SlideShare a Scribd company logo

DevOps vs GDPR: How to Comply and Stay Agile

Download as PPTX, PDF
Ben Saunders
Ben Saunders

A joint webinar between Contino and Delphix explaining how DevOps, Cloud and Data Virtualization can be used to accelerate application delivery, yet still allow organisations to remain GDPR compliant.

Technology
1 of 27
WELCOME TO TODAY'S PRESENTATION DevOps vs GDPR: How to Comply and Stay Agile A Joint Webinar between Contino & Delphix
Today's Speakers Adam Bowen Delphix Strategic Advisor, Office of the CTO Ben Saunders Contino Client Principal Ilker Taskaya Delphix Senior Solution Engineer Ian Morgan Contino Technology Strategist
Your organisation can’t ignore regulation….. Many organisations have been in denial about digital disruption. However, the onset of regulatory compliance is a disruption they can’t refuse to ignore. If you think your organisation has it’s head in the sand, or has applied the noise cancelling headphones, then now is the time to act with GDPR deadlines fast approaching. “Has the legislation been passed yet?” “This isn’t really happening is it?....breathe in...breathe out” “We don’t need to worry about these Challenger Banks…errrrr, what was that? The EU are banging on our door?” What is GDPR and how could it affect your organisation?
General Data Protection Regulation (GDPR)...In Layman's Terms EU Legislation is changing the ways in which organisations handle, distribute and utilize sensitive customer data with GDPR The intention is to align each member of the european union (EU) state, to a single set of rules and regulation. When this legislation comes to fruition, all organisations that process personally identifiable information (PII) of EU residents must adhere to a number of provisions and standards. In the event that organisations fail to adhere to these standards, then there is a likelihood that they will face significant fines or penalties. There is no opting out, every organisation must comply! So what are the implications of GDPR? 2%The amount of Global Turnover organisations will be fined, if they fail to comply with GDPR at the first time of audit. 4%The amount of Global Turnover organisations will be fined, if they fail to comply with GDPR at the second time of audit. Organisations, will be given time to remediate their data deficiencies once identified by the regulators. However, organisations should be more proactive to how they are going to handle this change and explore ways in which they can combine data agility, compliance and automation as a catalyst for business growth.
GDPR Principles - The Data Controller GDPR 1. Personal data must be processed lawfully, fairly and transparently. 2. Personal data can only collected for specified, explicitly and legitimate purposes. 3. Personal data must be adequate, relevant and limited to what is necessary for processing. 4. Personal data must be accurate and kept up to date. 5. Personal data must be kept in a form such the data subject can be identified as long as necessary for processing. 6. Personal data must be processed in a manner that ensures its security. The Data Controller is responsible for demonstrating the principles outlined below. It is also the responsibility of the Data controller to secure the same assurances from external data processors with whom they contract Enterprises must be clear on what each of the principles mean for them. Given, the broad interpretation of terms (like “processing”) a large amount of ambiguity still exists.
GDPR – Data Challenges Data Breaches Data Protection by Design & by default Data Portability Data Encryption The notion of building privacy or data protection measures into applications or processes is not new. The regulation, however makes this mandatory in Article 26. Under article 20 of the Regulation, data subjects can request a copy of personal data held on them, and can also request that this information is transmitted to another data controller. The Regulation doesn’t stipulate precisely how this information has to be presented or the format it has to be in. Given the extent to which encryption could mitigate the impacts of a data breach, enterprises should extend encryption to cover all of the data, processing and storage processes GDPR mandates that both the supervisory authority and the data subject themselves be notified of any breach. There are a number of specific data challenges under the GDPR Regulation that Enterprises need to internalize into their practice. A number of high-impact considerations are detailed below:
GDPR – Data Challenges Data Breaches Data Protection by Design & by default Data Portability Data Encryption The notion of building privacy or data protection measures into applications or processes is not new. The regulation, however makes this mandatory in Article 26. Under article 20 of the Regulation, data subjects can request a copy of personal data held on them, and can also request that this information is transmitted to another data controller. The Regulation doesn’t stipulate precisely how this information has to be presented or the format it has to be in. Given the extent to which encryption could mitigate the impacts of a data breach, enterprises should extend encryption to cover all of the data, processing and storage processes GDPR mandates that both the supervisory authority and the data subject themselves be notified of any breach. There are a number of specific data challenges under the GDPR Regulation that Enterprises need to internalize into their practice. A number of high-impact considerations are detailed below: We will be focussing on portions of this regulation today.
GDPR - A Ticking Time Bomb for Global Organisations WHO IS AFFECTED? Organisations who do business in the EU. Organisations, who have customers in the EU. Organisations that trade with other entities in the EU. RIGHT TO OPT OUT The right to opt out, or the “right to be forgotten” enables individuals to request that their data is removed from an organization's system/s of record, whereby there is no longer a legitimate reason for their data to be held. DATA BREACH & REGULATION If a data breach occurs, then organisations must notify their data protection authority within 72 hours. Audits of organisations control processes around the end to end data supply chain must be executed, to ensure they are fit for purpose. WHAT ARE THE PENALTIES? First Audit Failings - 2% GTO Second Audit Failings - 4% GTO From there on it will only get worse! PRIVACY BY DESIGN GDPR stipulates that systems and processes must be designed in a way that data compliance standards are followed and adhered to.
