In the vein of bestselling titles The Phoenix Project and The Unicorn Project, Investments Unlimited will help organizations radically rethink how they handle audit, compliance, and security for their software systems. By introducing concepts, tools, and ideas to reimagine governance, this book will catalyze a more humane way to enable high-velocity software delivery that inspires trust and is inherently more secure. Read the sneak peek of this upcoming book in this post. Susan Jones had been … [Read more...]
Gene Kim’s Audit and Security Playlist
“How does DevOps ideally interact with information security and compliance?”This is a problem that was extensively explored in The Phoenix Project, and I have learned so much about the amazing ways that solutions can be found. Here are my favorite videos that describe how information security has shifted from being viewed as a burdensome obstacle to people helping everyone across the organization.The Audit Mythbusting Panel (DevOps Enterprise Summit - Las Vegas 2019)If you think that … [Read more...]
DevOps and Internal Audit: A Great Partnership at Nationwide Insurance
Nationwide Insurance offers financial services, property and casualty lines, and pet and travel insurance, among other services. At the 2021 DevOps Enterprise Summit, Ethan Culp (NETC Sr. Associate), Rusty Lewis (IT Audit Specialist), and Clarissa Lucas (IT Audit Director) described how the Nationwide Internal Audit office is putting DevOps theories into practice, how they think about risks and controls, and the influence of automation on risk mitigation. As the Nationwide team shared, here are … [Read more...]
Three Papers to Boost Audit/Security in DevOps
An Unlikely Union: DevOps and Audit Information Security and Compliance Practices Many organizations are adopting DevOps patterns and practices, and are enjoying the benefits that come from that adoption: More speed. Higher quality. Better value. However, many organizations often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in organizations which are under SOX or PCI regulations. In this … [Read more...]