Compliance at Velocity within a DevOps Environment

摘要

DevOps has become an emerging force within the Information Technology field in today’s development/operations climate. Information security within a DevOps environment has become a focal point for most organizations that have implemented the DevOps methodology and its principles. In most cases, the ability to secure a DevOps environment and the organization’s ability to adhere to, and comply with, industry specific standards, frameworks and best practice is an integral part of information security within a DevOps environment. This investigation aims to address those issues that may arise when an organization seeks to adhere to and comply with industry standards, frameworks and best practice in a manner that does not limit the velocity of the organization’s automated delivery/deployment pipeline. This study investigates this by collecting and analyzing industry and academic literature; and through a prototype demonstration, understanding technical compliance and its requirements within a DevOps environment, using existing industry tools and solutions.