Great take! However, I wonder how you differentiate from platforms like Vanta? They already provide the monitoring and compliance framework you'll need anyway at some point.
Frankly (and I don't want to sound too negative here) I doubt that a "one click compliant infrastructure" can work without knowing anything about the use case / application / dependencies of a company. Remember, it's not just about your system, its also about the stack you're building with, so it's quite a complex problem to solve.
Thanks for that! And good question. Vanta offers a compliance checklist and integrates with your service providers (such as AWS, Github, etc.) to continuously monitor your system settings and flag potential vulnerabilities.
We provide a similar compliance checklist to Vanta, as well as HIPAA-compliant infrastructure and technical configurations. We’ll set up your application on compliant infrastructure deployed in your cloud, integrate CI/CD pipelines, and provide real-time logging/monitoring. Providing the technical piece that's compliant out of the box lets you save weeks of manual work configuring it yourself and having Vanta's API integration/AWS audit manager check it.
We use terraform to automate the infrastructure deployment process in a modular fashion. When you deploy with us, we take a dockerfile and basic information about your infrastructure setup, such as your availability region, RDS configs, instance sizes, etc. to deploy your application. This lets us support a variety of use cases and needs.
It's amazing with how much creativity users will abuse your creations. ;) And in many cases, something new is born out of it. The problem is getting the information about just how people are using your service differently than you've intended. Sometimes it's impossible to tell from traces, analytics or logfiles alone. But finding out can be quite an advantage, especially if you're a startup probing for PMF.
The best thing that can happen is that you have a channel to your customers that's constantly open. At WunderGraph, we use Slack for that, and it considerably lowers the barrier to just check in and have a quick discussion. The sooner you find out about use cases, the better - and ideally create a product around it. :)
Fair point! But here's a question (and it really is a question, not a statement) -- should things be so complex in the first place that everybody is bringing their own equipment? In my mind, this is where the problem starts.
When you start fresh, you can do so with a very much standardized set-up so a lot of things can be abstracted away. Are you familiar with the paradox of choice? Actually things may get way easier if options are fewer. Also, customization shouldn't generally take you so far as to force you to look into infrastructure. There are services for which this is not applicable, of course, but if we were able to abstract away the infrastructure problem for many use cases, many developers and companies would benefit.
I guess my point is that DevOps, as we know it, should not be necessary unless you really, really need a complex infrastructure. But in this case, this calls for a real role (more like a sysadmin) rather than for devops in terms of a philosophy / mindset / hat a developer also has to wear. Makes sense?
Hello there,
this is kind of my first post over here. Being an agile evangelist for more than 10 years, this is kind of a revelation I wanted to share. Up until now, DevOps for me was just a given (after all, this really gets you "ownership" on the dev side), but with our work at WunderGraph, I found that it's actually just addressing a problem that shouldn't exist in the first place.
I would be really happy to get your thoughts and opinions on this. After all, the title is a bit controversial and of course I'm aware that the need for DevOps won't disappear entirely. But would you agree that as devs, you actually shouldn't have to dig into the heap of AWS / other services just in order to get your code running and deployed? Let me know!
Slightly offtopic, but the image of the periodic table is "just blurry enough" that I got very distracted with "are my eyes ok, is this just bad quality?".
