IT firms in regulated sectors or with enterprise clients must usually comply with a range of information security standards. The requirements go well beyond technical safeguards such as encryption, access control, strong passwords, firewalls and physical security of datacenters. Companies get clogged with bureaucracy and sign-offs for everything, productivity plummets and morale is low, as the paperwork does not bring any tangible value beyond being able to demonstrate the compliance.
But does it have to be like that? Tomas Honzak, Chief Information Security Officer of GoodData Corporation, will explain how DevSecOps approach can be used to both improve the information security and demonstrate compliance with limited overhead and automated enforcement where it really matters.