SlideShare a Scribd company logo

Segregation of Duties and Continuous Delivery

Sriram Narayanan
Sriram Narayanan

This document discusses how to enable continuous delivery while maintaining proper segregation of duties for security and compliance. It begins by explaining continuous delivery and the need for segregation of duties. Typical enforcement of segregation of duties acts as a blocker to continuous delivery by restricting who can access or change environments. The document then recommends implementing segregation of duties in a continuous delivery friendly way through principles like involving security early, separating confidential and regular data, pre-approving standardized deployment bundles, and using multi-factor authentication and configuration management tools. This allows continuous delivery practices like frequent deployments and rapid troubleshooting while still preventing any single person from having end-to-end access or making unregulated changes.

1 of 35
Download to read offline
SEGREGATIONOFDUTIES AND CONTINUOUSDELIVERY How to enable Continuous Delivery while continuing to protect the business and customers. Sriram “Ram” Narayanan D e v S e c C o n S G 2 0 1 7 www.sriramnarayanan.com @sriramNRN
@sriramNRNwww.sriramnarayanan.com A friendly implementation of Segregation of Duties enables Continuous Delivery, Security and Compliance to co-exist 2
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY What we’ll cover today ■ About Continuous Delivery ■ The need for Segregation of Duties ■ How typical enforcement of Segregation of Duties is a blocker to CD ■ How to improve SoD enforcement and accelerate CD 3
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Important Points ■ People behave as they are measured (e.g. KPIs) ■ Most issues are 10% technical and 90% cultural/behavioral ■ CD-Friendly SoD and true Continuous Delivery are more process and people problems, and very less tool problems. ■ You should move toward automation-friendly tools, though. 4
@sriramNRNwww.sriramnarayanan.com ABOUT CONTINUOUS DELIVERY It’s beyond Continuous Integration, and beyond “CI/CD” 5
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY What Continuous Delivery is NOT: 6 Topic Clarification “CI/CD” You need more than just a “daemonic CI” and a “pipeline plugin” Continuous Deployment Deployment using Tools Blanket permission to Environment owners need to review, approve and trigger deployments at their convenience. Permission to push “Containers” to Prod What goes in those containers needs to be validated!
@sriramNRNwww.sriramnarayanan.com Continuous Delivery Keep software in a reliable and deployable state so that you can deploy on demand. 7
@sriramNRNwww.sriramnarayanan.com Continuous delivery is a software engineering approach in which teams produce software in short cycles, ensuring that the software can be reliably released at any time. It aims at building, testing, and releasing software faster and more frequently. - Wikipedia 8
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY With fast I.T. turn-around times, business can: ■ Stay competitive ■ Respond to change faster ■ Fix defects earlier ■ Try new ideas boldly and revert confidently. 9
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY What we’d love to have! 10 Commit Code Build and Package Test Locally Deploy to Production! Production Support ■ Deploy when ever we want ■ Debug processes on Production servers ■ Query Production Databases ■ Inspect traffic, review log files ■ Apply hot fixes within minutes
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY 11 Production Support ■ Deploy when ever we want - “Raise a ticket to deploy” ■ Debug processes on Production servers - “No way !!” ■ Query Production Databases - A ticket for individual query results ■ Inspect traffic, review log files - A ticket for log extracts ■ Apply hot fixes within minutes - Ticket please! Reality Check ! Commit Code Build and Package Test Locally Deploy to Production! Tickets per phase!
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY What puzzles (frustrates!) Dev Teams and Business ■ Why are Ops, Audit and Security Teams throwing roadblocks at us? ■ Are they raising roadblocks just to assert their importance? ■ Why are Ops given access that they cannot make use of to solve issues? ■ Why do we have such ridiculous policies!? ■ Why does everyone make us raise so many tickets? ■ Why are we trusted to write the software but not to troubleshoot it!!!?? ■ Are Ops, Security and Compliance on our side, or our competitors side? 12
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY What Ops, Security, Compliance have to say: 13 “We are merely following industry norms to protect business and customers. We are not the enemy! Please don’t blame us for doing our job!!”
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY So, who is right? 14 Development teams – who develop software that meets business goals? Or Ops and Security – who ensure uptimes and protect customers?
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES Why Ops, Security and Compliance do what they do 15
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Expectations from an organization ■ Make money (if a business) ■ Conform to the laws (e.g. those that protect the customers’ interests) ■ Run in a stable manner 16
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY How orgs are managed - GRC Source: Wikipedia 17 Topic Explanation Governance The executives are responsible for the org’s operations Risk Management Identify, analyze and respond to risks Compliance Conform to stated requirements (Regulations, Org policies, Business guarantees to customers) Applicable to IT, Finance, Legal
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Some examples of fraud and error ■ Untimely and/or non-uniform deployment ■ Deploying with the wrong permissions ■ Handling production environments with zero exposure and skills ■ Accessing confidential data in violation of privacy policies ■ Changing production configurations ad-hoc with poor review, and poor documentation of changes ■ Bypassing domain logic and enforcement in the application, and changing production data directly ■ Logging confidential data and accessing these via logs 18
@sriramNRNwww.sriramnarayanan.com Separation of duties (SoD) (also known as "Segregation of duties") is the concept of having more than one person required to complete a task. … an internal control intended to prevent fraud and error - Wikipedia 19
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Segregation of Duties ■ A well-understood concept in Finance, Law, Governance, Military, etc. ■ No single person should have end to end access to complete an entire workflow ■ At least one other person should be able to ● Regulate the activity, if need be. ● Review the activity 20
