SlideShare a Scribd company logo

Dog Days of Devops 2022: Policy as Code

Gabriel Schuyler, profile picture
Gabriel Schuyler

The document discusses how policy can be implemented as code to improve cooperation between development and operations teams. Initially operations inserts governance into development, building trust and cooperation over time. This leads teams to share tools and methods, including representing infrastructure and configuration as code. Implementing policy as code provides benefits like being human and machine readable, versioned, and automatable, allowing policy to move at the same cadence as development and be reviewed like code. Examples of policy as code include Terraform, Kubernetes, configuration management tools and OpenAPI specifications. The document recommends talking to developers, converting tribal knowledge and manual processes to code, and cooperating to get started with a policy as code approach.

Technology
1 of 8
Download to read offline
1
2
3
4
5
6
7
8
Policy as Code (or: how I learned to stop worrying and trust my developers) Gabe Schuyler @gabe_sky Dog Days of Devops 🔥 August, 2022
Gabe Schuyler Dog Days of DevOps @gabe_sky A tale of DevOps • Initially insert Ops (governance) into Dev • Leads to trust • Leads to cooperation • Leads to "borrowing" tools and methods • Infrastructure and con fi guration as code ("ops as code")
Gabe Schuyler Dog Days of DevOps @gabe_sky Policy • Firewall rules and ACLs • System security con fi guration • Expected API inputs and outputs • The "allow list" for an application
Gabe Schuyler Dog Days of DevOps @gabe_sky Why code? • Text fi les • Versioned • Machine readable • Human reviewable • Automate-able
Gabe Schuyler Dog Days of DevOps @gabe_sky Value • Readable (and Commentable) • Automate-able (ClickOps must die) • Move at the same cadence as development • Include "code review" before changes • Integrate into testing and QA • Remove unused policies from the allow list
Gabe Schuyler Dog Days of DevOps @gabe_sky Examples • Terraform • Kubernetes • Con fi guration Management • Open Policy Agent • OpenAPI speci fi cation
Gabe Schuyler Dog Days of DevOps @gabe_sky How do we get started? • Talk to developers about their fl ow and tools • Convert tribal knowledge to code • Convert manual run-books to automated processes • Transcribe existing policy into code • Cooperate
Gabe Schuyler @gabe_sky Dog Days of Devops 🔥 August, 2022 Policy as Code

More Related Content

PPTX
Secure Your Open Source Projects For Free
Davide Benvegnù
 
PPTX
How to get start with GitHub_Copilot_for_Management.pptx
liveyourlife12023
 
PDF
GitOps 101 Presentation.pdf
ssuser31375f
 
PPTX
What is DevOps?
Allied Consultants
 
PDF
Docs Like Code: Strategies and Stories
Anne Gentle
 
PPTX
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
PDF
GitOps and ArgoCD
Omar Fathy
 
PPTX
Lessons learned on the Azure API Stewardship Journey.pptx
apidays
 
Secure Your Open Source Projects For Free
Davide Benvegnù
 
How to get start with GitHub_Copilot_for_Management.pptx
liveyourlife12023
 
GitOps 101 Presentation.pdf
ssuser31375f
 
What is DevOps?
Allied Consultants
 
Docs Like Code: Strategies and Stories
Anne Gentle
 
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
GitOps and ArgoCD
Omar Fathy
 
Lessons learned on the Azure API Stewardship Journey.pptx
apidays
 

Similar to Dog Days of Devops 2022: Policy as Code (20)

PDF
DevOps! What, Why and How?
Omar Fathy
 
PDF
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays
 
PPTX
AWS Kochi User Group Presentation
Varun Manik
 
PDF
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Vimal Suba
 
PDF
Docs Like Code
Anne Gentle
 
PPTX
Azure_DevOps_Presentation BASIC SLIDES.pptx
SantoshAiwale4
 
PPTX
DevOps on GCP Course Compared to AWS
Joseph Holbrook, Chief Learning Officer (CLO)
 
PPTX
Cloud Native Apps with GitOps
Weaveworks
 
PDF
OUG Ireland Meet-up 12th January
Brendan Tierney
 
PPTX
DevOps_service.pptx
phamvinhcntt
 
PDF
Cloud native CI/CD with GitOps
Antonio Liccardi
 
PDF
Revolutionize DevOps with ML capabilities. Introduction to Amazon CodeGuru an...
Vadym Kazulkin
 
PDF
Extending your Azure Integration Services Solutions with Open AI
Paco de la Cruz
 
PDF
Building A Product Assortment Recommendation Engine
Databricks
 
PDF
Mastering azure devOps - Dot Net Tricks
Gaurav Singh
 
PPTX
DevOps as a Service - Kuberiter
lawrence143
 
PDF
Enabling your DevOps culture with AWS-webinar
Aaron Walker
 
PDF
Constructing Open Source SDKs for Ops Teams with REST and GraphQL
Chris Wahl
 
PDF
Agile Secure Cloud Application Development Management
Adam Getchell
 
PDF
Application Monitoring using Datadog
Mukta Aphale
 
DevOps! What, Why and How?
Omar Fathy
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays
 
AWS Kochi User Group Presentation
Varun Manik
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Vimal Suba
 
Docs Like Code
Anne Gentle
 
Azure_DevOps_Presentation BASIC SLIDES.pptx
SantoshAiwale4
 
DevOps on GCP Course Compared to AWS
Joseph Holbrook, Chief Learning Officer (CLO)
 
