APAC CIO Outlook
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Agile

    AI Healthcare

    Artificial Intelligence

    Aviation

    Bi and Analytics

    Big Data

    Cloud

    Cyber Security

    Digital Infrastructure

    Digital Marketing

    Digital Transformation

    Digital Twin

    Drone

    Internet of Things

    Low Code No Code

    Networking

    PropTech

    Remote Work

    Singapore Startups

    Smart City

    Startup

    Unified Communication

    Wireless

  • E-Commerce

    Education

    FinTech

    Healthcare

    Manufacturing

    Pharma and Life Science

    Retail

    Travel and Hospitality

  • Dell

    IBM

    Microsoft

    Salesforce

    SAP

  • Cognitive

    Compliance

    Contact Center

    Corporate Finance

    Data Center

    Data Integration

    Digital Asset Management

    Full Stack Development

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    RegTech

    Travel Retail

Menu
    • DevOps
    • SAP
    • Aviation
    • HR Technology
    • Manufacturing
    • Cloud
    • Data Center
    • Education
    • Salesforce
    • Digital Infrastructure
    • Bi and Analytics
    • Unified Communication
    • IBM
    • AI
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • DevOps
    Editor's Pick (1 - 4 of 8)
    left
    Service Management in the Age of Digitization

    Douglas Duncan, CIO, Columbia Insurance Group

    Devops- 'Aligning the Future of Software Deployment'

    Herry Wiputra, CTO

    On the Evolution of Agile to DevOps

    Carmen DeArdo, DevOps Speaker, Consultant, Author and DevOps Leader, Nationwide

    Building the New Paradigm of Next-Gen DevOps Management

    Marc Priolo, VP, City National Bank

    A Crash Course in Low-Code Software: What it is, What it Does, Why it Matters

    Karen Astley, Vice President Asia-Pacific, Appian

    Meeting the Intelligent Data Management needs of 2019

    Shaun McLagan, Senior Vice President, Asia Pacific and Japan, Veeam Software

    Bridging the T&E Compliance Gap in a New Era of Business Travelers

    Madanjit Singh, Managing Director, South East Asia, SAP Concur

    Lean Agile DevOps Enterprise: Rewarding Fusion or Lethal Confusion?

    Deepak Chopra, Vice President, Genpact

    right

    Compliance @ The Speed of Thought

    Patrick S. Kelso, Head of Devops Consulting - Anz Region, UST Global

    Tweet
    content-image

    Patrick S. Kelso, Head of Devops Consulting - Anz Region, UST Global

    I was 18 years old and just starting out in my IT career when Bill Gates released his second book Business @ the Speed of Thought and to my shame I ignored it. Despite Gates being undisputedly the most successful geek ever at the time I was a UNIX user and ignore his book for many years. When I finally did read it, it invoked many “ahah!” moments and combined with The Phoenix Project by Gene Kim, Kevin Behr & George Spafford was largely responsible for me moving from the tech side of IT to the business side. What does this have to do with compliance you ask? Everything! It is in the business fable style of The Phoenix Project that I’ve written this article.

    DevOps, cloud, automation, digital and containers, all the buzzwords that get anyone who uses them a barrage of recruiter messages on LinkedIn, but also the foundation of compliance at many of the banks I’ve worked at in the last decade. When I first moved into the finance world compliance was a dirty word, it invoked an urge to hide under the desk until the auditors had passed. We could definitely tell you who had access to a system now, but not who might have had access three days ago, let alone three months ago. Following our processes step by step never produced the same results no matter how many Change Approval Boards (CABS) we sat through who approved our changes and worst of all, a change scheduled for 5pm on a Friday evening meant cancelling all plans for that weekend because odds were you’d be spending it trying to unbreak the systems before business opened on Monday. (Heaven forbid you worked in a global bank and systems were expected to be online 24/7).