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Segregation of Duties in IT 21 No single person or team should have end to end access from code to production
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Typical SoD procedures for Deployments 22 Intent Action Typical Implementation Impact Devs should not author and deploy code Deployment by Ops Dependent upon Ops availability Business cannot deploy on- demand Demonstrate deployment in an auditable manner Deployment using Tools Special tools, typically not available in Dev Dev and Prod deployments are different Control over when prod is changed Deployment at specific times Strict calendar schedules Cannot deploy frequently. Exceptions can be expensive.
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Typical SoD procedures for Troubleshooting 23 Intent Action Typical Implementation Impact Devs should not access confidential data in logs Regulate access to log systems Access to prod logs governed by SLAs. Extracts only. Lack of direct access to logs prevents fast troubleshooting Prevent adhoc/harmful changes, and data sniffing Regulate access to prod servers Special tools, typically not available in Dev Dev and Prod deployments are different
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Typical SoD procedures for Databases 24 Intent Action Typical Implementation Impact Ensure database schema and data integrity by skilled DBAs Regulate changes to databases Changes reviewed and denied before prod deployment. Documentation. Waste of precious time. Wasteful documentation. Prevent adhoc/harmful changes, and data sniffing Regulate access to prod data A query per ticket, reviewed, approved, applied Waste of precious time. Penalties for delays
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Typical SoD procedures for Configuration 25 Intent Action Typical Implementation Impact Ensure that all (app,OS) changes to prod are valid and documented Regulate changes to production Changes reviewed and denied before prod deployment. Documentation Waste of precious time. Wasteful documentation. Prevent attacks based on known weaknesses Apply patches regularly at scheduled intervals Configuration (settings, patches) not shared with devs Software not tested with Prod configuration
@sriramNRNwww.sriramnarayanan.com Defensive SoD and insecurely architected software can prevent Continuous Delivery 26
@sriramNRNwww.sriramnarayanan.com CD-FRIENDLY SOD Ensure Segregation of Duties while also enabling fast response times 27
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-friendly SoD – General principles ■ Involve Ops and Security right from Design phase ■ Policies in executable form via CD-Friendly config mgmt tools. ■ Separate confidential data and logs from regular data and logs ■ Single Deployment bundle – app, config, policy, DB schema. ■ Bundle Once, Deploy anywhere ■ Restrict access to confidential data/logs, permit easy access to regular data/logs. ■ Enforce via config than via tickets (e.g. resource throttling vs tickets). ■ Use multi-factor (vs tickets) where possible to regulate actions. 28
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly deployment and configuration 29 Commit Code Build and Package Test Locally Deploy to Production! Dev, DBA, Ops, Security Tested Deployment Bundle with approved prod-ready configs 2FA Deployment enables any-time deployment by Env owner Policies, Code, Approved changes App, OS patches, configs, DB changes Deployment Bundle When gatekeeping checks are codified and tested Automated, Exploratory and Pen Tests
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly SoD! 30 Commit Code Build and Package Test Locally Deploy to Production! Production Support ■ Deploy when ever we want – Environment owners decide, use 2FA ■ Debug processes on Production servers – Yes, configs elsewhere. ■ Query Production Databases – Easier access to regular data. ■ Inspect traffic, review log files – Easier access to regular data. ■ Apply hot fixes within minutes – Test in 1-click dev envs first Dev, DBA, Ops, Security App, OS patches, configs, DB changes Pre-Approved Deployment Bundle Pre-Approved Deployment Bundle 2FA Deployment by Env Owner
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly SoD procedures for Deployments 31 Intent Action Recommended Implementation Impact Devs should not author and deploy code Deployment by Environment Owners Review and deploy changes in small batches Small batches makes changes easier to review. Demonstrate deployment in an auditable manner Configuration management tools Build once, deploy anywhere Dev-Prod are the auditably the same Control over when prod is changed Deployment by Environment Owners Frequent Deploys in small batches. Multi- factor controls Deploy only when the Env owner wants to.
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly SoD procedures for Troubleshooting 32 Intent Action Recommended Implementation Impact Devs should not access confidential data in logs and config files Separate confidential and regular logs. Externalised configuration Log UUIDs. Prod Support teams access regular logs, and can SSH to prod. Confidential data remains restricted. Prod support is fast. Prevent adhoc/harmful changes, and data sniffing Standard environments. 1-click environment creation and 1- click deployment Prod errors can be caught earlier in Dev. Reduces prod errors.
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly SoD procedures for Databases 33 Intent Action Recommended Implementation Impact Ensure database schema and data integrity by skilled DBAs Regulate changes to databases using CD- friendly DB config tools DBAs review and recommend changes at Dev using CD- friendly tools. Identical schema from Dev through prod as approved by the DBA. Prevent adhoc/harmful changes, and data sniffing Delink confidential and regular data. Restrict access to confidential data. Provide access to regular data. Most troubleshooting needs just regular data, and is fast.
@sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly SoD procedures for Configuration 34 Intent Action Recommended Implementation Impact Ensure that all (app,OS) changes to prod are valid and documented Ops and Security config settings in CD-Friendly config management tool Test pre- approved configs from dev through prod. Pre-approved and tested configs enable frequent deploys. Prevent attacks based on known weaknesses Test OS patches in Dev Apply and test OS patches via automation in 1- click dev env. Rapidly test OS patches and Software in non- Prod first.
THANKYOU Sriram “Ram” Narayanan @sriramNRN ram@thoughtworks.com www.sriramnarayanan.com

