london cd - continuous delivery vs copious regulation
TRANSCRIPT
Ian WatsonHead of DevOps
Email : [email protected] : @purplemarauder
Continuous Delivery
vs Copious
Regulations
Can you really achieve Continuous Delivery in the highly regulated world of financial services?
Is it easy to achieve Continuous Delivery in the highly regulated world of financial services?
We needed to change
Searching for unicorns
Who is watching?
Goal: regulate the use of “personal data”
DPA(Data Protection Act)
Goal: Europe-wide regulation of the use of “personal data”
GDPR(General Data Protection Regulation)
Goal: Protect Cardholder Data
PCI DSS(Payment Card Industry Data Security Standard)
Goal: Make financial markets work well – for individuals, for business, large and small, and for the economy as a whole
FCAThe Financial Conduct Authority
Let’s do this!
CONTINUOUS
Delivery
What does this mean for technology choices
“Cloud” is just outsourcing
Our aim is to avoid imposing inappropriate barriers to firms’ ability to outsource to innovative and developing areas, while ensuring that risks are appropriately identified and managed.
No one ever got fired for buying…..
Hybrid might be the answer
(Not so) Safe Harbour
How much meta data?
Continuous Delivery drives excellent behaviours from a regulatory compliance perspective*
*as well as a few really useful side effects like, speed, quality and reliability
Segregation of Duties
Corollary
Enterprise DevOps
=
Specialisation + Collaboration
How autonomous is an autonomous team?
Traceability
Traceability
Security
Patching
Auditability(standardisation)
Auditability(immutable Infrastructure)
Treat all your data as if you are likely to be audited as a regulated body…
….even if you’re not