Presentation: A Continuation of Devops: Policy as Code

Track: Security Transformation

Location: Whittle, 3rd flr.

Duration: 5:25pm - 6:15pm

Day of week: Tuesday

Share this on:

Abstract

Organisations large and small are embracing devops and agile practices and transforming themselves into software companies. As part of that movement many organisations have embraced infrastructure as code, the idea that rather than systems administrators managing servers, databases and cloud infrastructure manually they instead describe that in software.Security is about controls, but many of those controls are still maintained in spreadsheets, or described in baroque documents that not everyone has access to, or with people as the gatekeeper. How can we apply the patterns that have transformed infrastructure management to improve security?
 
In this talk we will:

  • Look at examples of tools that move security controls into code, with a focus on ModSecurity, InSpec and Open Policy Agent
  • Explore the properties of successful infrastructure management tools, and what is missing in security tools today
  • How policy as code can work at the team level; who has responsibility for what and how does this encourage collaboration

Host: Gareth Rushgrove

Product Manager @Docker

Gareth Rushgrove is a product manager at Docker. He works remotely from Cambridge, UK, helping to build interesting tools for people to better manage infrastructure and applications. Previously he worked for the UK Government Digital Service focused on infrastructure, operations and information security. When not working he can be found writing the Devops Weekly newsletter or hacking on software in new-fangled programming languages.

Tracks

  • Career Hacking

    Strategies for advancing the skills that advance your career. Look for mentoring, speaking, empathy, and career paths.

  • Advances in FinTech

    Finance is king in London. What's happening and what should you be paying attention to with modern #FinTech

  • Security Transformation

    How do you actually start with a security mindset? Learn techniques for making security a first-class concern.

  • Tech Ethics: The Intersection of Human Welfare & STEM

    What does it mean to be ethical in software? Hear how the discussion is evolving and what is being said in ethics today.

  • Bare Knuckle Performance

    Killing latency and getting the most out of your hardware.

  • Evolving Java & the JVM

    6 month cadence, cloud-native deployments, scale, Graal, Kotlin, and beyond. Learn how the role of Java and the JVM is evolving.

The all-new QCon app!

Available on iOS and Android

The new QCon app helps you make the most of your conference experience. Easily browse and follow the conference schedule, star the talks you want to attend, and keep tabs on your personal itinerary. Download the app now for free on iOS and Android.