Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevOps - The Automation op compliance

Erwin Staal
March 28, 2019
Technology
0
100

DevOps - The Automation op compliance

Many organizations are adopting DevOps patterns and practices, and are enjoying the benefits that come from that adoption: More speed. Higher quality. Better value. However, many teams often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in large organizations which are under regulations or have their own strict processes. DevOps actually helps teams meet compliance standards because automation is not only an integral part of DevOps, but a great way to make sure development and deploy practices are reliable, repeatable, and traceable. This talk will show how it's possible to be both fast and compliant. We will look at both the soft and technical practices. I will cover branch policies, checks you can do during your build and deployment, Azure Security Center, Testing in production and more.

Erwin Staal

March 28, 2019
Tweet

More Decks by Erwin Staal

See All by Erwin Staal
Networking on Azure PaaS
erwinstaal
0
68
Get up to speed with DevOps
erwinstaal
0
37
Event-driven autoscaling on Kubernetes with KEDA and Azure Functions
erwinstaal
0
130
Architecting for Continuous Delivery
erwinstaal
0
190
Get up to speed with DevOps
erwinstaal
0
48
Get up to speed with DevOps using modern development practices
erwinstaal
0
67
TechDaysNL - De tien fundamenten van Continuous Delivery
erwinstaal
0
86
Microsoft Unity
erwinstaal
0
73
De 10 geboden van Continuous Delivery
erwinstaal
0
99

Other Decks in Technology

See All in Technology
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
1.8k
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.5k
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
220
OS 標準のデザインシステムを超えて - より柔軟な Flutter テーマ管理 | FlutterKaigi 2024
ronnnnn
1
340
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
320
LINEヤフーにおけるPrerender技術の導入とその効果
narirou
2
650
OCI Security サービス 概要
oracle4engineer
PRO
0
6.6k
SAP Community and Developer Update
sygyzmundovych
0
350
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
3
670
Engineer Career Talk
lycorp_recruit_jp
0
200
Zennのパフォーマンスモニタリングでやっていること
ryosukeigarashi
0
560

Featured

See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
How STYLIGHT went responsive
nonsquared
95
5.2k
Adopting Sorbet at Scale
ufuk
73
9.1k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
The Art of Programming - Codeland 2020
erikaheidi
52
13k

Transcript

  1. None
  2. None

  3. Software Engineer & ALM Consultant 4DotNet @erwin_staal Erwin Staal

  4. DevOps is the union of people, process, and products to

    enable continuous delivery of value to our end users. Donovan Brown, Microsoft DevOps

  5. Compliance Specification Standard Law Policy

  6. KPN Security Policy

  7. KPN Security Policy

  8. Availability Integrity CIA Triad Confidentiality Information Security

  9. “Fundamentally, if somebody wants to get in, they're getting in..accept

    that. Number one, you're in the fight, whether you thought you were or not. Number two, you almost certainly are penetrated." Michael Hayden, Former Director of NSA and CIA

  10. The mindset shift Prevent Breach Assume Breach Threat model Code

    review Security testing Secure development lifecycle War game exercises Centralized security monitors Live site penetration testing

  11. Speed is the new security

  12. State of DevOps Report 2018

  13. None

  14. CAB Low / Low 4-eyes principle Register change Continuous Testing

    Every change is classified as a change with low impact and low risk. We need 0-downtime deployments. Every change has been reviewed by at least one colleague. This is traceable. Every change we make is tested using a comprehensive set of automated tests. Configuration Management Automate repetitive manual processes. In order to achieve this, we need to version control everything required to perform these processes. Deployment automation Every change is deployed automatically into environments that resemble production as much as possible. Every change is registered in a central system for everyone to see.

  15. Implementing the controls Dev Ops

  16. Leverage the cloud Dev Ops PaaS IaaS

  17. None
  18. None
  19. None