Friends or Enemies? DevOps & GRC
To stay compliant and secure, you need to go faster. You may be wondering — how is that possible? Governance, Risk and Security are generally bottlenecks for most of the Banks/Financial Institutions undergoing DevOps transformations. As we step into the eleventh year of the term “DevOps," it is now mainstream in most organizations. It makes its way into the Strategy & Board meetings, CIO presentations, press releases and success parties.
As most organizations are just scratching the surface, there is a lot to take on when it comes to DevOps Transformation. The traditional Command & Control Governance model, afterthought Security discussion with your InfoSec big brothers, answering endless questions with your Risk line and auditors — How to fit in with our transformation?
BMK inspires you to have courageous conversations with your Governance, Compliance, Risk & Security folks and establishes the understanding that it is a two-way road in which all of the parties must explore, learn, adapt and practice.
His talk will cover and help you to explore:
- From Centralized Committee Governance — Decentralized Automated Governance
- From Compliance tick-box exercise to Compliance as Code
- From faking the security audit to baking them into delivery pipelines
- From “No” to tedious audits to “Yes” to automated evidence/digital attestations