In the vein of bestselling titles The Phoenix Project and The Unicorn Project, Investments Unlimited will help organizations radically rethink how they handle audit, compliance, and security for their software systems. By introducing concepts, tools, and ideas to reimagine governance, this book will catalyze a more humane way to enable high-velocity software delivery that inspires trust and is inherently more secure. Read Part 1, Part 2, and Part 3 of our exclusive excerpt. “Holy … [Read more...]
Investments Unlimited (Excerpt Part 3)
In the vein of bestselling titles The Phoenix Project and The Unicorn Project, Investments Unlimited will help organizations radically rethink how they handle audit, compliance, and security for their software systems. By introducing concepts, tools, and ideas to reimagine governance, this book will catalyze a more humane way to enable high-velocity software delivery that inspires trust and is inherently more secure. Read Part 1 and Part 2 of our exclusive … [Read more...]
Investments Unlimited: A Novel About DevOps, Security, Audit Compliance, and Thriving in the Digital Age (Sneak Peek)
In the vein of bestselling titles The Phoenix Project and The Unicorn Project, Investments Unlimited will help organizations radically rethink how they handle audit, compliance, and security for their software systems. By introducing concepts, tools, and ideas to reimagine governance, this book will catalyze a more humane way to enable high-velocity software delivery that inspires trust and is inherently more secure. Read the sneak peek of this upcoming book in this … [Read more...]
Investments Unlimited (Excerpt Part 2)
In the vein of bestselling titles The Phoenix Project and The Unicorn Project, Investments Unlimited will help organizations radically rethink how they handle audit, compliance, and security for their software systems. By introducing concepts, tools, and ideas to reimagine governance, this book will catalyze a more humane way to enable high-velocity software delivery that inspires trust and is inherently more secure. Read Part 1 of our exclusive excerpt here. “Okay everyone, let’s do … [Read more...]
What is Automated Governance?
By Bill Bensing, coauthor of Investments Unlimited: A Novel about DevOps, Security, Audit Compliance, and Thriving in the Digital Age Automated Governance brings the same speed and quality assurance of DevOps to information security, audit compliance, and change management. After all, when developers are pushing changes to production every few minutes, no manual governance model can keep up, which leads to workarounds and shortcuts, which leads to vulnerabilities and non-compliance. To relieve … [Read more...]
Don’t Just Survive Your Audit, Thrive In It
By Clarissa Lucas, Technology Audit Director, Nationwide Insurance When the auditors come knocking, some people cringe and brace for the worst. Others immediately switch to survival mode, seeing auditors as adversaries out to make them look bad in a battle of good versus evil. Auditors can get a bad reputation quickly. Over the years, some have viewed them as the corporate police who get paid by the finding or as robots following a mysterious, unchanging checklist, unwilling to listen to … [Read more...]
Gene Kim’s Audit and Security Playlist
“How does DevOps ideally interact with information security and compliance?”This is a problem that was extensively explored in The Phoenix Project, and I have learned so much about the amazing ways that solutions can be found. Here are my favorite videos that describe how information security has shifted from being viewed as a burdensome obstacle to people helping everyone across the organization.The Audit Mythbusting Panel (DevOps Enterprise Summit - Las Vegas 2019)If you think that … [Read more...]
DevOps and Internal Audit: A Great Partnership at Nationwide Insurance
Nationwide Insurance offers financial services, property and casualty lines, and pet and travel insurance, among other services. At the 2021 DevOps Enterprise Summit, Ethan Culp (NETC Sr. Associate), Rusty Lewis (IT Audit Specialist), and Clarissa Lucas (IT Audit Director) described how the Nationwide Internal Audit office is putting DevOps theories into practice, how they think about risks and controls, and the influence of automation on risk mitigation. As the Nationwide team shared, here are … [Read more...]
Three Papers to Boost Audit/Security in DevOps
An Unlikely Union: DevOps and Audit Information Security and Compliance Practices Many organizations are adopting DevOps patterns and practices, and are enjoying the benefits that come from that adoption: More speed. Higher quality. Better value. However, many organizations often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in organizations which are under SOX or PCI regulations. In this … [Read more...]