Recommended

Ibm data governance framework
Ibm data governance frameworkIbm data governance framework
Ibm data governance framework
kaiyun7631
 
Data Architecture Best Practices for Advanced Analytics
Data Architecture Best Practices for Advanced AnalyticsData Architecture Best Practices for Advanced Analytics
Data Architecture Best Practices for Advanced Analytics
DATAVERSITY
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solution
Anywhere Gondodza SAP.GRC.FI.B.COM.ACC.HONS (MSU)
 
You Need a Data Catalog. Do You Know Why?
You Need a Data Catalog. Do You Know Why?You Need a Data Catalog. Do You Know Why?
You Need a Data Catalog. Do You Know Why?
Precisely
 
Data Architecture Strategies
Data Architecture StrategiesData Architecture Strategies
Data Architecture Strategies
DATAVERSITY
 
Adopting a Process-Driven Approach to Master Data Management
Adopting a Process-Driven Approach to Master Data ManagementAdopting a Process-Driven Approach to Master Data Management
Adopting a Process-Driven Approach to Master Data Management
Software AG
 
Informatica MDM Presentation
Informatica MDM PresentationInformatica MDM Presentation
Informatica MDM Presentation
MaxHung
 
Driving Data Intelligence in the Supply Chain Through the Data Catalog at TJX
Driving Data Intelligence in the Supply Chain Through the Data Catalog at TJXDriving Data Intelligence in the Supply Chain Through the Data Catalog at TJX
Driving Data Intelligence in the Supply Chain Through the Data Catalog at TJX
DATAVERSITY
 

Recommended

Ibm data governance framework
Ibm data governance frameworkIbm data governance framework
Ibm data governance framework
kaiyun7631
 
Data Architecture Best Practices for Advanced Analytics
Data Architecture Best Practices for Advanced AnalyticsData Architecture Best Practices for Advanced Analytics
Data Architecture Best Practices for Advanced Analytics
DATAVERSITY
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solution
Anywhere Gondodza SAP.GRC.FI.B.COM.ACC.HONS (MSU)
 
You Need a Data Catalog. Do You Know Why?
You Need a Data Catalog. Do You Know Why?You Need a Data Catalog. Do You Know Why?
You Need a Data Catalog. Do You Know Why?
Precisely
 
Data Architecture Strategies
Data Architecture StrategiesData Architecture Strategies
Data Architecture Strategies
DATAVERSITY
 
Adopting a Process-Driven Approach to Master Data Management
Adopting a Process-Driven Approach to Master Data ManagementAdopting a Process-Driven Approach to Master Data Management
Adopting a Process-Driven Approach to Master Data Management
Software AG
 
Informatica MDM Presentation
Informatica MDM PresentationInformatica MDM Presentation
Informatica MDM Presentation
MaxHung
 
Driving Data Intelligence in the Supply Chain Through the Data Catalog at TJX
Driving Data Intelligence in the Supply Chain Through the Data Catalog at TJXDriving Data Intelligence in the Supply Chain Through the Data Catalog at TJX
Driving Data Intelligence in the Supply Chain Through the Data Catalog at TJX
DATAVERSITY
 
DAS Slides: Data Governance and Data Architecture – Alignment and Synergies
DAS Slides: Data Governance and Data Architecture – Alignment and SynergiesDAS Slides: Data Governance and Data Architecture – Alignment and Synergies
DAS Slides: Data Governance and Data Architecture – Alignment and Synergies
DATAVERSITY
 
Enterprise Data Management Framework Overview
Enterprise Data Management Framework OverviewEnterprise Data Management Framework Overview
Enterprise Data Management Framework Overview
John Bao Vuu
 
Enterprise Data Architecture Deliverables
Enterprise Data Architecture DeliverablesEnterprise Data Architecture Deliverables
Enterprise Data Architecture Deliverables
Lars E Martinsson
 
Data Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesData Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation Slides
SlideTeam
 
Data Catalog for Better Data Discovery and Governance
Data Catalog for Better Data Discovery and GovernanceData Catalog for Better Data Discovery and Governance
Data Catalog for Better Data Discovery and Governance
Denodo
 
Data Architecture for Solutions.pdf
Data Architecture for Solutions.pdfData Architecture for Solutions.pdf
Data Architecture for Solutions.pdf
Alan McSweeney
 
