An Unlikely Union: DevOps and Audit
Information Security and Compliance Practices
Many organizations often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in organizations which are under SOX or PCI regulations. In this paper, seven experts provide high-level guidance on three major concerns about DevOps Practices: DevOps and Change Control, DevOps and Security, DevOps and Separation of Duties.
Additional Info
-
DESCRIPTION
Organizations struggle with obtaining buy-in and implementing DevOps methodologies because security, compliance, and audit stakeholders (both internal and external) believe that change control requirements cannot be met. These stakeholders often tend to disrupt adoption of DevOps before an organization can explore its potential for implementation. In this paper, we will provide some high-level guidance on three major concerns about DevOps Practices: DevOps and Change Control, DevOps and Security, DevOps and Separation of Duties.
CONTENTS
Preface
Introduction
CHAPTER 1: DevOps & Change Control
CHAPTER 2: DevOps with Security: Secured Delivery Pipeline
CHAPTER 3: DevOps and Separation of Duties -
contributors
James DeLucia, Director and Leader for Certification Services, EY Certify-Point
Paul Duvall, Chairman and CTO at Stelligent, Author of Continuous Integration and DevOps in AWS
Mustafa Kapadia, DevOps Service Line Leader, IBM Gene Kim, Author and Researcher
Dave Mangot, Director of Operations, Librato, Inc.
Tapabrata “Topo” Pal, Director, Next Generation Infrastructure, CapitalOne
James Wickett, Sr. Engineer, Signal Sciences Corp
Julie Yoo, Vice President, Information Security Compliance at Live Nation -
Pages: 27
Format: PDF
Publication: October 1, 2015
Titles Also by This Author
Beyond The Phoenix Project (Transcript)
In this transcript of the audio series, Gene Kim and John Willis present a nine-part discussion that includes an oral history of the DevOps movement, as well as discussions around pivotal figures and philosophies that DevOps draws upon, from Goldratt to Deming; from Lean to safety culture to learning organizations.The book is a great way for listeners to take an even deeper dive into topics relevant to DevOps and leading technology organizations.
Beyond the Phoenix Project (audiobook)
Gene Kim and John Willis present this nine-part series that includes an oral history of the DevOps movement, as well as discussion around pivotal figures and philosophies that DevOps draws upon, from Goldratt to Deming; from Lean to Safety Culture to Learning Organizations.The audiobook is a great way for listeners to take an even deeper dive into topics relevant to DevOps and leading technology organizations.
Accelerate
For years, we’ve been told that the performance of software delivery teams doesn’t matter—that it can’t provide a competitive advantage to our companies. Through four years of groundbreaking research, Dr. Nicole Forsgren, Jez Humble, and Gene Kim set out to find a way to measure software delivery performance—and what drives it—using rigorous statistical methods. This book presents both the findings and the science behind that research.
Mythbusting DevOps in the Enterprise
Anyone leading a company through a DevOps transformation will encounter minor to significant internal skepticism or lack concrete experience. This document lists the most common leadership and cultural traps and provides high-level reassurance and evidence that DevOps practices are generally applicable and plausibly successful in enterprise environments.
An Unlikely Union: DevOps and Audit
Many organizations often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in organizations which are under SOX or PCI regulations. In this paper, seven experts provide high-level guidance on three major concerns about DevOps Practices: DevOps and Change Control, DevOps and Security, DevOps and Separation of Duties.
