Wednesday, May 24, 2017

Compliance automation: Bridging the gap between development & information security



----
Compliance automation: Bridging the gap between development & information security
// Chef Blog

Speed is nothing without control

DevOps makes software deployment faster. But without proper controls, that may mean that developers are also releasing security vulnerabilities more quickly. The fast pace of innovation will not be slowing down and the pressure to deliver rapidly keeps increasing. At the same time, cybersecurity threats keep getting more innovative while doing more damage in a shorter amount of time. Organizations have to learn how to ship software quickly but without compromising their exposure to risk.

The problem is most organizations see this as a tradeoff. Either they can focus on speed and lose safety, or vice versa. The solution is to stop treating information security as a bolt-on afterthought. Organizations can scale both speed and safety by extending Agile, Lean, and DevOps (ALDO) principles to their information security teams. InfoSec teams need to adopt automation tools that build security into the development cycle.

DevOps is the new operating model

When applied, ALDO principles build high-velocity organizations with streamlined processes and flexibility to respond quickly to any situation. Continuous delivery puts those principles into practice in service of shipping software faster, safer, and more reliably.

Should your organization practice continuous delivery and follow ALDO principles? Most organizations already understand the value of moving fast so the response to that question is obvious. But when you ask those same organizations if they can deliver software continuously and still remain compliant with information security standards, their response is anything but obvious. That's because most information security teams don't have the tools to move at high velocity.

In our latest Compliance Automation white paper, we deliver a view of the current state of Information Security. We also examine the differences between development postures and security postures that create the perceived trade-offs between speed and safety, use industry data to examine how high-performing IT organizations bridge these gaps to scale both, and we explore an example workflow that illustrates how a cohesive solution to this problem comes together.

GET THE WHITE PAPER

The post Compliance automation: Bridging the gap between development & information security appeared first on Chef Blog.


----

Read in my feedly


Sent from my iPhone