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
DATAVERSITY
 
Lessons in Data Modeling: Data Modeling & MDM
Lessons in Data Modeling: Data Modeling & MDMLessons in Data Modeling: Data Modeling & MDM
Lessons in Data Modeling: Data Modeling & MDM
DATAVERSITY
 
Most Common Data Governance Challenges in the Digital Economy
Most Common Data Governance Challenges in the Digital EconomyMost Common Data Governance Challenges in the Digital Economy
Most Common Data Governance Challenges in the Digital Economy
Robyn Bollhorst
 
Data Architecture Brief Overview
Data Architecture Brief OverviewData Architecture Brief Overview
Data Architecture Brief Overview
Hal Kalechofsky
 
Modernize & Automate Analytics Data Pipelines
Modernize & Automate Analytics Data PipelinesModernize & Automate Analytics Data Pipelines
Modernize & Automate Analytics Data Pipelines
Carole Gunst
 
Data & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdf
Data & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdfData & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdf
Data & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdf
Chris Bingham
 
Data Modeling Fundamentals
Data Modeling FundamentalsData Modeling Fundamentals
Data Modeling Fundamentals
DATAVERSITY
 
Data Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data StrategyData Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data Strategy
Alan McSweeney
 
Data Governance Best Practices, Assessments, and Roadmaps
Data Governance Best Practices, Assessments, and RoadmapsData Governance Best Practices, Assessments, and Roadmaps
Data Governance Best Practices, Assessments, and Roadmaps
DATAVERSITY
 
Data Provenance and PROV Ontology
Data Provenance and PROV OntologyData Provenance and PROV Ontology
Data Provenance and PROV Ontology
EugeneMorozov
 
Get Savvy with Snowflake
Get Savvy with SnowflakeGet Savvy with Snowflake
Get Savvy with Snowflake
Matillion
 
Enterprise Data Governance Framework With Change Management
Enterprise Data Governance Framework With Change ManagementEnterprise Data Governance Framework With Change Management
Enterprise Data Governance Framework With Change Management
SlideTeam
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
Amazon Web Services
 
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
SAP Ariba
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
Smart ERP Solutions, Inc.
 
DevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatopsDevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon
 

More Related Content

What's hot

DAS Slides: Data Governance and Data Architecture – Alignment and Synergies
DAS Slides: Data Governance and Data Architecture – Alignment and SynergiesDAS Slides: Data Governance and Data Architecture – Alignment and Synergies
DAS Slides: Data Governance and Data Architecture – Alignment and Synergies
DATAVERSITY
 
Enterprise Data Management Framework Overview
Enterprise Data Management Framework OverviewEnterprise Data Management Framework Overview
Enterprise Data Management Framework Overview
John Bao Vuu
 
Enterprise Data Architecture Deliverables
Enterprise Data Architecture DeliverablesEnterprise Data Architecture Deliverables
Enterprise Data Architecture Deliverables
Lars E Martinsson
 
Data Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesData Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation Slides
SlideTeam
 
Data Catalog for Better Data Discovery and Governance
Data Catalog for Better Data Discovery and GovernanceData Catalog for Better Data Discovery and Governance
Data Catalog for Better Data Discovery and Governance
Denodo
 
Data Architecture for Solutions.pdf
Data Architecture for Solutions.pdfData Architecture for Solutions.pdf
Data Architecture for Solutions.pdf
Alan McSweeney
 
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
DATAVERSITY
 
Lessons in Data Modeling: Data Modeling & MDM
Lessons in Data Modeling: Data Modeling & MDMLessons in Data Modeling: Data Modeling & MDM
Lessons in Data Modeling: Data Modeling & MDM
DATAVERSITY
 
Most Common Data Governance Challenges in the Digital Economy
Most Common Data Governance Challenges in the Digital EconomyMost Common Data Governance Challenges in the Digital Economy
Most Common Data Governance Challenges in the Digital Economy
Robyn Bollhorst
 
Data Architecture Brief Overview
Data Architecture Brief OverviewData Architecture Brief Overview
Data Architecture Brief Overview
Hal Kalechofsky
 
Modernize & Automate Analytics Data Pipelines
Modernize & Automate Analytics Data PipelinesModernize & Automate Analytics Data Pipelines
Modernize & Automate Analytics Data Pipelines
Carole Gunst
 
Data & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdf
Data & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdfData & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdf
Data & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdf
Chris Bingham
 
Data Modeling Fundamentals
Data Modeling FundamentalsData Modeling Fundamentals
Data Modeling Fundamentals
DATAVERSITY
 
Data Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data StrategyData Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data Strategy
Alan McSweeney
 
Data Governance Best Practices, Assessments, and Roadmaps
Data Governance Best Practices, Assessments, and RoadmapsData Governance Best Practices, Assessments, and Roadmaps
Data Governance Best Practices, Assessments, and Roadmaps
DATAVERSITY
 
Data Provenance and PROV Ontology
Data Provenance and PROV OntologyData Provenance and PROV Ontology
Data Provenance and PROV Ontology
EugeneMorozov
 
