes by your IT professionals.

Direct Access to Production Environments

One of the most common forms of costly IT error arises from the desire for extended developer access. When developers can directly interact with applications in the production environment, it’s only a matter of time before a configuration error occurs. In addition to losing out on important troubleshooting documentation, when developers work directly in production, there’s an increased likelihood of typos and manual errors.

Segregation Between DevSecOps

One of the most important things CTOs, CIOs, and other executives can do is integrate the different components of their IT department. Information asymmetries are a prominent cause of configuration error that arises simply because development professionals aren’t on the same page as their operations and security counterparts. The complexity of large-scale Kubernetes environments necessitates that the three pillars of IT are in constant contact with one another, sharing important data and information to ensure a strong CI/CD pipeline.

Lack of Ongoing Configuration Management

The bad habit of thinking a software project is complete because development has wrapped up is a pervasive issue in many enterprise IT departments. The nature of cloud applications and services necessitates that DevSecOps are continually monitoring production environment configurations. Even with all IT professionals on the same page, this configuration management process becomes increasingly difficult as enterprises scale up their digital operations.

Eliminating Configuration Errors with Policy Management

Policy management is one of the best courses of action for eliminating costly configuration errors in multi-cloud application environments. Kubernetes clusters, while certainly powerful, are simply too complex and open-ended to prevent configuration errors without outside assistance. And, as previously stated, this is not something that can be managed by IT teams in any financially feasible way. But with the help of interventions like policy management engines, the likelihood of occurrence can be greatly reduced.

Author: Ritesh Patel, VP of Products & Co-founder, Nirmata
Bio: Ritesh Patel is a co-founder at Nirmata, the company behind open source policy engine Kyverno. Ritesh has over 15 years of enterprise software development experience and has also led development teams. Prior to Nirmata, Ritesh was responsible for private cloud strategy and business development where he was leading various OpenStack related initiatives with partners. Ritesh has also held key technical positions at Trapeze Networks, Nortel and Motorola.

To hear more about cloud native topics, join the Cloud Native Computing Foundation and cloud native community at KubeCon+CloudNativeCon North America 2021 – October 11-15, 2021