Changes

Jump to navigation Jump to search
no edit summary
Line 90: Line 90:  
<br>
 
<br>
   −
<b>Use DevOps / Continuous Integration to ensure maintainability and AB Testing</b>
+
<b>Follow DevSecOps Principles</b>
* Work with multidisciplinary teams
+
* Use continuous integration and continuous deployments (CI/CD)
* Ensure testing and QA is completed
+
* Ensure automated testing occurs for security and functionality
* Work in the open; Release source code developed via GC website and GC services
+
* Include your stakeholders as part of DevSecOps process
 
</u></I>  
 
</u></I>  
 
|}
 
|}
Line 104: Line 104:     
<b>Use Cloud first</b>
 
<b>Use Cloud first</b>
* <I><u>Adopt the Use of the GC Accelerators to ensure proper Security and Access Controls - [https://github.com/canada-ca/accelerators_accelerateurs-azure Azure], [https://github.com/canada-ca/accelerators_accelerateurs-aws AWS]</u></I>
+
* <I><u>Adopt the Use of the GC Accelerators to ensure proper Security and Access Controls</u></I>
 
* Enforce this order of preference: Software as a Service (SaaS) first, then Platform as a Service (PaaS), and lastly Infrastructure as a Service (IaaS)
 
* Enforce this order of preference: Software as a Service (SaaS) first, then Platform as a Service (PaaS), and lastly Infrastructure as a Service (IaaS)
 +
*<I><u>Fulfill Cloud Services through SSC Cloud Brokering Services</u></I>
 
* Enforce this order of preference: Public cloud first, then Hybrid cloud, then Private cloud, and lastly non-cloud (on-premises) solutions
 
* Enforce this order of preference: Public cloud first, then Hybrid cloud, then Private cloud, and lastly non-cloud (on-premises) solutions
 
* Design for cloud mobility and develop an exit strategy to avoid vendor lock-in
 
* Design for cloud mobility and develop an exit strategy to avoid vendor lock-in
Line 114: Line 115:  
* Support zero-downtime deployments for planned and unplanned maintenance
 
* Support zero-downtime deployments for planned and unplanned maintenance
 
* Use distributed architectures, assume failure will happen, handle errors gracefully, and monitor <u><I>performance and behaviour </I></u> actively
 
* Use distributed architectures, assume failure will happen, handle errors gracefully, and monitor <u><I>performance and behaviour </I></u> actively
* <u>Run applications in containers <I> to enable rapid deployment and scaling
   
* Establish architectures that supports new technology insertion with minimal disruption to existing programs and services
 
* Establish architectures that supports new technology insertion with minimal disruption to existing programs and services
 
* Control Technical Diversity - design systems based on modern technologies and platforms already in use.</I></u>
 
* Control Technical Diversity - design systems based on modern technologies and platforms already in use.</I></u>
 +
 +
<b>Life Cycle Management and Security Management(?)</b>
 +
 
|}
 
|}
  
514

edits

Navigation menu

GCwiki