As 2016 has arrived, we reflect upon one of the most debated issues around DevOps in 2015 – Information Security (InfoSec) and compliance. Needless to say, both are critical to an enterprise (especially given past examples of data breaches and looming cyber-security threats). As a result, the combination of InfoSec and DevOps practices can be viewed as counter-intuitive, since the ability to “go faster” can be seen as a potential risk to security mechanisms in place, and thus harder to ensure compliance and enable audibility.
However, we repeatedly heard a different story in 2015 – InfoSec teams are embracing DevOps as the practice that enables – and enforces – security and compliance requirements. But how?
To answer this question, I had the pleasure of working with TechBeacon on a new story for the ‘New Year’ that outlines the different ways of how DevOps is increasingly underpinning the security blanket for enterprise IT organizations. In fact, DevOps provides a huge opportunity for better security across an entire company. Many of the practices that come with DevOps, such as automation, emphasis on testing, faster feedback loops, improved visibility, collaboration, consistent release practices, and more, are fertile ground for integrating security and audit capabilities as a built-in component of your DevOps processes.
For the 9 ways that I think DevOps and automation bolster security and compliance, read the article on TechBeacon »
If you want to hear what other experts are saying on the subject, be sure to check out Episode 29 of our Continuous Discussions (#c9d9) video podcast where we talk with James DeLuccia and Jonathan McAllister about “Security & Compliance as part of your DevOps Processes.”