DevOps and Regulatory Compliance—Like Oil and Water or Peanut Butter and Jelly?
DevOps and regulatory compliance are two critically important ingredients in today’s connected organizations. DevOps enables you to move quickly and respond to change in an era where change is increasing at an exponential rate with no sign of slowing down. Regulatory compliance ensures that your organization takes the appropriate steps to follow relevant laws that appear to require adding burdensome processes and controls to your software development lifecycle. Brandon Carlson acknowledges that at first glance these two ideas seem incompatible, but they actually go together like peanut butter and jelly. While maintaining, analyzing, confirming, and reporting on the status of required information security, compliance, and privacy controls can be difficult, integrating these tasks within your DevOps/continuous delivery pipeline is easier than you think. Using examples from real-world projects in organizations just like yours, Brandon explains how to integrate compliance and reporting into your projects using tools you already know such as pair programming, Jenkins, Chef, Metasploit, and others. When it comes to compliance, it’s not oil and water. It’s peanut butter and jelly time.