Session Name: Incremental Controls – Getting into Flow
The industry has spent a lot of time and effort to address the challenges of todays world, improve velocity, time to market, agility in general. New vocabulary has been phrased and team structures reshaped. With all the good sides some shadows have emerged, quality issues are often on the rise, malicious actors found a lucrative market. Regulators were late to the party, and with most regulatory frameworks built around operations are struggling to address the new challenges, change control is expensive and often becoming a bottleneck, exception management a burden. A new approach to Control is needed. This presentation outlines a control framework that aligns and integrates regulatory controls into the structure of a DevSecOps incremental flow removing change control bottleneck while increasing the actual control oversight. Development can move from dominant release based development cycles to continuous delivery. Compliance is ensured along the path resulting in higher quality without additional cost. The Framework outlines how common control frameworks such a NIST can be mapped against nine control lanes aligned to standard DevSecOps practices. Deficiencies are caught early, quality and security is embedded into the entire process and regulatory requirements become a natural artifact not an on top deliverable.
Thomas Locher is a Senior DevOps Consultant, spending his professional career in a major global bank. He thrives in helping Development Teams in producing high-class code. His mission is to enable free developers to concentrate on the issue, not the piping. As such, he has worked extensively on integrating regulatory requirements into the flow of DevSecOps, bringing together two very different worlds: the creative and fast-moving world of DevOps with the needs of regulators - detailed, highly accurate, and timely documentation. In his free time, you can either find him on the lake fishing or renovating his 300-year-old house!