A DevOps Mario Developer Game Challenge with GRC
0 likes84 views
The document discusses the challenges organizations face in implementing governance and compliance within DevOps practices due to increasing regulations and pressure from stakeholders. It emphasizes the need for integrating compliance checks into development processes and the creation of tools like the DevOps audit defense toolkit to manage risks. Additionally, it suggests automating cloud governance to enhance organizational compliance and security at scale.
A DevOps Mario Developer Game Challenge with GRC
- 2. @LBMKRISHNA Value Stream Architect | DevOps Advocate
- 3. @LBMKRISHNA Pictures Courtesy: Internet Super Mario Games (https://www.nintendo.com/)
- 4. @LBMKRISHNA
- 5. @LBMKRISHNA
- 6. @LBMKRISHNA
- 7. @LBMKRISHNA
- 8. @LBMKRISHNA
- 9. @LBMKRISHNA
- 10. @LBMKRISHNA Delivery Teams Expectation to go faster Funding Traditional– Initiative/Project Focused Architecture / Design Centralized & Committee Based Governance Overloaded Documentation, Processes Risk & Audit Paper/Document/Spread Sheet Based
- 11. @LBMKRISHNA Fill – More Documents Fill – More Templates Tick – More Tick Boxes
- 13. @LBMKRISHNA
- 14. @LBMKRISHNA
- 15. @LBMKRISHNA
- 16. @LBMKRISHNA
- 17. @LBMKRISHNA Equifax: (At least) $575 Million Home Depot: ~$200 million Uber: $148 million Yahoo: $85 million Capital One: $80 million Morgan Stanley: $60 million British Airways: $26.2 million Tesco Bank: $21 million Target: $18.5 million Anthem: $16 million Ticketmaster: $10 million Google: $7.5 million Magecart Attack on Warner Music Group Target Lost Data on 40 Million Cards Adobe’s Million Dollar Data Breach Heartland Payment Systems Loses Processing Privileges Equifax https://www.goanywhere.com/blog/the-5-biggest-pci-compliance-breaches https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
- 18. @LBMKRISHNA
- 19. @LBMKRISHNA
- 20. @LBMKRISHNA - Adrian Cockcroft, Vice President of Cloud https://d1.awsstatic.com/executive-insights/en_US/ebook-cloud-for-ceos.pdf
- 22. @LBMKRISHNA
- 23. @LBMKRISHNA Organizations today are subject to many regulations governing the protection of confidential information, financial accountability, data retention and disaster recovery, among others. They're also under pressure from shareholders, stakeholders and customers. https://www.cio.com/article
- 24. @LBMKRISHNA “IT governance is the responsibility of executives and the board of directors, and consists of leadership, organizational structures, and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives.” https://www.architectureandgovernance.com/
- 25. @LBMKRISHNA
- 26. @LBMKRISHNA
- 27. @LBMKRISHNA uilding compliance into development and operations, and wiring compliance policies and checks and auditing into Continuous Delivery so that regulatory compliance becomes an integral part of how DevOps teams work on a day-to-day basis Justin Arbuckle
- 28. @LBMKRISHNA
- 29. @LBMKRISHNA
- 30. @LBMKRISHNA
- 31. http://dearauditor.org/ @LBMKRISHNA The team compiled a list of audit concerns and documented them in a DevOps Risk Control Matrix with lot of details around the controls, our practices and evidences that are collected to support the control.
- 32. https://itrevolution.com/devops-audit-defense-toolkit/ @LBMKRISHNA The goal of the DevOps Audit Defence Toolkit is to educate IT management and practitioners on the audit process so they can demonstrate to auditors they understand the business risks and are properly mitigating those risks.
- 33. As more and more DevOps practices are automated, it becomes harder to capture the data required to ensure all security and compliance concerns are met. Organizations need an automated way to track governance throughout the entire software delivery process so they can attest to the integrity of all assets and to the security of all running applications. @LBMKRISHNA https://itrevolution.com/book/devops-automated-governance- reference-architecture/
- 34. @LBMKRISHNA The intent of this paper is to provide greater choice and options for corporations to consume cloud computing services by automating manual cloud governance processes. This paper seeks to accelerate compliance at the speed and scale of DevOps. https://www.onug.net/app/uploads/2020/05/ONUG_WP_Automated- Cloud-Gov_Final.pdf
- 35. @LBMKRISHNA https://medium.com/faun/compliance-as-programming-language-da25f11be9d2
- 36. @LBMKRISHNA Policy-based control for cloud native environments Flexible, fine-grained control for administrators across the stack https://www.openpolicyagent.org/
- 38. @LBMKRISHNA https://www.sonatype.com/referencearchitecturetestdrive Successful DevSecOps practices encompass people, processes, tools, and measurement. But where should you start, how can you validate your existing practices, or what are the possibilities? Then answer the following: •Where can we further automate manual, security, and business tasks? •What DevSecOps tools and integrations are others deploying? •What interactions do we need to be aware of or map out?