Cloud Native Apps with GitOps
Weaveworks
 
OUG Ireland Meet-up 12th January
Brendan Tierney
 
DevOps_service.pptx
phamvinhcntt
 
Cloud native CI/CD with GitOps
Antonio Liccardi
 
Revolutionize DevOps with ML capabilities. Introduction to Amazon CodeGuru an...
Vadym Kazulkin
 
Extending your Azure Integration Services Solutions with Open AI
Paco de la Cruz
 
Building A Product Assortment Recommendation Engine
Databricks
 
Mastering azure devOps - Dot Net Tricks
Gaurav Singh
 
DevOps as a Service - Kuberiter
lawrence143
 
Enabling your DevOps culture with AWS-webinar
Aaron Walker
 
Constructing Open Source SDKs for Ops Teams with REST and GraphQL
Chris Wahl
 
Agile Secure Cloud Application Development Management
Adam Getchell
 
Application Monitoring using Datadog
Mukta Aphale
 
Ad

More from Gabriel Schuyler (14)

PDF
2024 Kernelcon Attack and Defense of AI.pdf
Gabriel Schuyler
 
PDF
2023 BSides ATX Trending Attack and Defense.pdf
Gabriel Schuyler
 
PDF
Trends in Cloud Security Attack & Defense
Gabriel Schuyler
 
PDF
Pancakes Con 4 Trends in Cloud Security & Fun Facts about Real Clouds
Gabriel Schuyler
 
PDF
Automating Security Tests in Development with Docker
Gabriel Schuyler
 
PDF
2022 GrrCON Shifting Right with Policy as Code.pdf
Gabriel Schuyler
 
PDF
Texas Cyber Summit 2022: Challenges Securing Cloud-Native.pdf
Gabriel Schuyler
 
PDF
fwd:cloudsec 2022: Shifting right with policy-as-code
Gabriel Schuyler
 
PDF
Hope 2022: Just Enough RFID Cloning to be Dangerous
Gabriel Schuyler
 
PDF
Kernel Con 2022: Securing Cloud Native Workloads
Gabriel Schuyler
 
PPTX
ShmooCon 2022: RFID Key Cloning for Angry Bikers
Gabriel Schuyler
 
PDF
Cybersecurity in 2022
Gabriel Schuyler
 
PDF
Migrating Puppet 3 to 4 -- Code Changes
Gabriel Schuyler
 
PDF
IC3 -- Configuration Management 101
Gabriel Schuyler
 
2024 Kernelcon Attack and Defense of AI.pdf
Gabriel Schuyler
 
2023 BSides ATX Trending Attack and Defense.pdf
Gabriel Schuyler
 
Trends in Cloud Security Attack & Defense
Gabriel Schuyler
 
Pancakes Con 4 Trends in Cloud Security & Fun Facts about Real Clouds
Gabriel Schuyler
 
Automating Security Tests in Development with Docker
Gabriel Schuyler
 
2022 GrrCON Shifting Right with Policy as Code.pdf
Gabriel Schuyler
 
Texas Cyber Summit 2022: Challenges Securing Cloud-Native.pdf
Gabriel Schuyler
 
fwd:cloudsec 2022: Shifting right with policy-as-code
Gabriel Schuyler
 
Hope 2022: Just Enough RFID Cloning to be Dangerous
Gabriel Schuyler
 
Kernel Con 2022: Securing Cloud Native Workloads
Gabriel Schuyler
 
ShmooCon 2022: RFID Key Cloning for Angry Bikers
Gabriel Schuyler
 
Cybersecurity in 2022
Gabriel Schuyler
 
Migrating Puppet 3 to 4 -- Code Changes
Gabriel Schuyler
 
IC3 -- Configuration Management 101
Gabriel Schuyler
 
Ad

Recently uploaded (20)

PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
August Patch Tuesday
Ivanti
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
August Patch Tuesday
Ivanti
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 

Dog Days of Devops 2022: Policy as Code

  • 1. Policy as Code (or: how I learned to stop worrying and trust my developers) Gabe Schuyler @gabe_sky Dog Days of Devops 🔥 August, 2022
  • 2. Gabe Schuyler Dog Days of DevOps @gabe_sky A tale of DevOps • Initially insert Ops (governance) into Dev • Leads to trust • Leads to cooperation • Leads to "borrowing" tools and methods • Infrastructure and con fi guration as code ("ops as code")
  • 3. Gabe Schuyler Dog Days of DevOps @gabe_sky Policy • Firewall rules and ACLs • System security con fi guration • Expected API inputs and outputs • The "allow list" for an application
  • 4. Gabe Schuyler Dog Days of DevOps @gabe_sky Why code? • Text fi les • Versioned • Machine readable • Human reviewable • Automate-able
  • 5. Gabe Schuyler Dog Days of DevOps @gabe_sky Value • Readable (and Commentable) • Automate-able (ClickOps must die) • Move at the same cadence as development • Include "code review" before changes • Integrate into testing and QA • Remove unused policies from the allow list
  • 6. Gabe Schuyler Dog Days of DevOps @gabe_sky Examples • Terraform • Kubernetes • Con fi guration Management • Open Policy Agent • OpenAPI speci fi cation
  • 7. Gabe Schuyler Dog Days of DevOps @gabe_sky How do we get started? • Talk to developers about their fl ow and tools • Convert tribal knowledge to code • Convert manual run-books to automated processes • Transcribe existing policy into code • Cooperate
  • 8. Gabe Schuyler @gabe_sky Dog Days of Devops 🔥 August, 2022 Policy as Code