SlideShare a Scribd company logo

Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX

DevOps.com
DevOps.com

Developers, operators, and corporate executives all agree that compliance with security and regulatory requirements is critical, but many find that enforcing security through manual scans and “best efforts” at the end of the cycle wastes staff time and adds days or weeks to the release schedule. Once the required environments are built, tested, and certified, today’s customer-centric product owners are already longing to push out the next set of changes, absorbing even more of IT Operations’ time to scramble for security and compliance solutions.

Technology
1 of 31
Download to read offline
© Electric Cloud | electric-cloud.com Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
© Electric Cloud | electric-cloud.com The Speakers Torsten Volk Analyst, EMA @TorstenVolk Anders Wallgren CTO, Electric Cloud @anders_wallgren
© Electric Cloud | electric-cloud.com Torsten Volk EMA
The Hard Facts “… companies take security very seriously, but the cost of keeping up with changes in technology are prohibitive,” says Chad Crandell, chief executive officer of CHMWarnick LLC, a hotel investment adviser. 60.000 GDPRinvestigations in2018 200.000 HIPAAcomplaintssince2003
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The Current Reality 5 © 2017 Enterprise ManagementAssociates,Inc. • Variance Abounds • Gaps and Exceptions Are the Norm • Proof is Rare • Time Pressures • Security AKA: “The Release Prevention Department”
85% use more than one cloud 45% use all three clouds
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING DSL Overkill – A Double-Edged Sword
Kubernetes: 11 Ways to Get Hacked (source: Kubernetes.io website.) YAML Config Encryption Points RBAC, ABAC, Logs Policies
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Different Container Setups 9 © 2017 Enterprise ManagementAssociates,Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Different Flavors of Serverless 11 © 2017 Enterprise ManagementAssociates,Inc.
EMA Identified 11 Parts of a Serverless Stack
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Key Success Metrics – So Many to Choose 13 © 2017 Enterprise ManagementAssociates,Inc. Security Defects • Per release • Number of tickets • By severity • By team • By component • By user group Repeating Occurrence • By team • By product/component • By cloud • By deployment type Time Spent on Manual Security Tasks • Time to create audit reports • Security testing • Fixing failed tests • Security Audits • Prep Time • Total hours (by dev/ops/sec) • Number and severity issues detected • Number of corrections
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING 4 Key Takeaways 14 © 2017 Enterprise ManagementAssociates,Inc. 1. Security and compliance must never slow down the continuous delivery process. 2. Automation gaps and exceptions must be eliminated to prevent slow-down and inconsistencies. 3. Compliance and security governance and control must be detached from individual technologies such as Kubernetes, Terraform, AWS Lambda, or VMware. 4. Accepting exceptions from the above key rules will result in compliance liabilities.
© Electric Cloud | electric-cloud.com Adaptive Release Orchestration How an agile pipeline leads to Continuous Compliance and DevSecOps
© Electric Cloud | electric-cloud.com DevOps Software Supply Chain Example Delivery Team Version Control Build Test Release Stage Prod Pipeline Orchestration @botchagalupe
© Electric Cloud | electric-cloud.com @botchagalupe DevSecOps Software Supply Chain Example Delivery Team Version Control Build Test Release Stage Prod Pipeline Orchestration& Acceleration Model and Automate Everything Environments, Security, and Automation as a Service Monitor and Track Releases Built-In Security and Compliance Adopt New Technologies Safely
© Electric Cloud | electric-cloud.com Model and Automate Everything • Version, test, refactor, and enhance extendable models • Avoid reinventing the wheel with repeatable, auditable, and manageable models • Eliminate drift, unplanned work and heroic efforts with guaranteed standard practices • Ensure separation of duties with standardized best practices for each and every release.
© Electric Cloud | electric-cloud.com Monitor and Track Releases • Get at-a-glance release status and health with dashboards tailored for each stakeholder. • Manage confidently with up to date data and metrics from all sources. • Improve collaboration and alignment with the same metrics and release status across all team. • Identify and resolve problems and bottlenecks quickly
© Electric Cloud | electric-cloud.com Environments, Security, and Automation as a Service • Onboard new teams, pipelines, and applications rapidly and securely. • Ensure that what is presented at each stage is exactly what’s expected. • Encourage experimentation. • Prove policy adherence with reusable components and automatic audit trails.
© Electric Cloud | electric-cloud.com Adopt New Technologies Safely • Ensure consistency and reusability across new and existing architectures, technologies, and processes. • Remove the “rocket science” and steep learning curve from supporting new technologies and APIs. • Adopt new technologies and support change in a non-disruptive way to future proof your organization.
© Electric Cloud | electric-cloud.com Built-In Security and Compliance • Enforce policies automatically with anomaly/drift detection, approval gates, compliance checks, security tests, and fine- grained ACLs. • Integrate security and compliance into the pipeline, so it’s doesn’t become a bottleneck at the last moment. • Enable one-click auditability, including built-in versioning and logging of all objects. • Accelerate incident response time and security patching across teams, releases, and environments.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The Current Reality 23 © 2017 Enterprise ManagementAssociates,Inc. • Variance Abounds • Gaps and Exceptions Are the Norm • Proof is Rare • Time Pressures • Security AKA: “The Release Prevention Department”
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 24 © 2017 Enterprise ManagementAssociates,Inc. • Variance Abounds • Gaps and Exceptions Are the Norm • Proof is Rare • Time Pressures • Security AKA: “The Release Prevention Department”
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 25 © 2017 Enterprise ManagementAssociates,Inc. • Consistency • Gaps and Exceptions Are the Norm • Proof is Rare • Time Pressures • Security AKA: “The Release Prevention Department”
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 26 © 2017 Enterprise ManagementAssociates,Inc. • Consistency • Repeatability and Flexibility • Proof is Rare • Time Pressures • Security AKA: “The Release Prevention Department”
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 27 © 2017 Enterprise ManagementAssociates,Inc. • Consistency • Repeatability and Flexibility • Auditability • Time Pressures • Security AKA: “The Release Prevention Department”
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 28 © 2017 Enterprise ManagementAssociates,Inc. • Consistency • Repeatability and Flexibility • Auditability • Time to Market • Security AKA: “The Release Prevention Department”
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 29 © 2017 Enterprise ManagementAssociates,Inc. • Consistency • Repeatability and Flexibility • Auditability • Time to Market • Security AKA: “The Release Acceleration Department”
© Electric Cloud | electric-cloud.com ElectricFlow Community Edition! Adaptive Release Orchestration Securely, flexibly, and confidently release new applications at any speed demanded by the business. Download and use it, free: electric-cloud.com/electricflow
© Electric Cloud | electric-cloud.com ElectricAccelerator Trial Edition! Build and Test Acceleration Reduce cycle time and iterate faster by dramatically accelerating builds and tests. Download and try it, free: electric-cloud.com/electricaccelerator gmake -j8 vs. EA64 core
© Electric Cloud | electric-cloud.com Thank you Q&A

