Skip to content

An Unlikely Union: DevOps and Audit

By James DeLucia, Paul Duvall, Mustafa Kapadia, Gene Kim, Dave Mangot, James Wickett, Julie Yoo

Information Security and Compliance Practices

Many organizations often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in organizations which are under SOX or PCI regulations.
In this 2015 Forum paper, seven experts provide high-level guidance on three major concerns about DevOps Practices: DevOps and Change Control, DevOps and Security, DevOps and Separation of Duties.
  • Publication Date Jun 01, 2015
  • Pages 27
  • Format Free PDF Download

Features

  • Expert Guidance

    Seven experts in information security and software delivery provide high-level guidance on the three major concerns of DevOps practices.

  • Mythbuster

    This paper busts the misconception that DevOps doesn’t work in highly regulated industries.

  • Audit/Compliance

    Breaks down how DevOps and Audit/Compliance are not at odds with each other, but can actually work together.

  • Shift Left on Security

    This paper shows how implementing a secured delivery pipeline will allow organizations to ensure better security control, less risk, and better compliance.

About the Resource

Many organizations often get stymied when dealing with information security, compliance, and audit requirements. There seems to be a misconception that DevOps practices won’t work in organizations which are under SOX or PCI regulations.
In this 2015 Forum paper, seven experts provide high-level guidance on three major concerns about DevOps Practices: DevOps and Change Control, DevOps and Security, DevOps and Separation of Duties.

James DeLucia
Paul Duvall
Mustafa Kapadia
Gene Kim
Dave Mangot
James Wickett
Julie Yoo
1 7
James DeLucia

James DeLucia

To Author Archive
Paul Duvall

Paul Duvall

To Author Archive
Mustafa Kapadia

Mustafa Kapadia

Global Head Transformation @ Google | Products & Innovation | echo-point.com

To Author Archive
Gene Kim

Gene Kim

Gene Kim has been studying high-performing technology organizations since 1999. He was the founder and CTO of Tripwire, Inc., an enterprise security software company, where he served for 13 years. His books have sold over 1 million copies—he is the WSJ bestselling author of Wiring the Winning Organization, The Unicorn Project, and co-author of The Phoenix Project, The DevOps Handbook, and the Shingo Publication Award-winning Accelerate. Since 2014, he has been the organizer of DevOps Enterprise Summit (now Enterprise Technology Leadership Summit), studying the technology transformations of large, complex organizations.

To Author Archive
Dave Mangot

Dave Mangot

Dave Mangot (DevOps Patterns for Private Equity) helps private equity portcos get good at delivering software. He is a leading consultant, author, and speaker as the principal at Mangoteque. A DevOps veteran, Dave has successfully led digital, SRE, and DevOps transformations at companies such as Salesforce, SolarWinds, and Cable & Wireless. He has a proven track record of working with companies to quickly mature their existing culture to improve the speed, frequency, and resilience of their software service delivery.

To Author Archive
James Wickett

James Wickett

Head of Research at Verica & Author on DevOps and DevSecOps at LinkedIn Learning

To Author Archive
Julie Yoo

Julie Yoo

To Author Archive

Similar Resources