Get Savvy with Snowflake
Get Savvy with SnowflakeGet Savvy with Snowflake
Get Savvy with Snowflake
Matillion
 
Enterprise Data Governance Framework With Change Management
Enterprise Data Governance Framework With Change ManagementEnterprise Data Governance Framework With Change Management
Enterprise Data Governance Framework With Change Management
SlideTeam
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
Amazon Web Services
 
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
SAP Ariba
 

What's hot (20)

DAS Slides: Data Governance and Data Architecture – Alignment and Synergies
DAS Slides: Data Governance and Data Architecture – Alignment and SynergiesDAS Slides: Data Governance and Data Architecture – Alignment and Synergies
DAS Slides: Data Governance and Data Architecture – Alignment and Synergies
 
Enterprise Data Management Framework Overview
Enterprise Data Management Framework OverviewEnterprise Data Management Framework Overview
Enterprise Data Management Framework Overview
 
Enterprise Data Architecture Deliverables
Enterprise Data Architecture DeliverablesEnterprise Data Architecture Deliverables
Enterprise Data Architecture Deliverables
 
Data Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesData Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation Slides
 
Data Catalog for Better Data Discovery and Governance
Data Catalog for Better Data Discovery and GovernanceData Catalog for Better Data Discovery and Governance
Data Catalog for Better Data Discovery and Governance
 
Data Architecture for Solutions.pdf
Data Architecture for Solutions.pdfData Architecture for Solutions.pdf
Data Architecture for Solutions.pdf
 
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
 
Lessons in Data Modeling: Data Modeling & MDM
Lessons in Data Modeling: Data Modeling & MDMLessons in Data Modeling: Data Modeling & MDM
Lessons in Data Modeling: Data Modeling & MDM
 
Most Common Data Governance Challenges in the Digital Economy
Most Common Data Governance Challenges in the Digital EconomyMost Common Data Governance Challenges in the Digital Economy
Most Common Data Governance Challenges in the Digital Economy
 
Data Architecture Brief Overview
Data Architecture Brief OverviewData Architecture Brief Overview
Data Architecture Brief Overview
 
Modernize & Automate Analytics Data Pipelines
Modernize & Automate Analytics Data PipelinesModernize & Automate Analytics Data Pipelines
Modernize & Automate Analytics Data Pipelines
 
Data & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdf
Data & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdfData & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdf
Data & Analytics ReInvent Recap [AWS Basel Meetup - Jan 2023].pdf
 
Data Modeling Fundamentals
Data Modeling FundamentalsData Modeling Fundamentals
Data Modeling Fundamentals
 
Data Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data StrategyData Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data Strategy
 
Data Governance Best Practices, Assessments, and Roadmaps
Data Governance Best Practices, Assessments, and RoadmapsData Governance Best Practices, Assessments, and Roadmaps
Data Governance Best Practices, Assessments, and Roadmaps
 
Data Provenance and PROV Ontology
Data Provenance and PROV OntologyData Provenance and PROV Ontology
Data Provenance and PROV Ontology
 
Get Savvy with Snowflake
Get Savvy with SnowflakeGet Savvy with Snowflake
Get Savvy with Snowflake
 
Enterprise Data Governance Framework With Change Management
Enterprise Data Governance Framework With Change ManagementEnterprise Data Governance Framework With Change Management
Enterprise Data Governance Framework With Change Management
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
 
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
 

Viewers also liked

Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
Smart ERP Solutions, Inc.
 
DevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatopsDevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon
 
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragileDevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon
 
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon
 
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
TransWare AG
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
Smart ERP Solutions, Inc.
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
DevSecCon
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
Dan Aldridge, ERP Software Evangelist, LION
 
Linux – routing and firewall for beginners v 1.0
Linux – routing and firewall for beginners v 1.0Linux – routing and firewall for beginners v 1.0
Linux – routing and firewall for beginners v 1.0
Sriram Narayanan
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
Smart ERP Solutions, Inc.
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
CA CISA Jayjit Biswas
 
Renato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildRenato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wild
DevSecCon
 

Viewers also liked (20)

Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
 
DevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatopsDevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatops
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
 
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
 
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragileDevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
 
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
 
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
 
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
Linux – routing and firewall for beginners v 1.0
Linux – routing and firewall for beginners v 1.0Linux – routing and firewall for beginners v 1.0
Linux – routing and firewall for beginners v 1.0
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Renato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildRenato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wild
 

Similar to Segregation of Duties and Continuous Delivery

How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
IBM Security
 
Big Data LDN 2018: USING FAST-DATA TO MAKE SEMICONDUCTORS
Big Data LDN 2018: USING FAST-DATA TO MAKE SEMICONDUCTORSBig Data LDN 2018: USING FAST-DATA TO MAKE SEMICONDUCTORS
Big Data LDN 2018: USING FAST-DATA TO MAKE SEMICONDUCTORS
Matt Stubbs
 
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsFederal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
SolarWinds
 
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017
Andrew Miller
 
Foundations for Successful Data Projects – Strata London 2019
Foundations for Successful Data Projects – Strata London 2019Foundations for Successful Data Projects – Strata London 2019
Foundations for Successful Data Projects – Strata London 2019
Jonathan Seidman
 
