Compliance is Dead, Long Live Compliance - Mrinal Mukherjee

Compliance is Dead, Long Live Compliance - Mrinal Mukherjee

Description:

Security and Infrastructure compliance is a critical aspect of all modern business platforms. With the DevOps movement pushing teams towards faster software delivery cycles, developers are also releasing security vulnerabilities and non-compliant applications more quickly. Organizations must learn how to decrease risk by shipping software quickly, but with higher efficiency and lower risk. What if we automated our compliance audits so they could be ‘shifted left’ as part of the application and infrastructure development lifecycle?

This talk focuses on how to address these aspects and incorporate infrastructure compliance testing into a software delivery lifecycle. I will demonstrate using the open-source ‘Inspec’ framework (https://inspec.io) which provides an extensible pattern for building compliance into continuous delivery pipelines.

Takeaways

I believe the audience would leave the room with the following learnings -

  • The importance of security and infrastructure compliance testing
  • The concept of shift-left infrastructure compliance testing
  • A technical demo of compliance-as-code using the open source ‘Inspec’ framework
  • How can this be incorporated as part of a Continuous Delivery lifecycle.