Privacy by Design - DevOps vs GDPR The Constraint: RIGHT TO OPT OUT The right to opt out, or the “right to be forgotten” enables individuals to request that their data is removed from an organization's system/s of record, whereby there is no longer a legitimate reason for their data to be held. The Constraint: PRIVACY BY DESIGN GDPR stipulates that systems and processes must be designed in a way that data compliance standards are followed and adhered to. The Solution: DEVOPS & DATA AGILITY TO TACKLE COMPLIANCE Contino - Continuum Delphix - Data Masking AWS - Cloud Environments Customers have the right to withdraw their consent from allowing organisations to utilise their personal data for the execution of application testing. As a result, organisations must explore ways in which they can adhere to GDPR compliance but still provision high quality test data at velocity. The premise of Accountable Empowerment must be adhered to by organisations to ensure they can track Who did What and When they did it across their delivery pipeline, this can be achieved through integrated DevOps tooling and processes. End to End Accountable Empowerment - Obfuscation, Control & Visibility: Who, What, When, Where?
Just to add more pressure….You can’t get away from BAU “We need new functionality delivered in our customer facing web-app….oh and we need it tomorrow!” “Damn it. How are we going the release an environment so we can test this feature?!” “What do you mean it is going to take us 10 days to load data into the environment?!” “Hang on, what do you mean the data is loaded...but someone has deployed the wrong config?!” “What? I have already raised an RFQ with your team... What do you mean it has expired!?”
We are teaming up to help customers address these pains... Based on the challenges that regulation brings to our joint customers, in addition to the more traditional BAU delivery bottlenecks, Contino and Delphix are applying our DevOps expertise, compliance know- how and technical wizardry to help customers accelerate their application delivery whilst controlling cost and remaining compliant. How are we doing this, I hear you say?
Accountable Empowerment - DevOps vs GDPR Continuum is a Continuous Delivery pipeline tool chain which integrates both open source and enterprise grade tools to enable the creation of a secure application delivery pipeline in AWS. In order to assist with the provisioning of production like test data, Continuum integrates with Delphix to leverage its data virtualization and data masking capabilities so that we can provision production grade environments consistently, whilst complying with GDPR legislation. With DevOps & Data Agility, we enable Accountable Empowerment. Data Masking The most advanced data security solution available. Continuum, is a platform we deploy within weeks • Full infrastructure as code • Multi region, multi availability zone deployments • Microservice / containerised deployments targeting Kubernetes • Continuous integration & continuous delivery toolchain Cloud Migration Achieve value from cloud projects faster. DevOps Complete the DevOps stack with self-service data.
DevOps & Data Agility - Future Proof for GDPR Leading digital companies are operating under a DevOps operating model – ‘You Build It, You Run It.’ Fortunately, these practices are now also viable for large established enterprises in regulated industries as the tools, practices and approaches are proven. DevOps teams operate in a more cross functional way and have more control of their stack federated to them, their use of automation tooling will lead to more tightly controlled and audited environments and increased levels of quality, resilience and compliance within a GDPR context. MASK ONCE AND DEPLOY ANYWHERE, CONSISTENTLY AND SECURELY. Build Unit Test Integration Test Dev Deploy Test Deploy Prod Deploy Continuous Integration or release automation tooling implements role based access control, whilst data can be made available across development environments. Infrastructure, middleware and application deployments are repeatable using infrastructure as code playbooks with the capacity to populate environments with obfuscated data, volumes at a fraction of the production scale with Delphix. Automated approval and deployment gates incorporated into the pipeline here. Incorporate Compliant Data Agility Mechanisms with Delphix at multiple stages of the SDLC. “Real” data copies extracted from production systems, obfuscated and stored in a staging area for environment loads either through self-service test data, or predefined automation recipes/playbooks.
Privacy by Design - DevOps vs GDPR CONTINUOUS DELIVERY PIPELINE DevOps Delivery Pipeline - Application, Data & Environment Alignment Planning, Requirements & Analysis Design & Development Repositories & Management Integration & Test Implementation & Deployment 1. Developer accepts a defect, incident or requirement. 7. Developer accepts the status of the defect, incident or requirement. 5. Developer requests peer review approval or automated acceptance. 3. Developer pulls dependencies from the binary repository. 2. Developer pulls source code from repository. 4. Source code changes are made in the local IDE. Run local code analytics. 6. Source code commits are pushed to central SCM.VCS. 8. The build server detects changes in the VCS, pulls code and initiates a build. A successful compilation triggers automated tests. 9. The build server uses the build automation tools to push the generated artifacts and deployables to the binary repository. 10. Once the changes pass automated tests, they are assessed for quality through SonarQube checks. Dependency Management Version Control Code Quality CI Server Build Automation Binary Repository IDE Defects, Incidents & Requirements Product Team / Squad work across the delivery pipeline, developing, orchestrating & testing, where required through automation and the mantra of ACCOUNTABLE EMPOWERMENT. Dependencies are pulled from the binary repository The deployment tools pull the artifacts and propagate them through the deployment environment across ST, SIT Pre-Prod. Continuous Delivery tools are used to orchestrate and manage the various parts of delivery pipeline. Environment management tools are used to provision environments and test data, under version control. Quality Assurance tools used to smoke test and secure environment. Environment Build - ST-SIT We can create a coherent Privacy by Design, GDPR compliant DevOps pipeline that ensures people have access to the right tooling to do their jobs, yet ensuring the correct governance/compliance controls exist to enable secure access to customer data.
