Policy as [versioned] code - you're doing it wrong
Is your 'policy as code' just creating new friction? Learn how treating policy like a versioned software dependency finally makes compliance a collaborative engineering task.
#1about 7 minutes
Introducing the key personas in policy management
An allegorical story illustrates the conflicting perspectives of a CIO, product manager, developer, and operations staff on policy.
#2about 4 minutes
Why simply codifying policy is not enough
Codified policies often fail due to being kept secret, causing breaking changes during deployment, and generating warnings that are ignored in CI/CD pipelines.
#3about 5 minutes
Applying software patterns to policy management
The solution is to treat policy like a software dependency by making it visible, applying semantic versioning, and including tests.
#4about 4 minutes
Implementing versioned policy with modern tooling
A demonstration shows how to manage versioned policies for Terraform and Kubernetes using tools like Checkov, Kyverno, and Renovate for automated updates.
#5about 3 minutes
The cultural importance of purpose-driven policy
Effective policy requires a clear narrative explaining the risk it mitigates, which encourages collaboration and allows the policy to evolve with the business.
#6about 22 minutes
Q&A on policy culture, tooling, and security
The speaker answers audience questions about cultural challenges, tooling like OPA, supply chain attacks, and the role of risk management.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
04:33 MIN
Demo of enforcing compliance with policy as code
Unleashing Potential Across Teams: The Power of Infrastructure as Code
03:42 MIN
The challenges of managing policies as code in Git
What we Learned from Reading 100+ Kubernetes Post-Mortems
02:24 MIN
Implementing automated guardrails instead of manual gates
Great DevEx and Regulatory Compliance - Possible?
02:49 MIN
Shifting security left to prevent incidents before deployment
OPA for the cloud natives
06:29 MIN
Introducing Policy as Code and Open Policy Agent
Decoupled Authorization using Policy as Code
01:22 MIN
Key principles for balancing developer speed and safety
Great DevEx and Regulatory Compliance - Possible?
02:25 MIN
Implementing and enforcing supply chain policies
Securing your application software supply-chain
07:10 MIN
Q&A: Implementing DevOps and advocating for change
Shifting Stress to Progress— Understanding DevOps to do DevOps Better
WeAreDevelopers LIVE days are changing - get ready to take partStarting with this week's Web Dev Day edition of WeAreDevelopers LIVE Days, we changed the the way we run these online conferences. The main differences are:Shorter talks (half an hour tops)More interaction in Q&AA tips and tricks "Did you know" sect...
Dev Digest 134 - Where pixels sing?News and ArticlesWeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to t...
From learning to earning
Jobs that call for the skills explored in this talk.
![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms){kind=small}
58:40
41:06
46:37
43:00
32:55
56:19
51:41
26:50
