BT

InfoQ Homepage Compliance Content on InfoQ

  • AWS Identity and Access Management Gains Tags and Attribute-Based Access Control

    Amazon Web Services (AWS) recently enabled tags for IAM users and roles to ease the management of IAM resources. Notably, this release also includes the ability to embrace attribute-based access control (ABAC) and match AWS resources with IAM principals dynamically to "simplify permissions management at scale".

  • XebiaLabs DevOps Platform Provides New Risk and Compliance Capability for Software Releases

    XebiaLabs, a provider of DevOps and continuous delivery software tools, has launched new capabilities for custody, security and compliance risk assessment tracking for software releases via their DevOps Platform.

  • Microsoft Announces the General Availability of the Immutable Storage Functionality in Azure Storage

    With the immutable storage, feature blobs will be non-erasable and non-modifiable for a specific retention interval. Now Microsoft announced that this new feature is generally available in all public Azure regions after its preview since June of this year.

  • Compliance in an Agile World

    Compliance is about making sure that you are doing the right thing and being able to prove it. With agile and frequent deliveries, you need to build compliance into the process of delivery. Making compliance obligation part of the thing that DevOps teams own increases the likelihood of success.

  • AWS Config Gains Cross-Account, Cross-Region Data Aggregation

    Amazon Web Services (AWS) recently added the capability to aggregate compliance data produced by AWS Config rules across multiple accounts and/or regions to enable centralized auditing and governance of AWS resources. A new aggregated dashboard view displays non-compliant rules across the organization. Users can then drill down to view details about resources that are violating any rules.

  • Chef Extends OpsWorks Capabilities in AWS

    Chef has announced new capabilities to address application lifecycle control concerns in containers in AWS. New functionality includes Chef Automate with integrated compliance and builds on AWS OpsWorks for Chef Automate announced in 2016. OpsWorks for Chef Automate provides a managed Chef server and suite of automation tools.

  • Creating and Enforcing "Policy as Code" with HashiCorp Sentinel

    HashiCorp have released Sentinel, an embedded “policy as code” framework that is integrated within the HashiCorp Enterprise products. Sentinel enables “fine-grained, logic-based policy decisions” that can be used to automatically audit and enforce organisational, compliance or security policies when working with Infrastructure as Code and other HashiCorp platform tooling.

  • Q&A With Robert Scherrer: DevOps on the Backbone of the Swiss Financial Center

    Starting with a small core team, and a DevOps approach around 5 + 1 dimensions - skills, organization, process, infrastructure, architecture + mindset & attitude - SIX has been transforming how IT and the business work together to break the silos and align themselves along value streams. InfoQ took the opportunity to talk with Robert Scherrer, head of software dev at SIX, about this journey.

  • Cloud Migrations, Highly Regulated Environments, and Making Work Visible: DOES17 London Day Two

    At the London DevOps Enterprise Summit 2017 (DOES17) conference, the second morning of keynotes discussed the role DevOps plays when migrating to cloud platforms; the creation and cultivation of effective teams that must work within high-regulatory environments; and how to improve the flow of business value by making work visible.

  • AWS Organizations Offers Centralized Policy-Based Account Management

    After a three month preview since re:Invent 2016, Amazon Web Services has recently moved AWS Organizations to general availability. The new service allows to centrally manage multiple AWS accounts within a hierarchy of organizational units and attach service control policies with fine-grained access permissions. AWS Organizations also supersede the formerly separate consolidated billing feature.

  • DevOps Survival in the Highly Regulated Financial Industry

    Robert Scherrer, head of application engineering at SIX, on how the company leveraged DevOps principles and benefits in the highly regulated Swiss financial industry. Engaging with compliance auditors to collaboratively agree on solutions early before it's too costly to change and avoiding legacy internal directives (not actually required by external regulations) are the main takeaways.

  • Container Manifests, Docker Labels, and the Implications on Security: A Q&A with Gareth Rushgrove

    At DockerCon EU 2015, InfoQ sat down with Gareth Rushgrove, a senior software engineer at Puppet Labs, and explored the concepts behind his conference presentation “Shipping Manifests, Bill of Lading and Docker”. The range of topics discussed included the benefits of system package management (manifest) metadata, the use of Docker labels, and the implications on security and compliance audits.

  • AWS Expands Credential Lifecycle Management and Monitoring

    AWS Identity and Access Management (IAM) recently expanded available password policy rules to enable self-service password rotation. A new credential report provides visibility into the AWS credentials security status. AWS also added logging of AWS Management Console sign-in events to AWS CloudTrail.

  • S is for Security

    Frank Breedijk, security officer at Schuberg Philis, talks about the friction points between security and DevOps and how to collaborate to avoid them. Examples include automating security tests and environments, reducing scope of security audits to relevant system components only or allowing security fixes to jump the queue of changes to production.

  • Two More DevOps Tool Vendors Acquired

    The excitement over DevOps is continuing to increase in major corporations. Today it was announced that two DevOps tool vendors were acquired. UrbanCode was picked up by IBM while Nolio went to CA Technologies.

BT

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
Country/Zone:
State/Province/Region:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.