Recommended

Securing The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom UpSecuring The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom UpDevOps.com
 
Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?DevOps.com
 
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar DeckHow PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar DeckAmazon Web Services
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 
Quantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipQuantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipNetskope
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentAlgoSec
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 

Recommended

Securing The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom UpSecuring The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom UpDevOps.com
 
Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?DevOps.com
 
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar DeckHow PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar DeckAmazon Web Services
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 
Quantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipQuantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipNetskope
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentAlgoSec
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Netskope
 
NetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
NetScaler: One Device, Every Need Guiding Enterprise IT to New HeightsNetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
NetScaler: One Device, Every Need Guiding Enterprise IT to New HeightsePlus
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Sebastian Taphanel CISSP-ISSEP
 
Enterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleEnterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleMarketingArrowECS_CZ
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Sebastian Taphanel CISSP-ISSEP
 
Addressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeAddressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeePlus
 
Reference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudReference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudNetskope
 
Netskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope
 
Security as Code owasp
Security as Code owaspSecurity as Code owasp
Security as Code owaspShannon Lietz
 
CSS17: Dallas - Thawing the Frozen Middle
CSS17: Dallas - Thawing the Frozen MiddleCSS17: Dallas - Thawing the Frozen Middle
CSS17: Dallas - Thawing the Frozen MiddleAlert Logic
 
Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?Tripwire
 
The Journey to DevSecOps
The Journey to DevSecOpsThe Journey to DevSecOps
The Journey to DevSecOpsSeniorStoryteller
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinarAlgoSec
 
Migrating to the Cloud: Lessons Learned from Federal Agencies
Migrating to the Cloud: Lessons Learned from Federal AgenciesMigrating to the Cloud: Lessons Learned from Federal Agencies
Migrating to the Cloud: Lessons Learned from Federal AgenciesVMware
 
