“How does DevOps ideally interact with information security and compliance?”
This is a problem that was extensively explored in The Phoenix Project, and I have learned so much about the amazing ways that solutions can be found. Here are my favorite videos that describe how information security has shifted from being viewed as a burdensome obstacle to people helping everyone across the organization.
The Audit Mythbusting Panel (DevOps Enterprise Summit – Las Vegas 2019)
If you think that your auditors will never allow you to do DevOps, you must watch this incredible video. We assembled representatives from each of the Big Four audit and assurance practices to describe how DevOps for their clients is not only possible, but viewed as mandatory because they want their clients to still be around in ten years.
This is one of the coolest things I’ve done, and I suspect you’ll be as blown away by their skills as I was. You’ll want your auditors to watch this, too.
How Fannie Mae Uses Agility to Support Homeowners and Renters (DevOps Enterprise Summit – Las Vegas 2020)
This is one of my favorite sessions of all time because we hear from the leadership team at Fannie Mae, a Fortune 25 company. We learn how technology was critical for achieving their short-term objectives, such as responding to the COVID-19 pandemic, and also in the long-term, helping them manage the risks of a $4 trillion balance sheet, which is often comprised of 30 year mortgages.
But we also hear from Chris Porter, their Chief Information Security Officer—among other things. He talked about how his team was creating “paved roads” to help thousands of Fannie Mae developers get to production quickly, safely and securely.
From Your Auditor Friends: What We Wish Every Technology Leader Knew (DevOps Enterprise Summit – Europe 2021)
This was one of my favorite plenary sessions, where the audit team from Nationwide Insurance, the largest mutual insurance company, shared some very specific advice to technology leaders on dealing with auditors.
They will continue to bust some commonly held beliefs about audit, some of which may surprise you!
DevOps and Internal Audit: A Great Partnership (Part 2) (DevOps Enterprise Summit – US 2021)
After watching the video above, you’ll see this follow-up presentation they did, where they give very specific guidance and examples on how to deal with common issues that we have in DevOps—specifically how to deal with concerns around change approvals and separation of duties.
Hi, the fourth link matches the first link. Is there somewhere else to access it or perhaps you could update the fourth link please?
Thanks.
Thank you for pointing that out. This has been updated with the correct link.