Session
Compliance Automation or: How I learned to stop worrying and love IT controls again
See a (phone quality) recording to get an idea of this talk: https://www.youtube.com/watch?v=DbHBbICUGHA&t=7s
Compliancy is a major concern for nearly every company. Especially on the topics of ‘when is good good enough?’ and generating + delivering evidence, development teams might get stuck for weeks on end to prove security & compliancy standards are being met. If they are being met in the first place.
But the other side of the coin (roles like compliance/security officers) run into similar problems. The coordination and performing of controls, activities often done by hand and in appearing as huge, dreaded checklists in Excel, cost huge amounts of time on both sides. We'd rather spend that on further improving our system.
So let's get that toil out of the system using a case study, demonstrating how commonly used tools, techniques and patterns can also be applied to automating COBIT style key controls.
- BDD style testing (‘Given, When, Then’) using Python & behave, to write acceptance tests on whether we are actually compliant
- Setting up a Compliance/Evidence API that can be used to store and tag evidence, with the goal of making the storage behind it a ‘Self Service Evidence Store’
- Building a reactive architecture with tools like Azure Event Grid to respond to actions within your landscape; e.g. provisioning development resources to be compliant-by-design & automatically generating additions to existing resources like self-service access profiles or pipeline building blocks (compliancy does not have to exclude development enablement, after all!)
Kevin Boots
Chief Technology Officer @ DevOn
Nijkerk, The Netherlands
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top