Data Management Today PRODUCTION NON-PRODUCTION DEV TEST STAGE 3 TB of Storage, Weeks to Provision/Refresh Copy, move data STORAGE RDBMS APP STORAGE RDBMS APP STORAGE RDBMS APP STORAGE RDBMS APP 1 TB of Storage
How It Works STORAGE: < 1 TB STORAGE: 1 TB RDBMS APP DELPHIX VIRTUAL MACHINE Installs on any supported hypervisor ANY STORAGE Source STEP 1 Capture application data: one-time copy of prod 0.3 TB
How It Works STORAGE: 1 TB RDBMS APP STORAGE: < 1 TB Source STEP 2 Continuously record unique, incremental changes March 21 06:11am March 22 12:43pm March 22 08:41pm 0.3 TB
How It Works STORAGE: 1 TB RDBMS APP DEV RDBMS APP TEST RDBMS APP STAGE RDBMS APP … STORAGE: < 1 TB Source STEP 3 Share data blocks instead of duplicating data 0.3 TB
How It Works STORAGE: 1 TB RDBMS APP DEV RDBMS APP TEST RDBMS APP STAGE RDBMS APP … STORAGE: < 1 TB Source 0.3 TB
Change the Physics, Change the Game Dev Test UAT Reporting ▪ Have as many copies as you want without adding storage ▪ Access data in minutes instead of hours, days, or weeks ▪ Refresh from production at any time ▪ Rewind to any point in history ▪ Bookmark during a test and return to it in minutes ▪ Branch data at-will for troubleshooting, parallel projects ▪ Integrate with DevOps solutions to deliver environments on-demand Software appliance Any Server, Storage, Cloud 10:27 A.M. 1:30 P.M. 5:07 P.M. Virtual Database s 3 months ago Last Monday Today
21© 2014 Delphix. All Rights Reserved. Private & Confidential. Cloud On-PremisesPartners Next-gen data masking • Easy to use • Automatic profiling • Referential integrity 10:27 A.M. 1:30 P.M. 5:07 P.M. DEV 1 to N Embedded native masking 3 months ago Last Monday Today TEST 1 to N UAT 1 to N Full, Virtual, Self-Service Capability Bookmark Rewind Refresh Synchronize BranchProvision ✓ Mask Once ✓ Distribute Many ✓ Refresh Anytime
But what is the value to your organisation? Masking: We reduce the surface area for data leakage risk, by up to 80% and enable GDPR compliance. Faster Environments: By utilizing AWS hosted environments, customers can build environments in ten minutes, as opposed to waiting days, or weeks. Faster Test Data: The framework can capture production data, obfuscate it and deploy it into an environment in under four minutes, as opposed to 8 hour dump and loads times. Not to mention the 10 day lead time for requesting data! Self Service: Our framework has self-service controls to break down data lead times and ensure compliance with enable end to end traceability. Environment Visibility: Our delivery pipeline is fully configuration managed so we can see who did what, when to satisfy regulatory controls and compliance needs. Business Value Indicators 90% Faster 90% Faster Self Service Full Traceability 2% or £10MThe amount of Global Turnover organisations will be fined, if they fail to comply with GDPR at the first time of audit. 4% or £20MThe amount of Global Turnover organisations will be fined, if they fail to comply with GDPR at the second time of audit. Get your house in order and your organistion will also avoid huge penalties! By combining the powers of Continuum, Cloud and Delphix we help customers get compliant, whilst cutting cost and accelerating application delivery time to market. 80% Less Risk
What have we spoken about today?  Regulation, regulation, regulation: We have covered the necessity for your organisation to comply with regulatory controls whist providing insight into how DevOps can help with this.  GDPR Impact: We have covered the key elements of GDPR and it’s implications on organisations trading within the EU.  The DevOps Fightback: We have given substance around how DevOps can help you fight back against GDPR and become more agile in the process.  Privacy by Design: We have provided an overview of what an end to end “Privacy by Design” DevOps pipeline looks like.  Mask your data: Adam Bowen has demonstrated the power of the Delphix’s data virtualization & masking capability so that your organisation can remain GDPR compliant.
What next for your organisation?  Please feel free to request a demonstration of Continuum or Delphix to understand how both solutions can help you address GDPR legislation, whilst adopting DevOps and the Cloud!  We are also working together to execute complimentary GDPR readiness workshops. Feel free to contact Ben or Adam to learn more.  If you want to learn more about GDPR, visit the Delphix website HERE  Stay tuned for more joint webinars over the coming months. We are jointly developing a tightly integrated delivery framework. If you want to road test Delphix, you can now gain access to an engine on the AWS marketplace.  Please feel free to connect with either Ben or Adam on LinkedIn should you have some follow up questions. You can also email us: ben.saunders@contino.io adam.bowen@delphix.com
CLOSING THOUGHTS…..
Accountable Empowerment - DevOps, Cloud & Data Agility It is possible to kill three birds with one stone… by addressing regulatory & compliance controls your organisation can accelerate delivery by unshackling yourself from monolithic infrastructure and antiquated processes by implementing an integrated DevOps pipeline such as Continuum, leverage cloud hosted environments and apply data masking capabilities with Delphix to address GDPR. Three Birds One Stone… That One Stone is the combination of Continuum, Delphix and AWS. A fully integrated cloud ready Continuous Delivery pipeline that is highly secure in AWS. A Virtual Data & Masking solution that enables data agility, without adding risk to your organisation. Transformation, Regulation & Compliance Continuous Delivery for Consistent Environments Data Masking for GDPR Coverage DevOps Data Agility Cloud
QUESTIONS?