Agile Testing for Embedded and IoT Software Development
Agile Testing for Embedded and IoT Software DevelopmentAgile Testing for Embedded and IoT Software Development
Agile Testing for Embedded and IoT Software DevelopmentTechWell
 
It's All About the App
It's All About the AppIt's All About the App
It's All About the AppePlus
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operationsElasticsearch
 
Bridging The Gap Between Dev and Ops
Bridging The Gap Between Dev and OpsBridging The Gap Between Dev and Ops
Bridging The Gap Between Dev and OpsDevOps.com
 
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOpsYou Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOpsDevOps.com
 

More Related Content

What's hot

Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Netskope
 
NetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
NetScaler: One Device, Every Need Guiding Enterprise IT to New HeightsNetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
NetScaler: One Device, Every Need Guiding Enterprise IT to New HeightsePlus
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
 
Enterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleEnterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleMarketingArrowECS_CZ
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Sebastian Taphanel CISSP-ISSEP
 
Addressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeAddressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeePlus
 
Reference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudReference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudNetskope
 
Netskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope
 
Security as Code owasp
Security as Code owaspSecurity as Code owasp
Security as Code owaspShannon Lietz
 
CSS17: Dallas - Thawing the Frozen Middle
CSS17: Dallas - Thawing the Frozen MiddleCSS17: Dallas - Thawing the Frozen Middle
CSS17: Dallas - Thawing the Frozen MiddleAlert Logic
 
Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?Tripwire
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinarAlgoSec
 
Migrating to the Cloud: Lessons Learned from Federal Agencies
Migrating to the Cloud: Lessons Learned from Federal AgenciesMigrating to the Cloud: Lessons Learned from Federal Agencies
Migrating to the Cloud: Lessons Learned from Federal AgenciesVMware
 
Agile Testing for Embedded and IoT Software Development
Agile Testing for Embedded and IoT Software DevelopmentAgile Testing for Embedded and IoT Software Development
Agile Testing for Embedded and IoT Software DevelopmentTechWell
 
It's All About the App
It's All About the AppIt's All About the App
It's All About the AppePlus
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operationsElasticsearch
 

What's hot (20)

Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
 
NetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
NetScaler: One Device, Every Need Guiding Enterprise IT to New HeightsNetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
NetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017
 
Enterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleEnterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu Oracle
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOps
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
 
Addressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeAddressing the Cyber-Security Landscape
Addressing the Cyber-Security Landscape
 
Reference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudReference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the Cloud
 
Netskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good Thing
 
Security as Code owasp
Security as Code owaspSecurity as Code owasp
Security as Code owasp
 
CSS17: Dallas - Thawing the Frozen Middle
CSS17: Dallas - Thawing the Frozen MiddleCSS17: Dallas - Thawing the Frozen Middle
CSS17: Dallas - Thawing the Frozen Middle
 
Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?
 
The Journey to DevSecOps
The Journey to DevSecOpsThe Journey to DevSecOps
The Journey to DevSecOps
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
 
Migrating to the Cloud: Lessons Learned from Federal Agencies
Migrating to the Cloud: Lessons Learned from Federal AgenciesMigrating to the Cloud: Lessons Learned from Federal Agencies
Migrating to the Cloud: Lessons Learned from Federal Agencies
 
Agile Testing for Embedded and IoT Software Development
Agile Testing for Embedded and IoT Software DevelopmentAgile Testing for Embedded and IoT Software Development
Agile Testing for Embedded and IoT Software Development
 
It's All About the App
It's All About the AppIt's All About the App
It's All About the App
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operations
 

Similar to Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX

Bridging The Gap Between Dev and Ops
Bridging The Gap Between Dev and OpsBridging The Gap Between Dev and Ops
Bridging The Gap Between Dev and OpsDevOps.com
 
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOpsYou Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOpsDevOps.com
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
3 Critical Keys to DevOps Success: Lessons from Forrester Research, Intel, an...
3 Critical Keys to DevOps Success: Lessons from Forrester Research, Intel, an...3 Critical Keys to DevOps Success: Lessons from Forrester Research, Intel, an...
3 Critical Keys to DevOps Success: Lessons from Forrester Research, Intel, an...DevOps.com
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? Jorge García
 