Who Owns the “S” in S&OP?
Who Owns the “S” in S&OP?Who Owns the “S” in S&OP?
Who Owns the “S” in S&OP?
Steelwedge
 
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWindsFederal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
SolarWinds
 
How to Better Manage Technical Debt While Innovating on DevOps
How to Better Manage Technical Debt While Innovating on DevOpsHow to Better Manage Technical Debt While Innovating on DevOps
How to Better Manage Technical Debt While Innovating on DevOps
Dynatrace
 
Duke Pci T Raining Slides
Duke Pci T Raining SlidesDuke Pci T Raining Slides
Duke Pci T Raining Slides
Laney Dale
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
Ignyte Assurance Platform
 
Customer Story: Scaling Security With Detections-as-Code
Customer Story: Scaling Security With Detections-as-CodeCustomer Story: Scaling Security With Detections-as-Code
Customer Story: Scaling Security With Detections-as-Code
Panther Labs
 
IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...
IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...
IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...
IDERA Software
 
Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control
DBmaestro - Database DevOps
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
Imperva
 
Datacenter 2014: Raritan - Richard May
Datacenter 2014: Raritan - Richard MayDatacenter 2014: Raritan - Richard May
Datacenter 2014: Raritan - Richard May
Mediehuset Ingeniøren Live
 
Getting Data Quality Right
Getting Data Quality RightGetting Data Quality Right
Getting Data Quality Right
DATAVERSITY
 
Who, What, Where and How: Why You Want to Know
Who, What, Where and How: Why You Want to Know Who, What, Where and How: Why You Want to Know
Who, What, Where and How: Why You Want to Know
Eric Kavanagh
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Damon Small
 
Using digital performance analytic to optimize digital user experience id av5
Using digital performance analytic to optimize digital user experience id av5Using digital performance analytic to optimize digital user experience id av5
Using digital performance analytic to optimize digital user experience id av5
Jerry Tan
 
The lean principles of data ops
The lean principles of data opsThe lean principles of data ops
The lean principles of data ops
Lars Albertsson
 

Similar to Segregation of Duties and Continuous Delivery (20)

How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Big Data LDN 2018: USING FAST-DATA TO MAKE SEMICONDUCTORS
Big Data LDN 2018: USING FAST-DATA TO MAKE SEMICONDUCTORSBig Data LDN 2018: USING FAST-DATA TO MAKE SEMICONDUCTORS
Big Data LDN 2018: USING FAST-DATA TO MAKE SEMICONDUCTORS
 
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsFederal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
 
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017
 
Foundations for Successful Data Projects – Strata London 2019
Foundations for Successful Data Projects – Strata London 2019Foundations for Successful Data Projects – Strata London 2019
Foundations for Successful Data Projects – Strata London 2019
 
Who Owns the “S” in S&OP?
Who Owns the “S” in S&OP?Who Owns the “S” in S&OP?
Who Owns the “S” in S&OP?
 
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWindsFederal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
 
How to Better Manage Technical Debt While Innovating on DevOps
How to Better Manage Technical Debt While Innovating on DevOpsHow to Better Manage Technical Debt While Innovating on DevOps
How to Better Manage Technical Debt While Innovating on DevOps
 
Duke Pci T Raining Slides
Duke Pci T Raining SlidesDuke Pci T Raining Slides
Duke Pci T Raining Slides
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
 
Customer Story: Scaling Security With Detections-as-Code
Customer Story: Scaling Security With Detections-as-CodeCustomer Story: Scaling Security With Detections-as-Code
Customer Story: Scaling Security With Detections-as-Code
 
IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...
IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...
IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...
 
Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Datacenter 2014: Raritan - Richard May
Datacenter 2014: Raritan - Richard MayDatacenter 2014: Raritan - Richard May
Datacenter 2014: Raritan - Richard May
 
Getting Data Quality Right
Getting Data Quality RightGetting Data Quality Right
Getting Data Quality Right
 
Who, What, Where and How: Why You Want to Know
Who, What, Where and How: Why You Want to Know Who, What, Where and How: Why You Want to Know
Who, What, Where and How: Why You Want to Know
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
 
Using digital performance analytic to optimize digital user experience id av5
Using digital performance analytic to optimize digital user experience id av5Using digital performance analytic to optimize digital user experience id av5
Using digital performance analytic to optimize digital user experience id av5
 
The lean principles of data ops
The lean principles of data opsThe lean principles of data ops
The lean principles of data ops
 

Recently uploaded

Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
Srikant77
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Jay Das
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
Tier1 app
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
IES VE
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 

Recently uploaded (20)

Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 

Segregation of Duties and Continuous Delivery

  • 1. SEGREGATIONOFDUTIES AND CONTINUOUSDELIVERY How to enable Continuous Delivery while continuing to protect the business and customers. Sriram “Ram” Narayanan D e v S e c C o n S G 2 0 1 7 www.sriramnarayanan.com @sriramNRN
  • 2. @sriramNRNwww.sriramnarayanan.com A friendly implementation of Segregation of Duties enables Continuous Delivery, Security and Compliance to co-exist 2
  • 3. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY What we’ll cover today ■ About Continuous Delivery ■ The need for Segregation of Duties ■ How typical enforcement of Segregation of Duties is a blocker to CD ■ How to improve SoD enforcement and accelerate CD 3
  • 4. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Important Points ■ People behave as they are measured (e.g. KPIs) ■ Most issues are 10% technical and 90% cultural/behavioral ■ CD-Friendly SoD and true Continuous Delivery are more process and people problems, and very less tool problems. ■ You should move toward automation-friendly tools, though. 4
  • 6. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY What Continuous Delivery is NOT: 6 Topic Clarification “CI/CD” You need more than just a “daemonic CI” and a “pipeline plugin” Continuous Deployment Deployment using Tools Blanket permission to Environment owners need to review, approve and trigger deployments at their convenience. Permission to push “Containers” to Prod What goes in those containers needs to be validated!
  • 7. @sriramNRNwww.sriramnarayanan.com Continuous Delivery Keep software in a reliable and deployable state so that you can deploy on demand. 7
  • 8. @sriramNRNwww.sriramnarayanan.com Continuous delivery is a software engineering approach in which teams produce software in short cycles, ensuring that the software can be reliably released at any time. It aims at building, testing, and releasing software faster and more frequently. - Wikipedia 8
  • 9. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY With fast I.T. turn-around times, business can: ■ Stay competitive ■ Respond to change faster ■ Fix defects earlier ■ Try new ideas boldly and revert confidently. 9
  • 10. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY What we’d love to have! 10 Commit Code Build and Package Test Locally Deploy to Production! Production Support ■ Deploy when ever we want ■ Debug processes on Production servers ■ Query Production Databases ■ Inspect traffic, review log files ■ Apply hot fixes within minutes
  • 11. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY 11 Production Support ■ Deploy when ever we want - “Raise a ticket to deploy” ■ Debug processes on Production servers - “No way !!” ■ Query Production Databases - A ticket for individual query results ■ Inspect traffic, review log files - A ticket for log extracts ■ Apply hot fixes within minutes - Ticket please! Reality Check ! Commit Code Build and Package Test Locally Deploy to Production! Tickets per phase!
  • 12. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY What puzzles (frustrates!) Dev Teams and Business ■ Why are Ops, Audit and Security Teams throwing roadblocks at us? ■ Are they raising roadblocks just to assert their importance? ■ Why are Ops given access that they cannot make use of to solve issues? ■ Why do we have such ridiculous policies!? ■ Why does everyone make us raise so many tickets? ■ Why are we trusted to write the software but not to troubleshoot it!!!?? ■ Are Ops, Security and Compliance on our side, or our competitors side? 12
  • 13. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY What Ops, Security, Compliance have to say: 13 “We are merely following industry norms to protect business and customers. We are not the enemy! Please don’t blame us for doing our job!!”
  • 14. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY So, who is right? 14 Development teams – who develop software that meets business goals? Or Ops and Security – who ensure uptimes and protect customers?
  • 15. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES Why Ops, Security and Compliance do what they do 15
  • 16. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Expectations from an organization ■ Make money (if a business) ■ Conform to the laws (e.g. those that protect the customers’ interests) ■ Run in a stable manner 16
  • 17. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY How orgs are managed - GRC Source: Wikipedia 17 Topic Explanation Governance The executives are responsible for the org’s operations Risk Management Identify, analyze and respond to risks Compliance Conform to stated requirements (Regulations, Org policies, Business guarantees to customers) Applicable to IT, Finance, Legal
  • 18. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Some examples of fraud and error ■ Untimely and/or non-uniform deployment ■ Deploying with the wrong permissions ■ Handling production environments with zero exposure and skills ■ Accessing confidential data in violation of privacy policies ■ Changing production configurations ad-hoc with poor review, and poor documentation of changes ■ Bypassing domain logic and enforcement in the application, and changing production data directly ■ Logging confidential data and accessing these via logs 18
  • 19. @sriramNRNwww.sriramnarayanan.com Separation of duties (SoD) (also known as "Segregation of duties") is the concept of having more than one person required to complete a task. … an internal control intended to prevent fraud and error - Wikipedia 19
  • 20. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Segregation of Duties ■ A well-understood concept in Finance, Law, Governance, Military, etc. ■ No single person should have end to end access to complete an entire workflow ■ At least one other person should be able to ● Regulate the activity, if need be. ● Review the activity 20
  • 21. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Segregation of Duties in IT 21 No single person or team should have end to end access from code to production
