Oakland Port, Global Free Trade and Dev-Ops

The Port of Oakland, Global Free Trade and Dev-Ops

Abstract — In the mid-1960’s, the United States military was struggling with a logistics nightmare between Oakland and Saigon ports. The resultant, container-driven automation of the Port of Oakland’s logistics triggered a revolution in global supply chains that unleashed global free trade. As an almost perfect analogy, modern software delivery pipeline has, over the years, strived to achieve this degree of automation but it’s been hampered by Security. ShiftLeft’s mission is to remove this last barrier by automating application security.

An important, yet relatively less known impact of United States involvement in Vietnam was its role in triggering global onset of containerization and free trade.

You might be thinking how does this even relate to information security and Dev-Ops? A lot.

Hint — “Automation of supply chains is common to both port logistics and modern software delivery

Let’s talk about the Oakland-Saigon (and incidentally global) logistics problem

In the mid 1960s, the United States military was struggling with a logistical nightmare in Vietnam. The country had minimal infrastructure — a single deep water port, broken roads and an unreliable train network. To make it worse, port operations at both ends (Saigon, Oakland & Seattle) were riddled with inefficiencies.

Typical pre-container age port logistics operation — Queen’s Wharf, Port Adelaide, Australia

As Marc Levinson notes in his book The Box, poor port logistics were standard to the era. Beyond military need, Asian export-oriented economies were also struggling to deliver cost-efficient goods to western markets due to inefficient logistics. This was a near perfect storm for the supply chain industry.

What did this pre-container supply chain look like?

  1. Industries & militaries got their items to ports via trucks or rail.
  2. Longshoreman unloaded trucks and loaded the cargo (each with its unique size) on ships based on a manifest.
  3. When the ship docked at its destination, the same process happened in reverse (unloading ships → loading trucks guided by a reverse manifest)

There were many challenges with this process, notably:

  1. Items routinely got lost, mishandled or misplaced while loading/unloading ships/trucks.
  2. Manifest errors resulted into mis-directed deliveries
  3. Finally, process was just slow

Containerized automation of ports changed all of this and more!

Malcom Mclean, through his work with the US military, popularized a containerized supply chain that revolutionized port operations forever. While US military was incidental, this simple event sparked global free trade and lifted millions out of poverty in Asia.

Modern Port of Oakland

This new supply chain was built on top of automation and standard size containers. While automation eliminated the longshoreman job of loading/unloading of goods at docks, standardized containers optimized space and delivery. This meant fewer errors, less misplacement, rare mis-direction and faster deliveries.

For folks who want to get more details, Alexis Madrigal (a writer for The Atlantic) has done a 8 part podcast on containerization.

So how does it relate to modern software development?

A lot actually!

Just like the United States military and Asian economies of the 1960s, modern software companies have struggled with inefficiency in their software delivery pipelines. They need to be more responsive and deliver better experiences faster to their customers.

Source — https://tech.gsa.gov/assets/img/guides/Mind_the_Product_old_way.png

However, just like the port operations of 1960s software delivery has historically been an inefficient process. Just 10 years ago it went like this — Developers wrote code, production IT got hardware, built, staged and deployed apps while working with security team to estimate risk and provide protection.

From days to months — just to get software from code to production!

Thankfully, we’ve taken great strides in the last 10 years. Now, with CI/CD and DevOps, we can deploy code (almost) in real-time. Getting here has come in fits and spurts, with efficiency breakthroughs through hardware virtualization, software defined infrastructure, containerization/Docker (guess where the term comes from!), etc.

The New Way — Dev-Ops movement

Essentially, IT Operations folks — erstwhile longshoreman of the software world — have transformed themselves into enablers of automation — releasing breathtaking efficiency into software delivery.

We have now optimized delivery time from months to weeks to days, but ….

Security remains the last bastion of resistance in modern software delivery automation

Software security — The Checklist Guy

Unfortunately, application security still requires lots of human intervention, which stands in the way of automation.

Specifically in the world of application security; heavy manual effort is still required to create and manage app specific security policies whether for web application firewall (WAF), RASP or even a next generation firewall (NGFW).

In some cases, folks either resort to weak solutions (for automation sake) or accept security as a unavoidable slow down of devops process.

Wouldn’t it be cool if software security could be automated?

Yes! We at ShiftLeft are doing just that.

Shiftleft — Introducing full cycle dev-sec-ops automation!

ShiftLeft, as part of the software build process, can identify security vulnerabilities and automagically create a custom agent to protect exploits against each such risk prioritized vulnerability. We allow software to be protected in production while allowing developers to fix issues identified by ShiftLeft in their build pipeline.

Each time, Every time!

No wonder Gartner identified ShiftLeft as a “Cool Vendor” for automating security as part of devops process.

Prologue

Modern software delivery is seeing amazing benefits through automation. The ability to delight your customers with new and improved features, with maximum operational efficiency, is a boon to any business. We at ShiftLeft want to help our customers achieve that promise.


Oakland Port, Global Free Trade and Dev-Ops was originally published in ShiftLeft Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

*** This is a Security Bloggers Network syndicated blog from ShiftLeft Blog - Medium authored by Alok Shukla. Read the original post at: https://blog.shiftleft.io/https-medium-com-alok-68669-oakland-port-global-free-trade-and-dev-ops-7f3d9e683e38?source=rss----86a4f941c7da---4