Recommended

Contino aws summit - enterprise dev ops presentation - final bs
Contino aws summit - enterprise dev ops presentation - final bsContino aws summit - enterprise dev ops presentation - final bs
Contino aws summit - enterprise dev ops presentation - final bs
Ben Saunders
 
internal-cloud-audit-risk-guide
internal-cloud-audit-risk-guideinternal-cloud-audit-risk-guide
internal-cloud-audit-risk-guide
Satchit Dokras
 
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALCSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
Satchit Dokras
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – Netmagic
Netmagic Solutions Pvt. Ltd.
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
Cade Zvavanjanja
 
17024 sapbp4 auto combined-mm (slideshare)
17024 sapbp4 auto combined-mm (slideshare)17024 sapbp4 auto combined-mm (slideshare)
17024 sapbp4 auto combined-mm (slideshare)
Tom Leeson, MSc
 
Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0
Cloud Standards Customer Council
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a Hospital
NETSCOUT
 

Recommended

Contino aws summit - enterprise dev ops presentation - final bs
Contino aws summit - enterprise dev ops presentation - final bsContino aws summit - enterprise dev ops presentation - final bs
Contino aws summit - enterprise dev ops presentation - final bs
Ben Saunders
 
internal-cloud-audit-risk-guide
internal-cloud-audit-risk-guideinternal-cloud-audit-risk-guide
internal-cloud-audit-risk-guide
Satchit Dokras
 
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALCSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
Satchit Dokras
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – Netmagic
Netmagic Solutions Pvt. Ltd.
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
Cade Zvavanjanja
 
17024 sapbp4 auto combined-mm (slideshare)
17024 sapbp4 auto combined-mm (slideshare)17024 sapbp4 auto combined-mm (slideshare)
17024 sapbp4 auto combined-mm (slideshare)
Tom Leeson, MSc
 
Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0
Cloud Standards Customer Council
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a Hospital
NETSCOUT
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
Cloud Standards Customer Council
 
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
Happiest Minds Technologies
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
Symantec
 
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
Activo Consulting
 
Maximising value while migrating your Oracle Estate to Microsoft Azure
Maximising value while migrating your Oracle Estate to Microsoft AzureMaximising value while migrating your Oracle Estate to Microsoft Azure
Maximising value while migrating your Oracle Estate to Microsoft Azure
run_frictionless
 
365 infographic-compliance
365 infographic-compliance365 infographic-compliance
365 infographic-compliance
365 Data Centers
 
GoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapGoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the Gap
Aldo Pietropaolo
 
An Intro to Cloud Computing
An Intro to Cloud ComputingAn Intro to Cloud Computing
An Intro to Cloud Computing
Publicly traded global multi-billion services company
 
Happiest Minds
Happiest MindsHappiest Minds
Happiest Minds
FMA Summits
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer
IBM
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud Computing
Joseph Williams
 
Not Your Mother's SD-WAN 101
Not Your Mother's SD-WAN 101Not Your Mother's SD-WAN 101
Not Your Mother's SD-WAN 101
QOS Networks
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usage
Citrix
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
SafeNet
 
Epaper
EpaperEpaper
Epaper
AniaPaplaCardenal
 
How Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
How Businesses are Navigating the Transition to Cloud Computing - eFax CorporateHow Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
How Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
eFax Corporate®
 
