23Protecting the Deployment Pipeline

Throughout this chapter we will look at how to protect our deployment pipeline, as well as how to acheive security and compliance objectives in our control environment, including change management and separation of duty.

INTEGRATE SECURITY AND COMPLIANCE INTO CHANGE APPROVAL PROCESSES

Almost any IT organization of any significant size will have existing change management processes, which are the primary controls to reduce operations and security risks. Compliance manager and security managers place reliance on change management processes for compliance requirements, and they typically require evidence that all changes have been appropriately authorized.

If we have constructed our deployment pipeline correctly ...

Get The DevOps Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The DevOps Handbook by Gene Kim, Jez Humble, Patrick Debois, John Willis

23Protecting the Deployment Pipeline

INTEGRATE SECURITY AND COMPLIANCE INTO CHANGE APPROVAL PROCESSES

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly