Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevOps - The Automation op compliance

Erwin Staal
March 28, 2019
Technology
0
86

DevOps - The Automation op compliance

Many organizations are adopting DevOps patterns and practices, and are enjoying the benefits that come from that adoption: More speed. Higher quality. Better value. However, many teams often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in large organizations which are under regulations or have their own strict processes. DevOps actually helps teams meet compliance standards because automation is not only an integral part of DevOps, but a great way to make sure development and deploy practices are reliable, repeatable, and traceable. This talk will show how it's possible to be both fast and compliant. We will look at both the soft and technical practices. I will cover branch policies, checks you can do during your build and deployment, Azure Security Center, Testing in production and more.

Erwin Staal

March 28, 2019
Tweet

More Decks by Erwin Staal

See All by Erwin Staal
Networking on Azure PaaS
erwinstaal
0
61
Get up to speed with DevOps
erwinstaal
0
35
Event-driven autoscaling on Kubernetes with KEDA and Azure Functions
erwinstaal
0
71
Architecting for Continuous Delivery
erwinstaal
0
170
Get up to speed with DevOps
erwinstaal
0
46
Get up to speed with DevOps using modern development practices
erwinstaal
0
65
TechDaysNL - De tien fundamenten van Continuous Delivery
erwinstaal
0
83
Microsoft Unity
erwinstaal
0
69
De 10 geboden van Continuous Delivery
erwinstaal
0
91

Other Decks in Technology

See All in Technology
WebアプリケーションにおけるPDOの使い方入門 / phpcon odawara 2024
meihei3
2
420
オブザーバビリティの Primary Signals
onk
PRO
0
540
20240416_devopsdaystokyo
kzkmaeda
1
180
PHP"オレ"カンファレンスの告知
ysknsid25
0
350
o11y入門_外形監視を利用したWebアプリケーションへの最適なモニタリング_TechBrew
k5k
3
100
Databricks:『生成AI World Cup』のご案内
databricksjapan
2
140
プロデザ! BY リクルート vol.18_リクルートのリサーチ実践組織「リサーチブーストコミュニティ」
recruitengineers
PRO
3
240
Databricks におけるデータエンジニアリング
databricksjapan
0
370
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
310
「手動オペレーションに定評がある」と言われた私が心がけていること / phpcon_odawara2024
blue_goheimochi
2
320
反実仮想機械学習とは何か
usaito
PRO
6
1.8k
NLP2024 参加報告LT ~RAGの生成評価と懇親戦略~ / nlp2024_attendee_presentation_LT_masuda
taro_masuda
1
190

Featured

See All Featured
4 Signs Your Business is Dying
shpigford
175
21k
A Modern Web Designer's Workflow
chriscoyier
689
190k
BBQ
matthewcrist
80
8.7k
Happy Clients
brianwarren
91
6.4k
Product Roadmaps are Hard
iamctodd
43
9.7k
Why You Should Never Use an ORM
jnunemaker
PRO
50
8.6k
Fashionably flexible responsive web design (full day workshop)
malarkey
397
65k
Building Your Own Lightsaber
phodgson
98
5.7k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4.4k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
Building Applications with DynamoDB
mza
88
5.6k
How to train your dragon (web standard)
notwaldorf
72
5.1k

Transcript

  1. None
  2. None

  3. Software Engineer & ALM Consultant 4DotNet @erwin_staal Erwin Staal

  4. DevOps is the union of people, process, and products to

    enable continuous delivery of value to our end users. Donovan Brown, Microsoft DevOps

  5. Compliance Specification Standard Law Policy

  6. KPN Security Policy

  7. KPN Security Policy

  8. Availability Integrity CIA Triad Confidentiality Information Security

  9. “Fundamentally, if somebody wants to get in, they're getting in..accept

    that. Number one, you're in the fight, whether you thought you were or not. Number two, you almost certainly are penetrated." Michael Hayden, Former Director of NSA and CIA

  10. The mindset shift Prevent Breach Assume Breach Threat model Code

    review Security testing Secure development lifecycle War game exercises Centralized security monitors Live site penetration testing

  11. Speed is the new security

  12. State of DevOps Report 2018

  13. None

  14. CAB Low / Low 4-eyes principle Register change Continuous Testing

    Every change is classified as a change with low impact and low risk. We need 0-downtime deployments. Every change has been reviewed by at least one colleague. This is traceable. Every change we make is tested using a comprehensive set of automated tests. Configuration Management Automate repetitive manual processes. In order to achieve this, we need to version control everything required to perform these processes. Deployment automation Every change is deployed automatically into environments that resemble production as much as possible. Every change is registered in a central system for everyone to see.

  15. Implementing the controls Dev Ops

  16. Leverage the cloud Dev Ops PaaS IaaS

  17. None
  18. None
  19. None