Continuous Security Compliance Realized: Reducing the Regulatory Burden with DevSecOps Automation

Most organizations are subject to the rules of an ever-increasing number of regulations, while dealing with rapidly escalating endpoints and environments to test. No matter the time and resources applied to an external assessment or audit, manual processes cannot keep pace with cloud scale and growing technical complexity of modern environments. This creates distractions for technical teams and contributes to delivery inefficiencies (reduced velocity) while also increasing the risk of “non-compliance” (adverse audit findings). A “continuous compliance” approach, empowered by modern DevOps automation approaches can help teams more efficiently handle the complex web of regulatory requirements and maintain their velocity. This session will explore real world solutions to help you and your organization realize these benefits, including managing the library of regulatory, security, and other key control points as code; detecting non-compliance with policies and regulatory requirements continuously and in real time; prioritizing issues for remediation across the entire fleet to help optimize engineering resource utilization; and automating the presentation of audit evidence to provide results at any time and with minimal effort. In addition to a discussion of these concepts and approaches, this session will also provide an exclusive demonstration of compliance automation for the recently-released PCI DSS V4.0 security standard, utilizing Chef Compliance to embed compliance into the software pipeline.