Tata Comm whitepaper
Tata Comm whitepaperTata Comm whitepaper
Tata Comm whitepaper
Abhishek Iyer
 
Intelisys Win Case Study
Intelisys Win Case StudyIntelisys Win Case Study
Intelisys Win Case Study
QOS Networks
 
Enterprise Digital Assistants: How they can support you in your Credit, Colle...
Enterprise Digital Assistants: How they can support you in your Credit, Colle...Enterprise Digital Assistants: How they can support you in your Credit, Colle...
Enterprise Digital Assistants: How they can support you in your Credit, Colle...
emagia
 
IDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPRIDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPR
Veritas Technologies LLC
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPR
MissMarvel70
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
Peter Goldbrunner
 

More Related Content

What's hot

Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
Cloud Standards Customer Council
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
Symantec
 
GoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapGoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the Gap
Aldo Pietropaolo
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
SafeNet
 
How Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
How Businesses are Navigating the Transition to Cloud Computing - eFax CorporateHow Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
How Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
eFax Corporate®
 
Tata Comm whitepaper
Tata Comm whitepaperTata Comm whitepaper
Tata Comm whitepaper
Abhishek Iyer
 

What's hot (20)

Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
 
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
 
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
 
Maximising value while migrating your Oracle Estate to Microsoft Azure
Maximising value while migrating your Oracle Estate to Microsoft AzureMaximising value while migrating your Oracle Estate to Microsoft Azure
Maximising value while migrating your Oracle Estate to Microsoft Azure
 
365 infographic-compliance
365 infographic-compliance365 infographic-compliance
365 infographic-compliance
 
GoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapGoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the Gap
 
An Intro to Cloud Computing
An Intro to Cloud ComputingAn Intro to Cloud Computing
An Intro to Cloud Computing
 
Happiest Minds
Happiest MindsHappiest Minds
Happiest Minds
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud Computing
 
Not Your Mother's SD-WAN 101
Not Your Mother's SD-WAN 101Not Your Mother's SD-WAN 101
Not Your Mother's SD-WAN 101
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usage
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
 
Epaper
EpaperEpaper
Epaper
 
How Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
How Businesses are Navigating the Transition to Cloud Computing - eFax CorporateHow Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
How Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
 
Tata Comm whitepaper
Tata Comm whitepaperTata Comm whitepaper
Tata Comm whitepaper
 
Intelisys Win Case Study
Intelisys Win Case StudyIntelisys Win Case Study
Intelisys Win Case Study
 
Enterprise Digital Assistants: How they can support you in your Credit, Colle...
Enterprise Digital Assistants: How they can support you in your Credit, Colle...Enterprise Digital Assistants: How they can support you in your Credit, Colle...
Enterprise Digital Assistants: How they can support you in your Credit, Colle...
 
IDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPRIDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPR
 

Similar to DevOps vs GDPR: How to Comply and Stay Agile

GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
Mark Baker
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaper
Jim Wilson
 

Similar to DevOps vs GDPR: How to Comply and Stay Agile (20)

Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPR
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
Using GDPR to Transform Customer Experience
Using GDPR to Transform Customer ExperienceUsing GDPR to Transform Customer Experience
Using GDPR to Transform Customer Experience
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment tools
 
Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
 
GDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-stepsGDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-steps
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPR
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
The cloud: financial, legal and technical
The cloud: financial, legal and technicalThe cloud: financial, legal and technical
The cloud: financial, legal and technical
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaper
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
 

Recently uploaded

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 

Recently uploaded (20)

Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 

DevOps vs GDPR: How to Comply and Stay Agile

  • 1. WELCOME TO TODAY'S PRESENTATION DevOps vs GDPR: How to Comply and Stay Agile A Joint Webinar between Contino & Delphix
  • 2. Today's Speakers Adam Bowen Delphix Strategic Advisor, Office of the CTO Ben Saunders Contino Client Principal Ilker Taskaya Delphix Senior Solution Engineer Ian Morgan Contino Technology Strategist
  • 3. Your organisation can’t ignore regulation….. Many organisations have been in denial about digital disruption. However, the onset of regulatory compliance is a disruption they can’t refuse to ignore. If you think your organisation has it’s head in the sand, or has applied the noise cancelling headphones, then now is the time to act with GDPR deadlines fast approaching. “Has the legislation been passed yet?” “This isn’t really happening is it?....breathe in...breathe out” “We don’t need to worry about these Challenger Banks…errrrr, what was that? The EU are banging on our door?” What is GDPR and how could it affect your organisation?
  • 4. General Data Protection Regulation (GDPR)...In Layman's Terms EU Legislation is changing the ways in which organisations handle, distribute and utilize sensitive customer data with GDPR The intention is to align each member of the european union (EU) state, to a single set of rules and regulation. When this legislation comes to fruition, all organisations that process personally identifiable information (PII) of EU residents must adhere to a number of provisions and standards. In the event that organisations fail to adhere to these standards, then there is a likelihood that they will face significant fines or penalties. There is no opting out, every organisation must comply! So what are the implications of GDPR? 2%The amount of Global Turnover organisations will be fined, if they fail to comply with GDPR at the first time of audit. 4%The amount of Global Turnover organisations will be fined, if they fail to comply with GDPR at the second time of audit. Organisations, will be given time to remediate their data deficiencies once identified by the regulators. However, organisations should be more proactive to how they are going to handle this change and explore ways in which they can combine data agility, compliance and automation as a catalyst for business growth.
  • 5. GDPR Principles - The Data Controller GDPR 1. Personal data must be processed lawfully, fairly and transparently. 2. Personal data can only collected for specified, explicitly and legitimate purposes. 3. Personal data must be adequate, relevant and limited to what is necessary for processing. 4. Personal data must be accurate and kept up to date. 5. Personal data must be kept in a form such the data subject can be identified as long as necessary for processing. 6. Personal data must be processed in a manner that ensures its security. The Data Controller is responsible for demonstrating the principles outlined below. It is also the responsibility of the Data controller to secure the same assurances from external data processors with whom they contract Enterprises must be clear on what each of the principles mean for them. Given, the broad interpretation of terms (like “processing”) a large amount of ambiguity still exists.
  • 6. GDPR – Data Challenges Data Breaches Data Protection by Design & by default Data Portability Data Encryption The notion of building privacy or data protection measures into applications or processes is not new. The regulation, however makes this mandatory in Article 26. Under article 20 of the Regulation, data subjects can request a copy of personal data held on them, and can also request that this information is transmitted to another data controller. The Regulation doesn’t stipulate precisely how this information has to be presented or the format it has to be in. Given the extent to which encryption could mitigate the impacts of a data breach, enterprises should extend encryption to cover all of the data, processing and storage processes GDPR mandates that both the supervisory authority and the data subject themselves be notified of any breach. There are a number of specific data challenges under the GDPR Regulation that Enterprises need to internalize into their practice. A number of high-impact considerations are detailed below:
  • 7. GDPR – Data Challenges Data Breaches Data Protection by Design & by default Data Portability Data Encryption The notion of building privacy or data protection measures into applications or processes is not new. The regulation, however makes this mandatory in Article 26. Under article 20 of the Regulation, data subjects can request a copy of personal data held on them, and can also request that this information is transmitted to another data controller. The Regulation doesn’t stipulate precisely how this information has to be presented or the format it has to be in. Given the extent to which encryption could mitigate the impacts of a data breach, enterprises should extend encryption to cover all of the data, processing and storage processes GDPR mandates that both the supervisory authority and the data subject themselves be notified of any breach. There are a number of specific data challenges under the GDPR Regulation that Enterprises need to internalize into their practice. A number of high-impact considerations are detailed below: We will be focussing on portions of this regulation today.
  • 8. GDPR - A Ticking Time Bomb for Global Organisations WHO IS AFFECTED? Organisations who do business in the EU. Organisations, who have customers in the EU. Organisations that trade with other entities in the EU. RIGHT TO OPT OUT The right to opt out, or the “right to be forgotten” enables individuals to request that their data is removed from an organization's system/s of record, whereby there is no longer a legitimate reason for their data to be held. DATA BREACH & REGULATION If a data breach occurs, then organisations must notify their data protection authority within 72 hours. Audits of organisations control processes around the end to end data supply chain must be executed, to ensure they are fit for purpose. WHAT ARE THE PENALTIES? First Audit Failings - 2% GTO Second Audit Failings - 4% GTO From there on it will only get worse! PRIVACY BY DESIGN GDPR stipulates that systems and processes must be designed in a way that data compliance standards are followed and adhered to.
