Even with all the #movingtogitlab excitement last year, it never gets old to hear about folks migrating to us. So when Harold Smith, CEO and co-founder of Monkton Incorporated – a company dedicated to helping enterprises build safe, secure, and compliant mobile solutions – wrote about moving Monkton to GitLab earlier this year, we asked him to sit down with us to talk about the whys and hows.
From hodge podge of tools, to consolidated lifecycle
"We’ve been using some of your competitors’ tools. It sort of became a hodge podge of tools – they’re still good tools, but there are different tools to do different things in the development life cycle. We had known GitLab had existed for a while. And I think, like many others who know about GitLab, it was an assumption on our end that it's just a source control repository. Then we started to realize and peel back a little bit of everything GitLab does – the continuous integration, integrations with other services, the whole pipeline. We really started to focus on it and say, 'This is something we should spend time looking into and investing in.'
"It turned out to be a really good investment of time – we’ve seen time savings just in our ability to watch projects, our onboarding. It’s cutting out a lot of the managing of all these different tools and different servers. It’s just one thing to go in and manage that does most of the work we need. It's also a huge advantage for us and our customers operating under the constraints of a higher-security environment, that we're able to do continuous integration and development, secure DevOps, in a secure environment that passes their auditing needs.
It’s cutting out a lot of the managing of all these different tools and different servers. It’s just one thing to go in and manage that does most of the work we need.
"A lot of tools we were using, like some of the other continuous integration tools, are all open source software, which is great. But that comes with some responsibilities: you need to really dig to figure out how to manage it correctly, how to set things up. So, that was probably the biggest disadvantage of working with a collection of open source tools that didn’t have the proper documentation that we needed to move forward. So, once we started looking at GitLab, it really enabled us to consolidate those things. All the documentation is one place. The services that were available … It was really easy to figure out what we needed to do. And your support has been a big help as well in enabling us to rapidly deliver and stand up these environments.
"Before, some of our processes were manual, like uploading code scans to Fortify. We’ve automated all of that now on specific branches of the software that we’re building. So, it’s taken out those manual processes that had to go through the checks. When we build a mobile application and push it through the pipeline, we’re working on how can we automatically publish that to MDM. So, as soon as that code is checked in, scanned, what’s the process to get that into production? And that’s where we’ve focused a lot of effort of just entirely automation."
Automate all.the.things.
"Our collective vision within Monkton, and working with you at GitLab, and all these other companies, is how do we automate and take out human error from the equation? Our goal is that the moment code is checked in and has been reviewed, the testing lifecycle, the deployment lifecycle, the security vulnerability scanning lifecycle, should all be automated. So, it’s more of humans reviewing reports at the end versus humans having to do the inspections themselves. We really envisioned that these tools could do a much better job than humans can.
"We’re not trying to replace human jobs. But how can we free people up to do what people do best, versus laborious efforts like pen testing mobile applications or pen testing web applications? A lot of that can be automated through scripting tools – Amazon Device Farm – all of which GitLab can automate and push out. So, we’re focusing on what tools can we bring in to automate that process, tie them into GitLab, and automate everything. Or virtually everything."
Repeatability is key
"Repeatability is probably from our vantage point, one of the cornerstones of what we have to be able to do. If we have a Department of Defense customer that builds a hundred mobile apps using our software, and they discover a vulnerability in one of them – if there’s not a repeatable process to build and deliver the solutions, it would take a year to update those hundred mobile apps if they’re doing it in a very siloed environment. But with a repeatable process, they could change it out once and propagate it out, they can patch and push everything within an hour. A repeatable process allows you to have repeatable, consistent outcomes every single time, so you know that you can trust the process as part of your security program versus maybe a hodge podge of different tools and manual processes."
Lessons from the migration process
"It’s been a learning opportunity for us to see what are the best practices that we can collectively share – even with you at GitLab, there might be things that we’re all collectively learning, that we can use to help the community together. Because this isn’t just a proprietary company effort on our end and your end, or even our customers’ end. I look at it as a good learning experience for all of us to improve processes, security, compliance, and everything that goes along with that."
Here's a bit more from our chat with Harold:
Video produced by Aricka Flowers