IT job growth is at its all-time high. Therefore, it’s not a surprise that Google searches like How to onboard a new developer? How long does it take for a new developer to become productive? The best way to track software licenses and who they’re assigned to? is trending.
Developer onboarding and offboarding, project roles assigning and reassigning are nowadays quite frequent for most companies – and anything frequent should be optimized. Well, at least by the constitutes of CROZ culture!
Recognizing the pain point
Alongside the industry growth, PMs managing software development projects have a growing need for anything that might ensure a bird’s-eye view on the people, their roles and project assets. For security officers, this growth means that each employee’s access to important company resources and their revocation need to be efficiently managed and dealt with punctually. C-level wants developers to have everything in their reach and ready to go as soon as they sign the contract, but within a secure and stable internal environment which also ensures that all external obligations, particularly contracts with clients, are respected. And developers? Developers need a well-organized, smart and quick onboarding. This crossroad of necessities is where Kustodian was started.
Firstly, a few of our CROZ bright minds noticed a pattern – every time they join an external project, it takes quite a while to set up. But not just that – from chats with partners, other developers and PMs, it became evident that keeping track of new people, manual role assigning through each service, monitoring licenses and their cost, isn’t something that can or should be efficiently done in an excel table. They approached this issue from several perspectives, as shown in the following sketches.
Scenario #1
Scenario #2
Scenario #3
Scenario #4
Let’s clarify this a bit more. When a new developer joins the team, he’s usually given access to:
- Document management tools (Alfresco, DocuShare, PowerDMS)
- Project management tools (Confluence, JIRA, Asana, Trello)
- Version control platforms (GitHub, GitLab, Bitbucket)
- Internal services (VPN, wiki)
- Project-specific accounts (Mailchimp)
- Server and hosting platforms
- Time tracking tools
Since developers often don’t have unified, organization approved project layouts, and each service they use in their everyday development environment has its own roles and compartmental permissions, these are the (way too common) scenarios:
- they don’t have their working environment ready for weeks;
- each new permission request has to go through several operational layers (often including internal IT or service desk) to be granted, which furtherly delays the process, or
- permission requests are granted more easily but aren’t properly managed later – developer can access the company resources even 3 jobs later. Your competitors don’t even need industrial espionage with a fault like this!
These troubles extend and multiply with other colleagues involved. Project managers handle some roles and permissions independently in accordance with their projects, but developers overlap through multiple projects. So when security officers, responsible for compliance with security policies, try to do their job, they don’t have a simple way of knowing who was given access to what, at which level and for how long, neither a solution to urgently terminate all access if necessary.
Last but not least, having a complete picture of active, idle and canceled licenses provides certainty for all team leaders and the financial department. The situation gets unpleasant when someone asks the question why the company is spending large amounts of money on licenses that haven’t been used in months.
Kustodian tackles this multi-stream problem by providing a single pane of glass to provision and manage roles and permissions to digital assets in all systems that support the software development lifecycle.
Governance solution
Kustodian is a Kubernetes native platform providing governance over all integrated services, thus improving the developer experience. Its modular design achieved with the concept of Adapters enables choice about services that should be governed by it. Each external system has dedicated adapted capable to manage that system (GitLab, OpenShift, Confluence, Nexus, Jenkins, …) and their system modules (GitLab repository, OpenShift namespace, Confluence space, …). In theory, no system can be managed by Kustodian Adapter SDK abstraction and integration framework for custom development.
It also enables ISO compliant audit reporting, service utilization analysis and user permission enforcing via permission desire state. This means that at every point in time Kustodian shows you:
- from a user perspective – what access and level user has to all systems,
- from system perspective – which users have access to that system,
- from project module perspective – what users have access to a particular system module
From the developer’s perspective, this means a better experience because of:
- seamless project onboarding – PM can onboard user to the project and all project resources in one action; team lead or the user himself can also request onboarding for the user (PM needs to approve it)
- seamless project resource request – team lead can request project resources on demand; if a resource is inside a critical system, CSO needs to approve it
- project templates with standard and tested integrations
- developer gets Git repository with Ready2Run application
- configured CI/CD pipelines with the application running on OpenShift; GitOps
- Commit2Deploy
Get your hands on Kustodian
If you’d like to find out more about kustodian or request a demo, jump to the kustodian website. If you already realize how amazingly beneficial kustodian is for your team, just let us know at croz-info@croz.net and we can hit it off from there!
Photo by Stipan Tadić.