Mike Ensor - Modern Policy Management Putting responsibility where it belongs

As no-ops adoption grows within the industry we can see that the "shift-left" mentality inherently adds new responsibilities to the integrated delivery teams. Policy and compliance management is historically implemented by operations and security teams often following the development phase. Implementing DevOps further isolates policy management teams leading to risks for architecture stability, data integrity, security breaches and compliance violations that can cost companies monetarily as well as brand image. This presentation will discuss how your organization can use modern automation tools to create distributed policy management allowing decisions to be made programmatically throughout the entire SDLC. Adopting principles and tools from this presentation provides the tools for fast-feedback on policy decisions that avoids both expensive deployment stoppages or to identify potential exposure once code has been sent to production. What you will learn? * What are policies and why do you need them? * Challenges in existing policy enforcement * Examples of commonly implemented policies * 3 live demonstrations * How to introduce "Fast Feedback" for infrastructure policy compliance * Cover Your A$$ (CYA) by adopting a distributed policy decision engine