Test Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOpsTest Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOpsTechWell
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017Deborah Schalm
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017 EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017 DevOps.com
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Gitex journey to the cloud
Gitex journey to the cloudGitex journey to the cloud
Gitex journey to the cloudJorge Sebastiao
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Transform Your Organization with Real Real-Time Monitoring
Transform Your Organization with Real Real-Time MonitoringTransform Your Organization with Real Real-Time Monitoring
Transform Your Organization with Real Real-Time MonitoringAmazon Web Services
 
End to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOpsEnd to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOpseG Innovations
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
How Far Can You Go with Agile for Embedded Software?
How Far Can You Go with Agile for Embedded Software?How Far Can You Go with Agile for Embedded Software?
How Far Can You Go with Agile for Embedded Software?TechWell
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudAmazon Web Services
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Jason Mashak
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementAlgoSec
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarMaytal Levi
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Maytal Levi
 

Similar to Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX (20)

Bridging The Gap Between Dev and Ops
Bridging The Gap Between Dev and OpsBridging The Gap Between Dev and Ops
Bridging The Gap Between Dev and Ops
 
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOpsYou Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
 
3 Critical Keys to DevOps Success: Lessons from Forrester Research, Intel, an...
3 Critical Keys to DevOps Success: Lessons from Forrester Research, Intel, an...3 Critical Keys to DevOps Success: Lessons from Forrester Research, Intel, an...
3 Critical Keys to DevOps Success: Lessons from Forrester Research, Intel, an...
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night?
 
Test Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOpsTest Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOps
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017 EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Gitex journey to the cloud
Gitex journey to the cloudGitex journey to the cloud
Gitex journey to the cloud
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Transform Your Organization with Real Real-Time Monitoring
Transform Your Organization with Real Real-Time MonitoringTransform Your Organization with Real Real-Time Monitoring
Transform Your Organization with Real Real-Time Monitoring
 
End to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOpsEnd to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOps
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
How Far Can You Go with Agile for Embedded Software?
How Far Can You Go with Agile for Embedded Software?How Far Can You Go with Agile for Embedded Software?
How Far Can You Go with Agile for Embedded Software?
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS Cloud
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX

