Compliance as Code Everywhere
Compliance requires a holistic view of the enterprise and all of its components. The configuration of machines, the organization of the data layer, and the access and use of public and private clouds all have auditing and compliance demands. Compliance is the target state, focusing on the components of achieving it directs the automation roadmap.
Audits and security reviews have been seen as resistant or even blocking the frequent release of software. Auditors require access to static systems and environments, which would seem to make continuous delivery impossible. Too frequently audits are a fire drill sampling of the current state and temporary fixes are put in place to appease the compliance audit without being integrated into future releases. Compliance as code allows us to "shift left" auditing, compliance, and security concerns; incorporating them into application and infrastructure continuous integration/delivery pipelines. This session will provide real-world examples of translating industry- security and compliance requirements into software and making them a proactive part of the software-delivery process.