I’ve been on a kick recently about how DevOps, security, audit, and compliance all fit together. Spoiler alert: they all do fit together. In fact, we’re better off individually and collectively when we bring security, audit, and compliance into the DevOps tent and treat them like we would any other function that has valuable expertise to contribute to help our organizations win. We’d all benefit from what we can learn from each other.
I delivered a talk on September 13, 2017 to the local section of the Automated Software Quality organization on how to bring audit, security, and compliance into the DevOps movement. I provided a lot of resources at the end of the talk. Here they are with a description of each.
I’ve heard a lot of questions about DevOps, audit, compliance, and how they all fit together. I’ve fielded more questions from more people recently. In my mind, that means more people are applying DevOps patterns and practices to their work and the work they’re doing is real (as opposed to sandbox, pilot, or “let’s try this stuff out” projects). Why else would they be interested in audit and compliance?
Here are some resources that might be helpful if you’re “doing the DevOps” and interested in making audit and compliance efforts go more smoothly.
Many organizations want to adopt DevOps practices to get the benefits associated with it: faster time to market, increased stability and quality, and more time to build stuff that’s valuable to the bottom line. But they often get tripped up by audits and compliance checks to make sure the organization is adequately addressing risk. DevOps practices don’t align well with traditional audit practices. So these organizations are often left asking themselves, “How do I position my organization for an audit when I’m using DevOps practices?” Until recently, there hasn’t been a really good answer.
But that’s changing.