  • 9. Privacy by Design - DevOps vs GDPR The Constraint: RIGHT TO OPT OUT The right to opt out, or the “right to be forgotten” enables individuals to request that their data is removed from an organization's system/s of record, whereby there is no longer a legitimate reason for their data to be held. The Constraint: PRIVACY BY DESIGN GDPR stipulates that systems and processes must be designed in a way that data compliance standards are followed and adhered to. The Solution: DEVOPS & DATA AGILITY TO TACKLE COMPLIANCE Contino - Continuum Delphix - Data Masking AWS - Cloud Environments Customers have the right to withdraw their consent from allowing organisations to utilise their personal data for the execution of application testing. As a result, organisations must explore ways in which they can adhere to GDPR compliance but still provision high quality test data at velocity. The premise of Accountable Empowerment must be adhered to by organisations to ensure they can track Who did What and When they did it across their delivery pipeline, this can be achieved through integrated DevOps tooling and processes. End to End Accountable Empowerment - Obfuscation, Control & Visibility: Who, What, When, Where?
  • 10. Just to add more pressure….You can’t get away from BAU “We need new functionality delivered in our customer facing web-app….oh and we need it tomorrow!” “Damn it. How are we going the release an environment so we can test this feature?!” “What do you mean it is going to take us 10 days to load data into the environment?!” “Hang on, what do you mean the data is loaded...but someone has deployed the wrong config?!” “What? I have already raised an RFQ with your team... What do you mean it has expired!?”
  • 11. We are teaming up to help customers address these pains... Based on the challenges that regulation brings to our joint customers, in addition to the more traditional BAU delivery bottlenecks, Contino and Delphix are applying our DevOps expertise, compliance know- how and technical wizardry to help customers accelerate their application delivery whilst controlling cost and remaining compliant. How are we doing this, I hear you say?
  • 12. Accountable Empowerment - DevOps vs GDPR Continuum is a Continuous Delivery pipeline tool chain which integrates both open source and enterprise grade tools to enable the creation of a secure application delivery pipeline in AWS. In order to assist with the provisioning of production like test data, Continuum integrates with Delphix to leverage its data virtualization and data masking capabilities so that we can provision production grade environments consistently, whilst complying with GDPR legislation. With DevOps & Data Agility, we enable Accountable Empowerment. Data Masking The most advanced data security solution available. Continuum, is a platform we deploy within weeks • Full infrastructure as code • Multi region, multi availability zone deployments • Microservice / containerised deployments targeting Kubernetes • Continuous integration & continuous delivery toolchain Cloud Migration Achieve value from cloud projects faster. DevOps Complete the DevOps stack with self-service data.
  • 13. DevOps & Data Agility - Future Proof for GDPR Leading digital companies are operating under a DevOps operating model – ‘You Build It, You Run It.’ Fortunately, these practices are now also viable for large established enterprises in regulated industries as the tools, practices and approaches are proven. DevOps teams operate in a more cross functional way and have more control of their stack federated to them, their use of automation tooling will lead to more tightly controlled and audited environments and increased levels of quality, resilience and compliance within a GDPR context. MASK ONCE AND DEPLOY ANYWHERE, CONSISTENTLY AND SECURELY. Build Unit Test Integration Test Dev Deploy Test Deploy Prod Deploy Continuous Integration or release automation tooling implements role based access control, whilst data can be made available across development environments. Infrastructure, middleware and application deployments are repeatable using infrastructure as code playbooks with the capacity to populate environments with obfuscated data, volumes at a fraction of the production scale with Delphix. Automated approval and deployment gates incorporated into the pipeline here. Incorporate Compliant Data Agility Mechanisms with Delphix at multiple stages of the SDLC. “Real” data copies extracted from production systems, obfuscated and stored in a staging area for environment loads either through self-service test data, or predefined automation recipes/playbooks.
  • 14. Privacy by Design - DevOps vs GDPR CONTINUOUS DELIVERY PIPELINE DevOps Delivery Pipeline - Application, Data & Environment Alignment Planning, Requirements & Analysis Design & Development Repositories & Management Integration & Test Implementation & Deployment 1. Developer accepts a defect, incident or requirement. 7. Developer accepts the status of the defect, incident or requirement. 5. Developer requests peer review approval or automated acceptance. 3. Developer pulls dependencies from the binary repository. 2. Developer pulls source code from repository. 4. Source code changes are made in the local IDE. Run local code analytics. 6. Source code commits are pushed to central SCM.VCS. 8. The build server detects changes in the VCS, pulls code and initiates a build. A successful compilation triggers automated tests. 9. The build server uses the build automation tools to push the generated artifacts and deployables to the binary repository. 10. Once the changes pass automated tests, they are assessed for quality through SonarQube checks. Dependency Management Version Control Code Quality CI Server Build Automation Binary Repository IDE Defects, Incidents & Requirements Product Team / Squad work across the delivery pipeline, developing, orchestrating & testing, where required through automation and the mantra of ACCOUNTABLE EMPOWERMENT. Dependencies are pulled from the binary repository The deployment tools pull the artifacts and propagate them through the deployment environment across ST, SIT Pre-Prod. Continuous Delivery tools are used to orchestrate and manage the various parts of delivery pipeline. Environment management tools are used to provision environments and test data, under version control. Quality Assurance tools used to smoke test and secure environment. Environment Build - ST-SIT We can create a coherent Privacy by Design, GDPR compliant DevOps pipeline that ensures people have access to the right tooling to do their jobs, yet ensuring the correct governance/compliance controls exist to enable secure access to customer data.