  • 1. © Electric Cloud | electric-cloud.com Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
  • 2. © Electric Cloud | electric-cloud.com The Speakers Torsten Volk Analyst, EMA @TorstenVolk Anders Wallgren CTO, Electric Cloud @anders_wallgren
  • 3. © Electric Cloud | electric-cloud.com Torsten Volk EMA
  • 4. The Hard Facts “… companies take security very seriously, but the cost of keeping up with changes in technology are prohibitive,” says Chad Crandell, chief executive officer of CHMWarnick LLC, a hotel investment adviser. 60.000 GDPRinvestigations in2018 200.000 HIPAAcomplaintssince2003
  • 5. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The Current Reality 5 © 2017 Enterprise ManagementAssociates,Inc. • Variance Abounds • Gaps and Exceptions Are the Norm • Proof is Rare • Time Pressures • Security AKA: “The Release Prevention Department”
  • 6. 85% use more than one cloud 45% use all three clouds
  • 7. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING DSL Overkill – A Double-Edged Sword
  • 8. Kubernetes: 11 Ways to Get Hacked (source: Kubernetes.io website.) YAML Config Encryption Points RBAC, ABAC, Logs Policies
  • 9. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Different Container Setups 9 © 2017 Enterprise ManagementAssociates,Inc.
  • 10. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Different Flavors of Serverless 11 © 2017 Enterprise ManagementAssociates,Inc.
  • 11. EMA Identified 11 Parts of a Serverless Stack
  • 12. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Key Success Metrics – So Many to Choose 13 © 2017 Enterprise ManagementAssociates,Inc. Security Defects • Per release • Number of tickets • By severity • By team • By component • By user group Repeating Occurrence • By team • By product/component • By cloud • By deployment type Time Spent on Manual Security Tasks • Time to create audit reports • Security testing • Fixing failed tests • Security Audits • Prep Time • Total hours (by dev/ops/sec) • Number and severity issues detected • Number of corrections
  • 13. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING 4 Key Takeaways 14 © 2017 Enterprise ManagementAssociates,Inc. 1. Security and compliance must never slow down the continuous delivery process. 2. Automation gaps and exceptions must be eliminated to prevent slow-down and inconsistencies. 3. Compliance and security governance and control must be detached from individual technologies such as Kubernetes, Terraform, AWS Lambda, or VMware. 4. Accepting exceptions from the above key rules will result in compliance liabilities.
  • 14. © Electric Cloud | electric-cloud.com Adaptive Release Orchestration How an agile pipeline leads to Continuous Compliance and DevSecOps
  • 15. © Electric Cloud | electric-cloud.com DevOps Software Supply Chain Example Delivery Team Version Control Build Test Release Stage Prod Pipeline Orchestration @botchagalupe
  • 16. © Electric Cloud | electric-cloud.com @botchagalupe DevSecOps Software Supply Chain Example Delivery Team Version Control Build Test Release Stage Prod Pipeline Orchestration& Acceleration Model and Automate Everything Environments, Security, and Automation as a Service Monitor and Track Releases Built-In Security and Compliance Adopt New Technologies Safely
  • 17. © Electric Cloud | electric-cloud.com Model and Automate Everything • Version, test, refactor, and enhance extendable models • Avoid reinventing the wheel with repeatable, auditable, and manageable models • Eliminate drift, unplanned work and heroic efforts with guaranteed standard practices • Ensure separation of duties with standardized best practices for each and every release.
  • 18. © Electric Cloud | electric-cloud.com Monitor and Track Releases • Get at-a-glance release status and health with dashboards tailored for each stakeholder. • Manage confidently with up to date data and metrics from all sources. • Improve collaboration and alignment with the same metrics and release status across all team. • Identify and resolve problems and bottlenecks quickly
  • 19. © Electric Cloud | electric-cloud.com Environments, Security, and Automation as a Service • Onboard new teams, pipelines, and applications rapidly and securely. • Ensure that what is presented at each stage is exactly what’s expected. • Encourage experimentation. • Prove policy adherence with reusable components and automatic audit trails.
  • 20. © Electric Cloud | electric-cloud.com Adopt New Technologies Safely • Ensure consistency and reusability across new and existing architectures, technologies, and processes. • Remove the “rocket science” and steep learning curve from supporting new technologies and APIs. • Adopt new technologies and support change in a non-disruptive way to future proof your organization.
  • 21. © Electric Cloud | electric-cloud.com Built-In Security and Compliance • Enforce policies automatically with anomaly/drift detection, approval gates, compliance checks, security tests, and fine- grained ACLs. • Integrate security and compliance into the pipeline, so it’s doesn’t become a bottleneck at the last moment. • Enable one-click auditability, including built-in versioning and logging of all objects. • Accelerate incident response time and security patching across teams, releases, and environments.
  • 22. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The Current Reality 23 © 2017 Enterprise ManagementAssociates,Inc. • Variance Abounds • Gaps and Exceptions Are the Norm • Proof is Rare • Time Pressures • Security AKA: “The Release Prevention Department”
  • 23. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 24 © 2017 Enterprise ManagementAssociates,Inc. • Variance Abounds • Gaps and Exceptions Are the Norm • Proof is Rare • Time Pressures • Security AKA: “The Release Prevention Department”
  • 24. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 25 © 2017 Enterprise ManagementAssociates,Inc. • Consistency • Gaps and Exceptions Are the Norm • Proof is Rare • Time Pressures • Security AKA: “The Release Prevention Department”
  • 25. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 26 © 2017 Enterprise ManagementAssociates,Inc. • Consistency • Repeatability and Flexibility • Proof is Rare • Time Pressures • Security AKA: “The Release Prevention Department”
  • 26. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 27 © 2017 Enterprise ManagementAssociates,Inc. • Consistency • Repeatability and Flexibility • Auditability • Time Pressures • Security AKA: “The Release Prevention Department”
  • 27. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 28 © 2017 Enterprise ManagementAssociates,Inc. • Consistency • Repeatability and Flexibility • Auditability • Time to Market • Security AKA: “The Release Prevention Department”
  • 28. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING The New Reality – Continuous Compliance 29 © 2017 Enterprise ManagementAssociates,Inc. • Consistency • Repeatability and Flexibility • Auditability • Time to Market • Security AKA: “The Release Acceleration Department”
  • 29. © Electric Cloud | electric-cloud.com ElectricFlow Community Edition! Adaptive Release Orchestration Securely, flexibly, and confidently release new applications at any speed demanded by the business. Download and use it, free: electric-cloud.com/electricflow
  • 30. © Electric Cloud | electric-cloud.com ElectricAccelerator Trial Edition! Build and Test Acceleration Reduce cycle time and iterate faster by dramatically accelerating builds and tests. Download and try it, free: electric-cloud.com/electricaccelerator gmake -j8 vs. EA64 core
  • 31. © Electric Cloud | electric-cloud.com Thank you Q&A