APAC CIO Outlook
  • Home
  • CXO Insights
  • CIO Views
  • News
  • Conferences
  • Newsletter
  • Whitepapers
  • About us
Apac

  • Admired Tech

    Agile

    AI Healthcare

    Artificial Intelligence

    Augmented Reality

    Aviation

    Big Data

    Blockchain

    Cloud

    Cryptocurrency

    Cyber Security

    Digital Transformation

    Drone

    HPC

    Infrared

    Internet of Things

    Networking

    PropTech

    Remote Work

    Scheduling Software

    Simulation

    Startup

    Storage

    Wireless

  • Banking

    E-Commerce

    Education

    FinTech

    Food and Beverages

    Healthcare

    Insurance

    Legal

    Manufacturing

    Pharma and Life Science

    Retail

    Travel and Hospitality

  • Atlassian

    CISCO

    Microsoft

    Oracle

    Salesforce

    SAP

    ServiceNow

  • Business Intelligence

    CEM

    Cloud-based Planning

    Cognitive

    Compliance

    Contact Center

    Contact Tracing

    Contactless Payments

    Content Management System

    Corporate Finance

    CRM

    Custom Software Development

    Data Center

    Enterprise Architecture

    Enterprise Communications

    Enterprise Contract Management

    ERP

    Field Service

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    Product Management

    RegTech

    Revenue Management

    Sales Tech

Menu
    • DevOps
    • Cloud
    • Agile
    • Blockchain
    • Cyber Security
    • Managed Services
    • Cognitive
    • Digital Transformation
    • IoT
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • DevOps
    Editor's Pick (1 - 4 of 8)
    left
    Service Management in the Age of Digitization

    Douglas Duncan, CIO, Columbia Insurance Group

    Devops- 'Aligning the Future of Software Deployment'

    Herry Wiputra, CTO

    On the Evolution of Agile to DevOps

    Carmen DeArdo, DevOps Speaker, Consultant, Author and DevOps Leader, Nationwide

    Building the New Paradigm of Next-Gen DevOps Management

    Marc Priolo, VP, City National Bank

    A Crash Course in Low-Code Software: What it is, What it Does, Why it Matters

    Karen Astley, Vice President Asia-Pacific, Appian

    Meeting the Intelligent Data Management needs of 2019

    Shaun McLagan, Senior Vice President, Asia Pacific and Japan, Veeam Software

    Bridging the T&E Compliance Gap in a New Era of Business Travelers

    Madanjit Singh, Managing Director, South East Asia, SAP Concur

    Lean Agile DevOps Enterprise: Rewarding Fusion or Lethal Confusion?

    Deepak Chopra, Vice President, Genpact

    right

    Compliance @ The Speed of Thought

    Patrick S. Kelso, Head of Devops Consulting - Anz Region, UST Global

    Tweet
    content-image

    Patrick S. Kelso, Head of Devops Consulting - Anz Region, UST Global

    I was 18 years old and just starting out in my IT career when Bill Gates released his second book Business @ the Speed of Thought and to my shame I ignored it. Despite Gates being undisputedly the most successful geek ever at the time I was a UNIX user and ignore his book for many years. When I finally did read it, it invoked many “ahah!” moments and combined with The Phoenix Project by Gene Kim, Kevin Behr & George Spafford was largely responsible for me moving from the tech side of IT to the business side. What does this have to do with compliance you ask? Everything! It is in the business fable style of The Phoenix Project that I’ve written this article.

    DevOps, cloud, automation, digital and containers, all the buzzwords that get anyone who uses them a barrage of recruiter messages on LinkedIn, but also the foundation of compliance at many of the banks I’ve worked at in the last decade. When I first moved into the finance world compliance was a dirty word, it invoked an urge to hide under the desk until the auditors had passed. We could definitely tell you who had access to a system now, but not who might have had access three days ago, let alone three months ago. Following our processes step by step never produced the same results no matter how many Change Approval Boards (CABS) we sat through who approved our changes and worst of all, a change scheduled for 5pm on a Friday evening meant cancelling all plans for that weekend because odds were you’d be spending it trying to unbreak the systems before business opened on Monday. (Heaven forbid you worked in a global bank and systems were expected to be online 24/7).