    By adopting the same tools and processes the developers used to manage their code we could have a complete history of every change on any system and review it at any time

    By automating the processes using tools such as Puppet, Jenkins and good old fashioned UNIX scripts automation changed compliance from a headache to an invisible layer of protection that we could trust. If everyone used the same Jenkins job to deploy applications and all they could change was the version, we knew that no one could change code in production servers, read the database without us knowing or install bitcoin mining code into our systems or applications.

    By adopting the same tools and processes the developers used to manage their code we could have a complete history of every change on any system and review it at any time. “Who changed the web server to use version X of this application on June 22nd 2011”? “Glad you asked, that was Bob’s change, and approved by Jane and Anne and here is the reason it was changed”. All changes are immutable as future changes have their own unique ID that can be referenced globally.

    One last anecdote to show the power of speed in responding to compliance risks. On the 7th of April 2014 I was flying from Sydney to Vancouver, a trip of about 14 hours. Not long after takeoff a vulnerability was disclosed in OpenSSL, a software package used by virtually every website and many other components of the web. When I landed in Vancouver and read about this I immediately contacted my team in Sydney to understand how this impacted our systems. “It’s solved” I was told. We pushed a new Puppet manifest to every server to upgrade OpenSSL and restart the affected services on all 5000 of our servers - that seemed like a large number in 2014 - we are up to date. Behind the scenes the team had contacted the bank’s risk team and explained the seriousness of the issue, an emergency change was approved, and the work performed immediately, such was the confidence the risk team had in our tools because time and time again we’d updated packages without outages since adopting automation. Some companies I know still had unpatched systems monthslater.

    By automating we can move faster, share information faster and truly operate all aspects of our ‘business @ the speed of thought’.

    If your risk/compliance team doesn’t understand the tools they can’t trust them, have a conversation today to make sure that both IT and Risk understand what is and isn’t possible to maintain compliance with whatever regulations or industry codes you need to and remove the manual steps, every manual step is an opportunity for a mistake to creep into a process, after all, we are only human.

    Weekly Brief

    loading
    Top 10 DevOps Solution Companies - 2019
    Top 10 DevOps Consulting/Services Companies -2019
    ON THE DECK

    DevOps 2019

    Top Vendors

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    The nucleus of customer-driven transformations

    The nucleus of customer-driven transformations

    MazenKassis, Head of Data & Analytics, Foodstuffs North Island
    Smart Urbanism and an All-Digital Economy as Necessity, Not a Futuristic Dream

    Smart Urbanism and an All-Digital Economy as Necessity, Not a Futuristic Dream

    Benson Tam, Founding Partner and Chairman of Venturous Group
    How to Cope with Covid19 Market Meltdown

    How to Cope with Covid19 Market Meltdown

    Patricia Poon, Founder & Managing Partner, Belmond Capital Limited
    How to Successfully Pitch Your Idea to a VC

    How to Successfully Pitch Your Idea to a VC

    Vikas Datt, Managing Director and Partner at CerraCap Ventures
    Fintech, the Omnipresent

    Fintech, the Omnipresent

    Mark Munoz, Co-Founder and Managing Partner, Vectr Fintech.
    The Rise of B2B Fintech in Southeast Asia

    The Rise of B2B Fintech in Southeast Asia

    Ivan Ong, Principal, AFG Partners
    How Technology Fuels The Future Of Work

    How Technology Fuels The Future Of Work

    David Beitel, Chief Technology Officer, Zillow (Zg: Nasdaq)
    Does Your Organization Have The Passion To Thrive?

    Does Your Organization Have The Passion To Thrive?

    Joan Finley, PhD, Director, Communications & Change Management, Gallagher (AJG: NYSE)
    Loading...

    Copyright © 2022 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    |  Sitemap |  Subscribe |   About us

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://devops.apacciooutlook.com/cxoinsights/compliance-the-speed-of-thought-nwid-6194.html?utm_source=google&utm_campaign=apacciooutlook_topslider