From Continuous Delivery To Continuous Compliance
Continuous Delivery (CD) and regulatory compliance are two critically important ingredients in today’s connected organizations. CD enables you to move quickly and respond to change in an era where change is increasing at an exponential rate with no sign of slowing down. Regulatory compliance ensures that your organization takes the appropriate steps to follow applicable laws and appear to require adding burdensome processes and controls to your software development lifecycle. While they appear to be at odds with one another at first, they actually complement each other well. While maintaining, analyzing, confirming, and reporting on the status of required information security, compliance, and privacy controls can be difficult, integrating these tasks within your CD pipeline is easier than you think. Using examples from real-world projects in organizations just like yours, Brandon explains how to integrate compliance and reporting into your CD pipeline using tools you already know such as pair programming, Jenkins, Chef, Metasploit, and others, leading you to the regulatory promised land known as “Continuous Compliance”.
Outline/structure of the Session
I start the talk off with a story about getting audited. Asking the audience to describe their experiences. Most of these stories the audience shares are nightmares.
Next I tell them about an experience I had that went really well. The best audit I have ever participated in and how easy it is to get there.
We discuss the myths and facts surrounding compliance and how much work we already do that satisfies regulatory requirements.
Next we discuss how you can integrate compliance into your Agile process including your CI/CD pipeline.
Finally we wrap up and close with questions.
Basic compliance myths and facts
How you can immediately start to integrate security and compliance into your process
Things you can integrate into your CI/CD pipeline that automate compliance
Anyone who works with or for an organization that want's to move fast but does so within a regulated environment such as NIST, SOX, etc.
Understand the basics of Test-Driven Development, Acceptance Test-Driven Development, Agile and DevOps.