By Bill Bensing, coauthor of Investments Unlimited: A Novel about DevOps, Security, Audit Compliance, and Thriving in the Digital Age Are vendors selling the software supply chain story 18 years behind the curve? Did the Solarwinds hack give these vendors a new marketecture? What if I told you the software supply chain is not a new concept? Even more, it existed before “cloud” was a thing. To qualify “cloud as a thing,” I use 2006 as when the cloud was born because that is when the first cloud … [Read more...]
Investments Unlimited (Excerpt Part 4)
In the vein of bestselling titles The Phoenix Project and The Unicorn Project, Investments Unlimited will help organizations radically rethink how they handle audit, compliance, and security for their software systems. By introducing concepts, tools, and ideas to reimagine governance, this book will catalyze a more humane way to enable high-velocity software delivery that inspires trust and is inherently more secure. Read Part 1, Part 2, and Part 3 of our exclusive excerpt. “Holy … [Read more...]
Investments Unlimited (Excerpt Part 3)
In the vein of bestselling titles The Phoenix Project and The Unicorn Project, Investments Unlimited will help organizations radically rethink how they handle audit, compliance, and security for their software systems. By introducing concepts, tools, and ideas to reimagine governance, this book will catalyze a more humane way to enable high-velocity software delivery that inspires trust and is inherently more secure. Read Part 1 and Part 2 of our exclusive … [Read more...]
Investments Unlimited: A Novel About DevOps, Security, Audit Compliance, and Thriving in the Digital Age (Sneak Peek)
In the vein of bestselling titles The Phoenix Project and The Unicorn Project, Investments Unlimited will help organizations radically rethink how they handle audit, compliance, and security for their software systems. By introducing concepts, tools, and ideas to reimagine governance, this book will catalyze a more humane way to enable high-velocity software delivery that inspires trust and is inherently more secure. Read the sneak peek of this upcoming book in this … [Read more...]
Investments Unlimited (Excerpt Part 2)
In the vein of bestselling titles The Phoenix Project and The Unicorn Project, Investments Unlimited will help organizations radically rethink how they handle audit, compliance, and security for their software systems. By introducing concepts, tools, and ideas to reimagine governance, this book will catalyze a more humane way to enable high-velocity software delivery that inspires trust and is inherently more secure. Read Part 1 of our exclusive excerpt here. “Okay everyone, let’s do … [Read more...]
What is Automated Governance?
By Bill Bensing, coauthor of Investments Unlimited: A Novel about DevOps, Security, Audit Compliance, and Thriving in the Digital Age Automated Governance brings the same speed and quality assurance of DevOps to information security, audit compliance, and change management. After all, when developers are pushing changes to production every few minutes, no manual governance model can keep up, which leads to workarounds and shortcuts, which leads to vulnerabilities and non-compliance. To relieve … [Read more...]
Gene Kim’s Audit and Security Playlist
“How does DevOps ideally interact with information security and compliance?”This is a problem that was extensively explored in The Phoenix Project, and I have learned so much about the amazing ways that solutions can be found. Here are my favorite videos that describe how information security has shifted from being viewed as a burdensome obstacle to people helping everyone across the organization.The Audit Mythbusting Panel (DevOps Enterprise Summit - Las Vegas 2019)If you think that … [Read more...]
Three Papers to Boost Audit/Security in DevOps
An Unlikely Union: DevOps and Audit Information Security and Compliance Practices Many organizations are adopting DevOps patterns and practices, and are enjoying the benefits that come from that adoption: More speed. Higher quality. Better value. However, many organizations often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in organizations which are under SOX or PCI regulations. In this … [Read more...]
