SlideShare a Scribd company logo

Chef: Compliance @ Velocity

Chef
Chef

Chef Chief Architect and VP Justin Arbuckle's presentation "Compliance @ Velocity" from Chef's DevOps Leadership Summit at ChefConf in April 2015.

Related slideshows

Why Use Westech Solutions
Why Use Westech SolutionsWhy Use Westech Solutions
Why Use Westech Solutions
 
Why Use Wes Tech Solutions
Why Use Wes Tech SolutionsWhy Use Wes Tech Solutions
Why Use Wes Tech Solutions
 
Certificado ISO15504
Certificado ISO15504Certificado ISO15504
Certificado ISO15504
 
1 of 11
Download to read offline
Compliance @ Velocity Justin Arbuckle VP EMEA, Chief Enterprise Architect - CHEF
The promise of the coded business
journey time quality std. SCALE VELOCIT Y CO N SISTENCY Transformation to high-velocity through standards std.
Regulatory compliance frameworks OFAC USA PATRIOT Act Gramm-Leach-Bliley Act Red Flags Rule Bank Secrecy Act Sarbanes-Oxley Regulation E Dodd-Frank False Claims Act HIPAA European Central Bank regulations Prudential Regulation Authority Financial Conduct Authority HITECH PCI DSS All of these entail action by IT Security, Internal Audit, IT Audit and Compliance officers.
The compliance cycle
4 Rule Types Now Later How What Sequence •  Authentication before action •  Authentication in AD and ITSM •  Security review before production deployment State •  Customer data and Form data not logically co-resident •  NTP installed •  SE Linux installed AND Centrify Agent •  Digital Guardian and NOT sudo Supervision •  Audit trail of changes and approval Scope •  Third party access via named accounts. •  Splunk access to global logs only.
Reconciling compliance and velocity
changing stereotypes of compliance / audit / security Chicken Pig Interpret Express Periodic Continuous
A single accelerated cycle
Practical Stuff 1.  Identify an initiative that is on your compliance dashboard 2.  Scope a narrow pilot to implement policy-as-code 3.  Embed appropriate compliance staff in the project 4.  Jointly define what you wish to standardize with policy 5.  Improve standardization over multiple iterations 6.  Re-allocate the team to spawn other policy-as-code projects in other areas
@dromologue #CATV #Compliance@Velocity

More Related Content

Chef: Compliance @ Velocity

  • 1. Compliance @ Velocity Justin Arbuckle VP EMEA, Chief Enterprise Architect - CHEF
  • 2. The promise of the coded business
  • 4. Regulatory compliance frameworks OFAC USA PATRIOT Act Gramm-Leach-Bliley Act Red Flags Rule Bank Secrecy Act Sarbanes-Oxley Regulation E Dodd-Frank False Claims Act HIPAA European Central Bank regulations Prudential Regulation Authority Financial Conduct Authority HITECH PCI DSS All of these entail action by IT Security, Internal Audit, IT Audit and Compliance officers.
  • 6. 4 Rule Types Now Later How What Sequence •  Authentication before action •  Authentication in AD and ITSM •  Security review before production deployment State •  Customer data and Form data not logically co-resident •  NTP installed •  SE Linux installed AND Centrify Agent •  Digital Guardian and NOT sudo Supervision •  Audit trail of changes and approval Scope •  Third party access via named accounts. •  Splunk access to global logs only.
  • 8. changing stereotypes of compliance / audit / security Chicken Pig Interpret Express Periodic Continuous
  • 10. Practical Stuff 1.  Identify an initiative that is on your compliance dashboard 2.  Scope a narrow pilot to implement policy-as-code 3.  Embed appropriate compliance staff in the project 4.  Jointly define what you wish to standardize with policy 5.  Improve standardization over multiple iterations 6.  Re-allocate the team to spawn other policy-as-code projects in other areas