What is Compliance Operations in a DevSecOps world?

DevSecOps is changing the meaning of compliance.  Gone is the checklist and checkbox mentality.  Compliance Operations in a DevSecOps world means enabling customers to manage drift from security baselines and self-heal with real-time data.  It means real time security alerts and notifications when policy configurations change from the known approved state.

So how does this work?

First, set policies and guidelines so customers know what is expected of them. An organizations corporate security policies don’t’ go away, they serve as reinforcement for non-compliance. 

As an example, policy states every customer must enable Multi-factor authentication (MFA).  Start by launching a campaign to push this requirement across the fleet within a period of time.  Once you’ve established an acceptable level of compliance across the fleet, set up a rule (in Splunk) that triggers every time a user logs into the cloud environment without MFA.  This way every time a a user logs in without MFA, a Splunk alert is triggered to the policy violator with instructions to self-heal and the consequences of non-compliance (most likely access is killed).

This approach allows an organization to achieve compliance at scale.  You don’t need to maintain the checklist of policy violators in a spreadsheet and continuously send follow-up emails, which get ignored most of the time.

How do you bring an organization along?

Include customers in the journey.  Invite them to solve the problem with you.  Learn about their pain points & iterate on the approach.  Take those learning’s to help identify opportunities for improvement in security processes and services.

Communication is a key factor in the success of any strategy.  Customers need to have resources available at their fingertips on demand.