It’s challenging to talk about DevOps and compliance together. Most people think of DevOps as a philosophical approach to software development that empowers developers, speeds time-to-market and reduces cost—without sacrificing quality. DevOps supports new approaches, while encouraging individual experimentation and decision-making.
While DevOps offers flexibility and makes software teams more productive, it can create problems with compliance. In DevOps culture, developers apply security based on the requirements of each team and the inherent business value of the associated application. Compliance, on the other hand, operates differently than the expectations and norms of DevOps cultures. It’s prescriptive and consistent. Compliance teams are there to ensure the rules are implemented and monitored consistently. Speed helps, but it’s not a top priority. Individual empowerment and decision-making doesn’t drive consistency. DevOps and compliance are focused on different priorities.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.