Oil & Water, Peanut Butter & Jelly, DevOps & Regulatory Compliance
DevOps and regulatory compliance are two critically important ingredients in today’s connected organization. The first—DevOps—enables you to move quickly and respond to change in an era where change is increasing at an exponential rate with no sign of slowing down. The second—regulatory compliance—ensures that your organization takes the appropriate steps to follow relevant laws surrounding your software development lifecycle and appears to require adding burdensome processes and controls. At first glance, these two ideas seem to be incompatible, but they actually go together like peanut butter and jelly. While maintaining, analyzing, confirming, and reporting on the status of required information security, compliance, and privacy controls can be difficult, integrating these tasks within your DevOps/continuous delivery pipeline is easier than you think. Using examples from real-world projects in companies just like yours, Brandon Carlson explains how to integrate compliance and reporting into your projects using tools you already know such as pair programming, Jenkins, Chef, Metasploit, and others. When it comes to compliance, it’s not about oil and water; it’s “peanut butter jelly time”.