  • 22. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Typical SoD procedures for Deployments 22 Intent Action Typical Implementation Impact Devs should not author and deploy code Deployment by Ops Dependent upon Ops availability Business cannot deploy on- demand Demonstrate deployment in an auditable manner Deployment using Tools Special tools, typically not available in Dev Dev and Prod deployments are different Control over when prod is changed Deployment at specific times Strict calendar schedules Cannot deploy frequently. Exceptions can be expensive.
  • 23. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Typical SoD procedures for Troubleshooting 23 Intent Action Typical Implementation Impact Devs should not access confidential data in logs Regulate access to log systems Access to prod logs governed by SLAs. Extracts only. Lack of direct access to logs prevents fast troubleshooting Prevent adhoc/harmful changes, and data sniffing Regulate access to prod servers Special tools, typically not available in Dev Dev and Prod deployments are different
  • 24. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Typical SoD procedures for Databases 24 Intent Action Typical Implementation Impact Ensure database schema and data integrity by skilled DBAs Regulate changes to databases Changes reviewed and denied before prod deployment. Documentation. Waste of precious time. Wasteful documentation. Prevent adhoc/harmful changes, and data sniffing Regulate access to prod data A query per ticket, reviewed, approved, applied Waste of precious time. Penalties for delays
  • 25. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY Typical SoD procedures for Configuration 25 Intent Action Typical Implementation Impact Ensure that all (app,OS) changes to prod are valid and documented Regulate changes to production Changes reviewed and denied before prod deployment. Documentation Waste of precious time. Wasteful documentation. Prevent attacks based on known weaknesses Apply patches regularly at scheduled intervals Configuration (settings, patches) not shared with devs Software not tested with Prod configuration
  • 26. @sriramNRNwww.sriramnarayanan.com Defensive SoD and insecurely architected software can prevent Continuous Delivery 26
  • 27. @sriramNRNwww.sriramnarayanan.com CD-FRIENDLY SOD Ensure Segregation of Duties while also enabling fast response times 27
  • 28. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-friendly SoD – General principles ■ Involve Ops and Security right from Design phase ■ Policies in executable form via CD-Friendly config mgmt tools. ■ Separate confidential data and logs from regular data and logs ■ Single Deployment bundle – app, config, policy, DB schema. ■ Bundle Once, Deploy anywhere ■ Restrict access to confidential data/logs, permit easy access to regular data/logs. ■ Enforce via config than via tickets (e.g. resource throttling vs tickets). ■ Use multi-factor (vs tickets) where possible to regulate actions. 28
  • 29. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly deployment and configuration 29 Commit Code Build and Package Test Locally Deploy to Production! Dev, DBA, Ops, Security Tested Deployment Bundle with approved prod-ready configs 2FA Deployment enables any-time deployment by Env owner Policies, Code, Approved changes App, OS patches, configs, DB changes Deployment Bundle When gatekeeping checks are codified and tested Automated, Exploratory and Pen Tests
  • 30. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly SoD! 30 Commit Code Build and Package Test Locally Deploy to Production! Production Support ■ Deploy when ever we want – Environment owners decide, use 2FA ■ Debug processes on Production servers – Yes, configs elsewhere. ■ Query Production Databases – Easier access to regular data. ■ Inspect traffic, review log files – Easier access to regular data. ■ Apply hot fixes within minutes – Test in 1-click dev envs first Dev, DBA, Ops, Security App, OS patches, configs, DB changes Pre-Approved Deployment Bundle Pre-Approved Deployment Bundle 2FA Deployment by Env Owner
  • 31. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly SoD procedures for Deployments 31 Intent Action Recommended Implementation Impact Devs should not author and deploy code Deployment by Environment Owners Review and deploy changes in small batches Small batches makes changes easier to review. Demonstrate deployment in an auditable manner Configuration management tools Build once, deploy anywhere Dev-Prod are the auditably the same Control over when prod is changed Deployment by Environment Owners Frequent Deploys in small batches. Multi- factor controls Deploy only when the Env owner wants to.
  • 32. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly SoD procedures for Troubleshooting 32 Intent Action Recommended Implementation Impact Devs should not access confidential data in logs and config files Separate confidential and regular logs. Externalised configuration Log UUIDs. Prod Support teams access regular logs, and can SSH to prod. Confidential data remains restricted. Prod support is fast. Prevent adhoc/harmful changes, and data sniffing Standard environments. 1-click environment creation and 1- click deployment Prod errors can be caught earlier in Dev. Reduces prod errors.
  • 33. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly SoD procedures for Databases 33 Intent Action Recommended Implementation Impact Ensure database schema and data integrity by skilled DBAs Regulate changes to databases using CD- friendly DB config tools DBAs review and recommend changes at Dev using CD- friendly tools. Identical schema from Dev through prod as approved by the DBA. Prevent adhoc/harmful changes, and data sniffing Delink confidential and regular data. Restrict access to confidential data. Provide access to regular data. Most troubleshooting needs just regular data, and is fast.
  • 34. @sriramNRNwww.sriramnarayanan.com SEGREGATION OF DUTIES AND CONTINUOUS DELIVERY CD-Friendly SoD procedures for Configuration 34 Intent Action Recommended Implementation Impact Ensure that all (app,OS) changes to prod are valid and documented Ops and Security config settings in CD-Friendly config management tool Test pre- approved configs from dev through prod. Pre-approved and tested configs enable frequent deploys. Prevent attacks based on known weaknesses Test OS patches in Dev Apply and test OS patches via automation in 1- click dev env. Rapidly test OS patches and Software in non- Prod first.