Line 90: |
Line 90: |
| <br> | | <br> |
| | | |
− | <b>Use DevOps / Continuous Integration to ensure maintainability and AB Testing</b> | + | <b>Follow DevSecOps Principles</b> |
− | * Work with multidisciplinary teams | + | * Use continuous integration and continuous deployments (CI/CD) |
− | * Ensure testing and QA is completed | + | * Ensure automated testing occurs for security and functionality |
− | * Work in the open; Release source code developed via GC website and GC services | + | * Include your stakeholders as part of DevSecOps process |
| </u></I> | | </u></I> |
| |} | | |} |
Line 104: |
Line 104: |
| | | |
| <b>Use Cloud first</b> | | <b>Use Cloud first</b> |
− | * <I><u>Adopt the Use of the GC Accelerators to ensure proper Security and Access Controls - [https://github.com/canada-ca/accelerators_accelerateurs-azure Azure], [https://github.com/canada-ca/accelerators_accelerateurs-aws AWS]</u></I> | + | * <I><u>Adopt the Use of the GC Accelerators to ensure proper Security and Access Controls</u></I> |
| * Enforce this order of preference: Software as a Service (SaaS) first, then Platform as a Service (PaaS), and lastly Infrastructure as a Service (IaaS) | | * Enforce this order of preference: Software as a Service (SaaS) first, then Platform as a Service (PaaS), and lastly Infrastructure as a Service (IaaS) |
| + | *<I><u>Fulfill Cloud Services through SSC Cloud Brokering Services</u></I> |
| * Enforce this order of preference: Public cloud first, then Hybrid cloud, then Private cloud, and lastly non-cloud (on-premises) solutions | | * Enforce this order of preference: Public cloud first, then Hybrid cloud, then Private cloud, and lastly non-cloud (on-premises) solutions |
| * Design for cloud mobility and develop an exit strategy to avoid vendor lock-in | | * Design for cloud mobility and develop an exit strategy to avoid vendor lock-in |
Line 114: |
Line 115: |
| * Support zero-downtime deployments for planned and unplanned maintenance | | * Support zero-downtime deployments for planned and unplanned maintenance |
| * Use distributed architectures, assume failure will happen, handle errors gracefully, and monitor <u><I>performance and behaviour </I></u> actively | | * Use distributed architectures, assume failure will happen, handle errors gracefully, and monitor <u><I>performance and behaviour </I></u> actively |
− | * <u>Run applications in containers <I> to enable rapid deployment and scaling
| |
| * Establish architectures that supports new technology insertion with minimal disruption to existing programs and services | | * Establish architectures that supports new technology insertion with minimal disruption to existing programs and services |
| * Control Technical Diversity - design systems based on modern technologies and platforms already in use.</I></u> | | * Control Technical Diversity - design systems based on modern technologies and platforms already in use.</I></u> |
| + | |
| + | <b>Life Cycle Management and Security Management(?)</b> |
| + | |
| |} | | |} |
| | | |