Companies looking to balance DevOps with compliance are ever-mindful of filing requirements by the Securities and Exchange Commission. Today’s columnist, John Worrall of ZeroNorth, offers ways for companies to better integrate DevOps and compliance teams. (Credit: Creative Commons: BY-NC-SA 2.0)

It’s challenging to talk about DevOps and compliance together. Most people think of DevOps as a philosophical approach to software development that empowers developers, speeds time-to-market and reduces cost—without sacrificing quality. DevOps supports new approaches, while encouraging individual experimentation and decision-making.

While DevOps offers flexibility and makes software teams more productive, it can create problems with compliance. In DevOps culture, developers apply security based on the requirements of each team and the inherent business value of the associated application. Compliance, on the other hand, operates differently than the expectations and norms of DevOps cultures. It’s prescriptive and consistent. Compliance teams are there to ensure the rules are implemented and monitored consistently. Speed helps, but it’s not a top priority. Individual empowerment and decision-making doesn’t drive consistency. DevOps and compliance are focused on different priorities.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.