For too long audits and security reviews have been seen as resistant or even blocking the frequent release of software. Auditors require access to static systems and environments, which would seem to make continuous delivery impossible. Too frequently audits are a fire drill reaction to the current state and temporary fixes are put in place to appease the compliance audit without being integrated into future releases.
What if auditing, compliance and security could be fully integrated into continuous integration and continuous delivery pipelines? What if we automated our compliance policies so they could be “shifted left” as part of the application and infrastructure lifecycle? This session will discuss real-world examples of how to translate security and compliance requirements into software and make them a proactive part of the software-delivery process. We can decrease risk by defining compliance rules as code and making them a part of the standard continuous delivery workflow.
Incorporating compliance and audit checking into continuous integration pipelines allows teams to move faster and safer at the same time.view full program
Matt Ray is the Manager and Solutions Architect for APJ for Chef. He is active in several open source communities and has worked in a wide variety of industries. He has been a contributor to the open source community for over two decades and has spoken at and helped organize many conferences. He currently resides in Sydney, Australia after relocating from Austin on behalf of Chef.
He podcasts at SoftwareDefinedTalk.com, blogs at LeastResistance.net and is @mattray on Twitter, IRC, GitHub and too many Slacks.
Previous talks: https://www.slideshare.net/mattray/