Ever wonder what a digital missile barrage might look like? TK Keanini zaps at the problem of distributed denial of service attacks (or DDos) in a blog post. The solution, says Keanini, is the marriage of Decide and Act (DA) and Observe and Orient (OO) functions within and among the various departments of the organization, using a concept known as DevOps.
The split, as one might call it, between DA and OO functions is a proverbial silver bullet that most companies have consistently struggled to dodge. Keanini explains it succinctly:
The security team does its thing, networking engineers do their thing, and IT operations teams in general all have administrative realms that define functional boundaries as to what they can see and do…each team has its observation and orientation (OO) process for gaining operational visibility and making decisions, as well as specific decisions and actions (DA) they can execute within their administrative realm or set of capabilities to bring change to their organization.
The DA-OO split practically invites malicious software to invade. It exploits what most companies typically view as a good thing–that being departmental specialization. A DDos is the result of multiple infected computers overwhelming a single target with web traffic by exploiting the responsibility and knowledge gaps between departments. Like a swarm of minute heat-seeker missiles, the attackers hone in on a single weak system, then use the initial victim as a platform for compromising other systems, leading to a cascade of dysfunction.
The warfare analogy of battles and heat-seeker missiles goes far here since the solution to DDos happens to come from a colonel in the military. DevOps is basically a closing of the DA-OO split using John Boyd’s ooda loop. Each department focuses carefully on what the other department is doing, each OO is focused on some other DA. As Keanini explains, the speed of this defense loop outpaces potential adversaries, making DevOps the ultimate synchronized radar of industry.
Read the full article here: http://devops.com/blogs/organizational-dysfunction-the-original-vulnerability/