Crash Override

How to Uncover Potential Shadow Engineering Situations

3 minutes read ||

The product walkthrough helps surface shadow engineering issues across your cloud infrastructure and explains what they mean for your team. 

As the time to deliver functionality decreases and the demand to deliver increases, deployment speed is of the utmost importance. Engineering teams do not want to be interfered with and Security teams want to ensure a standard is set. By implementing guardrails limiting the potential paths through the development lifecycle, both Engineering and Security can feel confident in how code is being built, secured and deployed.

The following actions can help mitigate shadow engineering risks: 

  • Identify Services that are not associated with a repository in production
  • Run a campaign to address non-compliant build tools
  • Run a campaign to ensure applications are being deployed to the appropriate cloud accounts

You should be logged into your Crash Override account and be inside of your workplace. If you don’t have an account, contact us for a demo and we will be pleased to set you up. 

Get a demo here

Identify Services that are not associated with a repository in production

An initial path to tackling potential shadow engineering events is getting clear visibility into who deployed what, and where it lives.

Step 1: Navigate to the Services, selecting the Untracked tab

shadow-engineering-01.png

Step 2: Apply the filter to refine the services or review as is.

shadow-engineering-02.png

Gaining visibility into cloud-deployed services allows teams to assess and optimize their cloud resource utilization, especially when addressing the risks and inefficiencies introduced by shadow engineering practices.

Run a campaign to address non-compliant build tools

By building and running a campaign to identify repositories using unapproved build tools, teams can surface gaps where builds are bypassing the approved process. 

Step 1: Select the Campaigns tab, and click the CI/CD Platforms tile.

shadow-engineering-03.png

Select the approved platforms and proceed to the next step.

shadow-engineering-04.png

Refine the campaign scope if desired.

shadow-engineering-05.png

Define the target campaign goal.

shadow-engineering-06.png

Finalize the details before starting the campaign.

shadow-engineering-07.png

Step 2: Use the created campaign to identify areas of improvement.

shadow-engineering-08.png

Action on the campaign by contacting an identified code owner, changing status, marking progress and/or creating a ticket. 

shadow-engineering-09.png

A campaign addressing the use of non-compliant build tools mitigates the risks associated with inconsistent outputs, security vulnerabilities, and pipeline maintenance issues. Addressing this is vital for software quality, security, and maintainability.

Run a campaign to ensure applications are being deployed to the appropriate cloud accounts

Circling back to the importance of where the applications are deployed, we have the Deployment Accounts campaign.  By ensuring applications are flowing through the appropriate pipelines to the appropriate cloud accounts, we can feel more comfortable with the controls in place for an application’s lifecycle. 

Step 1: Select the Campaigns tab and click the Deployment Accounts tile. 

shadow-engineering-10.png

Define which accounts or project IDs are approved.

shadow-engineering-11.png

Proceed through the wizard, defining the scope, goal, and adding the final details.

shadow-engineering-12.png

Step 2: Use the created campaign to identify areas of improvement. Action on the campaign by contacting an identified code owner, changing status, marking progress and/or creating a ticket. 

shadow-engineering-13.png

Defining where services should be deployed on top of designating approved pipelines and detecting rogue services, Crash Override can aid in the assurance that appropriate controls are in place for an application’s lifecycle.

By identifying where Shadow Engineering activities are present, Crash Override enables customers to strategically pinpoint these activities and the accountable party, reducing operational and security risk for the enterprise. 

If you would like to know more, get a demo or try the platform for yourself we would love to hear from you. As we always say, we’re not going to bend your ear or twist your arm to sell you a solution you don’t need. We just love showing people what we have and are building.

Get a demo here

Subscribe for our latest news

Promise that we won’t spam and that we’ll send only one email a month.

Is Crash Override for you?

Honestly? We don’t know until we sit down to talk, but we’re not going to bend your ear or twist your arm to sell you a solution you don’t need. 

Give is 30 minutes to demo what Crash Override can do and how it improves DevOps.

Book a Demo