An Unlikely Union: DevOps and Audit

Information Security and Compliance Practices

Free Download

Many organizations often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in organizations which are under SOX or PCI regulations. In this paper, seven experts provide high-level guidance on three major concerns about DevOps Practices: DevOps and Change Control, DevOps and Security, DevOps and Separation of Duties.

Additional Info

  • Pages: 27

    Format: PDF

    Publication: October 1, 2015


    Organizations struggle with obtaining buy-in and implementing DevOps methodologies because security, compliance, and audit stakeholders (both internal and external) believe that change control requirements cannot be met. These stakeholders often tend to disrupt adoption of DevOps before an organization can explore its potential for implementation. In this paper, we will provide some high-level guidance on three major concerns about DevOps Practices: DevOps and Change Control, DevOps and Security, DevOps and Separation of Duties.


    CHAPTER 1: DevOps & Change Control
    CHAPTER 2: DevOps with Security: Secured Delivery Pipeline
    CHAPTER 3: DevOps and Separation of Duties

  • contributors

    James DeLucia, Director and Leader for Certification Services, EY Certify-Point
    Paul Duvall, Chairman and CTO at Stelligent, Author of Continuous Integration and DevOps in AWS
    Mustafa Kapadia, DevOps Service Line Leader, IBM Gene Kim, Author and Researcher
    Dave Mangot, Director of Operations, Librato, Inc.
    Tapabrata “Topo” Pal, Director, Next Generation Infrastructure, CapitalOne
    James Wickett, Sr. Engineer, Signal Sciences Corp
    Julie Yoo, Vice President, Information Security Compliance at Live Nation

Titles Also by This Author

Mythbusting DevOps in the Enterprise

Anyone leading a company through a DevOps transformation will encounter minor to significant internal skepticism or lack concrete experience. This document lists the most common leadership and cultural traps and provides high-level reassurance and evidence that DevOps practices are generally applicable and plausibly successful in enterprise environments.

The Phoenix Project (Audiobook)


In a fast-paced and entertaining style, narrator Chris Ruen brings to life a story by three luminaries of the DevOps movement. Listeners will not only learn how to improve their own IT organizations, they'll never view IT the same way again.

The Phoenix Project


Learn how to recognize problems that happen in IT organizations; how these problems jeopardize nearly every commitment the business makes in Development, IT Operations, and Information Security; and how DevOps techniques can fix the problem to help the business win.

Third Edition Coming January 2018!

The DevOps Handbook


Increase profitability, elevate work culture, and exceed productivity goals through DevOps practices. More than ever, the effective management of technology is critical for business competitiveness. This non-fiction follow-up to The Phoenix Project shows leaders how to replicate these incredible outcomes, by demonstrating how to integrate Product Management, Development, QA, IT Operations, and Information Security to elevate your company and win in the marketplace.