Trust Teams but Verify: Compliance as Code Done Right • Effy Elden • YOW! 2021

Рет қаралды 1,835

Күн бұрын

This presentation was recorded at YOW! 2021. #GOTOcon #YOW
yowcon.com
James Lewis - Technologist at Thoughtworks ‪@thoughtworks‬
RESOURCES
/ ineffyble
social.effy.sp...
toot.thoughtwo...
/ ineffyble
github.com/ine...
effy.space
cohost.org/effy
ABSTRACT
How can organisations enable developers to deliver secure and compliant software without becoming a bottleneck for innovation & a drain on team morale? As a relatively new area, Compliance as Code offers a potential solution to this challenge, allowing organisations to trust their teams without losing potential for auditability and verification.
Compliance as Code brings together all stakeholders including security and developers, to define rules so as to mitigate risk, protect customers and meet regulatory requirements, while not slowing release cycles.
In this talk, Effy will discuss the various aspects of Compliance as Code. They will cover the benefits of Compliance as Code and automation techniques, the pros and cons of different types of controls, some of the common challenges, and lessons from their own experiences building compliance into developer platforms at large organisations. [...]
RECOMMENDED BOOKS
Matthew Skelton & Manuel Pais • Team Topologies • amzn.to/3sVLyLQ
Forsgren, Humble & Kim • Accelerate: The Science of Lean Software and DevOps • amzn.to/3tCz1xO
Michael Jackson • Software Requirements and Specifications • amzn.to/3ql2T14
Geoffrey West • Scale • amzn.to/3eKMbpc
Fred Brooks Jr. • The Mythical Man-Month • williamgibsonb...
Donald G. Reinertsen • The Principles of Product Development Flow • amzn.to/3hJ2Ye2
Murray Gell-Mann • The Quark & the Jaguar • amzn.to/3v3ifJK
/ gotocon
/ goto-
/ gotoconferences
#Complexity #SoftwareEngineering #EffyElden #Programming #Tech #SoftwareDevelopment #SoftwareTechnology #SoftwareCycles #ProgrammingCycles #DesignPatterns #TeamTopologies #SoftwareArchitecture #Microservices #Scale #Thoughtworks #ScaleDown #SelfSimilarity #SelfOrganization #Emergence #YOWcon
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at gotopia.tech
Sign up for updates and specials at gotopia.tech/n...
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
www.youtube.co...

Пікірлер: 3

@GOTO- 4 ай бұрын

We are currently releasing older YOW! videos to serve as a valuable archive, preserving historical content. It is possible that a video is perceived as outdated. We believe it offers insightful glimpses into the past, enriching our understanding of history and development.

@logiciananimal Жыл бұрын

Great! I would only (a) add that the relevant policies in many organizations are not just "security policies" but rather general business policies that entail (or plausibilistically suggest, e.g., by implicature) security (or other) needs. (b) Emphasize that the control allocations are using *instances* assigned to a specific place or aspect or feature, not generic types. (This latter point is how to interpret the second line in the chart of things to do.)