    By adopting the same tools and processes the developers used to manage their code we could have a complete history of every change on any system and review it at any time

    By automating the processes using tools such as Puppet, Jenkins and good old fashioned UNIX scripts automation changed compliance from a headache to an invisible layer of protection that we could trust. If everyone used the same Jenkins job to deploy applications and all they could change was the version, we knew that no one could change code in production servers, read the database without us knowing or install bitcoin mining code into our systems or applications.

    By adopting the same tools and processes the developers used to manage their code we could have a complete history of every change on any system and review it at any time. “Who changed the web server to use version X of this application on June 22nd 2011”? “Glad you asked, that was Bob’s change, and approved by Jane and Anne and here is the reason it was changed”. All changes are immutable as future changes have their own unique ID that can be referenced globally.

    One last anecdote to show the power of speed in responding to compliance risks. On the 7th of April 2014 I was flying from Sydney to Vancouver, a trip of about 14 hours. Not long after takeoff a vulnerability was disclosed in OpenSSL, a software package used by virtually every website and many other components of the web. When I landed in Vancouver and read about this I immediately contacted my team in Sydney to understand how this impacted our systems. “It’s solved” I was told. We pushed a new Puppet manifest to every server to upgrade OpenSSL and restart the affected services on all 5000 of our servers - that seemed like a large number in 2014 - we are up to date. Behind the scenes the team had contacted the bank’s risk team and explained the seriousness of the issue, an emergency change was approved, and the work performed immediately, such was the confidence the risk team had in our tools because time and time again we’d updated packages without outages since adopting automation. Some companies I know still had unpatched systems monthslater.

    By automating we can move faster, share information faster and truly operate all aspects of our ‘business @ the speed of thought’.

    If your risk/compliance team doesn’t understand the tools they can’t trust them, have a conversation today to make sure that both IT and Risk understand what is and isn’t possible to maintain compliance with whatever regulations or industry codes you need to and remove the manual steps, every manual step is an opportunity for a mistake to creep into a process, after all, we are only human.

    Weekly Brief

    loading
    Top 10 DevOps Solution Companies - 2019
    Top 10 DevOps Consulting/Services Companies -2019
    ON THE DECK

    DevOps 2019

    Top Vendors

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    A Picture of Health: Why we need a unified approach to Covid-safe air travel

    A Picture of Health: Why we need a unified approach to Covid-safe air travel
    Brandon Balcom, Snr. Director, Innovation Business Development, CWT
    The Battle Of David & Goliath Within The Retail Landscape

    The Battle Of David & Goliath Within The Retail Landscape
    Vlad Yakubson, Head Of Retail, Yd
    Thinking Out-Of-The-Box To Launch Business Beyond Borders

    Thinking Out-Of-The-Box To Launch Business Beyond Borders
    Bill Bass, Chief Marketing Officer And Kara Lawson, Senior Director Ecommerce, Fullbeauty Brands
    Driving Transformative, Datadriven Thinking

    Driving Transformative, Datadriven Thinking
    Shubham Mehrish, Vice President, Mars
    Retail is Detail They Say

    Retail is Detail They Say
    STUART FREER, CHIEF DIGITAL OFFICER, MECCA BRANDS
    Blockchain: The answer to solve the perennial issues in the Telecom Industry

    Blockchain: The answer to solve the perennial issues in the Telecom Industry
    Neeti Virmani, Venture Partner, Loyal VC
    Self Service: An important slice of the digital transformation pie

    Self Service: An important slice of the digital transformation pie
    Christopher Douglas, Director Member Services Pacific, Accor Plus
    Leveraging POS Systems to Enhance Customer Experiences in Retail

    Leveraging POS Systems to Enhance Customer Experiences in Retail
    Bernie Winter, Director of Point-of-Sale Systems, and Mike Metz, Vice President of Information Technology, Tops Friendly Markets
    Loading...

    Copyright © 2021 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    |  Sitemap |  Subscribe

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://devops.apacciooutlook.com/cxoinsights/compliance-the-speed-of-thought-nwid-6194.html?utm_source=google&utm_campaign=apacciooutlook_topslider