  • 15. Data Management Today PRODUCTION NON-PRODUCTION DEV TEST STAGE 3 TB of Storage, Weeks to Provision/Refresh Copy, move data STORAGE RDBMS APP STORAGE RDBMS APP STORAGE RDBMS APP STORAGE RDBMS APP 1 TB of Storage
  • 16. How It Works STORAGE: < 1 TB STORAGE: 1 TB RDBMS APP DELPHIX VIRTUAL MACHINE Installs on any supported hypervisor ANY STORAGE Source STEP 1 Capture application data: one-time copy of prod 0.3 TB
  • 17. How It Works STORAGE: 1 TB RDBMS APP STORAGE: < 1 TB Source STEP 2 Continuously record unique, incremental changes March 21 06:11am March 22 12:43pm March 22 08:41pm 0.3 TB
  • 18. How It Works STORAGE: 1 TB RDBMS APP DEV RDBMS APP TEST RDBMS APP STAGE RDBMS APP … STORAGE: < 1 TB Source STEP 3 Share data blocks instead of duplicating data 0.3 TB
  • 19. How It Works STORAGE: 1 TB RDBMS APP DEV RDBMS APP TEST RDBMS APP STAGE RDBMS APP … STORAGE: < 1 TB Source 0.3 TB
  • 20. Change the Physics, Change the Game Dev Test UAT Reporting ▪ Have as many copies as you want without adding storage ▪ Access data in minutes instead of hours, days, or weeks ▪ Refresh from production at any time ▪ Rewind to any point in history ▪ Bookmark during a test and return to it in minutes ▪ Branch data at-will for troubleshooting, parallel projects ▪ Integrate with DevOps solutions to deliver environments on-demand Software appliance Any Server, Storage, Cloud 10:27 A.M. 1:30 P.M. 5:07 P.M. Virtual Database s 3 months ago Last Monday Today
  • 21. 21© 2014 Delphix. All Rights Reserved. Private & Confidential. Cloud On-PremisesPartners Next-gen data masking • Easy to use • Automatic profiling • Referential integrity 10:27 A.M. 1:30 P.M. 5:07 P.M. DEV 1 to N Embedded native masking 3 months ago Last Monday Today TEST 1 to N UAT 1 to N Full, Virtual, Self-Service Capability Bookmark Rewind Refresh Synchronize BranchProvision ✓ Mask Once ✓ Distribute Many ✓ Refresh Anytime
  • 22. But what is the value to your organisation? Masking: We reduce the surface area for data leakage risk, by up to 80% and enable GDPR compliance. Faster Environments: By utilizing AWS hosted environments, customers can build environments in ten minutes, as opposed to waiting days, or weeks. Faster Test Data: The framework can capture production data, obfuscate it and deploy it into an environment in under four minutes, as opposed to 8 hour dump and loads times. Not to mention the 10 day lead time for requesting data! Self Service: Our framework has self-service controls to break down data lead times and ensure compliance with enable end to end traceability. Environment Visibility: Our delivery pipeline is fully configuration managed so we can see who did what, when to satisfy regulatory controls and compliance needs. Business Value Indicators 90% Faster 90% Faster Self Service Full Traceability 2% or £10MThe amount of Global Turnover organisations will be fined, if they fail to comply with GDPR at the first time of audit. 4% or £20MThe amount of Global Turnover organisations will be fined, if they fail to comply with GDPR at the second time of audit. Get your house in order and your organistion will also avoid huge penalties! By combining the powers of Continuum, Cloud and Delphix we help customers get compliant, whilst cutting cost and accelerating application delivery time to market. 80% Less Risk
  • 23. What have we spoken about today?  Regulation, regulation, regulation: We have covered the necessity for your organisation to comply with regulatory controls whist providing insight into how DevOps can help with this.  GDPR Impact: We have covered the key elements of GDPR and it’s implications on organisations trading within the EU.  The DevOps Fightback: We have given substance around how DevOps can help you fight back against GDPR and become more agile in the process.  Privacy by Design: We have provided an overview of what an end to end “Privacy by Design” DevOps pipeline looks like.  Mask your data: Adam Bowen has demonstrated the power of the Delphix’s data virtualization & masking capability so that your organisation can remain GDPR compliant.
  • 24. What next for your organisation?  Please feel free to request a demonstration of Continuum or Delphix to understand how both solutions can help you address GDPR legislation, whilst adopting DevOps and the Cloud!  We are also working together to execute complimentary GDPR readiness workshops. Feel free to contact Ben or Adam to learn more.  If you want to learn more about GDPR, visit the Delphix website HERE  Stay tuned for more joint webinars over the coming months. We are jointly developing a tightly integrated delivery framework. If you want to road test Delphix, you can now gain access to an engine on the AWS marketplace.  Please feel free to connect with either Ben or Adam on LinkedIn should you have some follow up questions. You can also email us: ben.saunders@contino.io adam.bowen@delphix.com
  • 26. Accountable Empowerment - DevOps, Cloud & Data Agility It is possible to kill three birds with one stone… by addressing regulatory & compliance controls your organisation can accelerate delivery by unshackling yourself from monolithic infrastructure and antiquated processes by implementing an integrated DevOps pipeline such as Continuum, leverage cloud hosted environments and apply data masking capabilities with Delphix to address GDPR. Three Birds One Stone… That One Stone is the combination of Continuum, Delphix and AWS. A fully integrated cloud ready Continuous Delivery pipeline that is highly secure in AWS. A Virtual Data & Masking solution that enables data agility, without adding risk to your organisation. Transformation, Regulation & Compliance Continuous Delivery for Consistent Environments Data Masking for GDPR Coverage DevOps Data Agility Cloud