Written by: Ryan Britton, Mint US Delivery Lead & ALM Ranger
Compliance. It’s like wearing a helmet while you’re kicking tricks with your BMX buddies: somehow it just seems to take the fun out of pulling off any type of acrobatics… because the cool kids perform summersaults *without* the safety gear their mothers makes them wear…
This is perhaps the peer-pressured reality of many juvenile dirt tracks, but at a certain level of competition, these pretenses cross over the threshold of Daring Daredevilry into the realm of Unreasonable Risk. Grand Prix motorcyclists all wear helmets – because anything less is lunacy.
It is, therefore, a source of constant amazement to me how enterprise-level software projects all table the question of compliance at the outset of the project – but that the procedures for implementing these controls constantly through the project lifecycle and maintaining them in perpetuity – are less of a practical methodology and more of a nebulous good intention.
Every news-breaking story of a security breach or data privacy violation blows the top off of the pretense…and I am always incredulous at the obvious lack of preparedness and methodical attention which is exposed through these tales of digital woe. The amount of embarrassment, brand damage and broken trust involved in this must surely make this an insurance policy worth investing in…and I don’t think that the problem is the willingness of executives to invest into it… I think that the process of baking continuous compliance into an organization’s evolving software landscape is challenging and that many IT teams are ill-equipped to expedite a plan of this type.
Herein lies the rub:
- Any security compliance effort is only as good as the rate of change within that software ecozystem.
- Data compliance requires that data is classified according to sensitivity and intended use and that its lifecycle/exposure is managed accordingly.
- Investing in a cloud platform with the necessary compliance certifications doesn’t extend the certification to the collateral which you deploy onto that infrastructure.
This is a difficult process to manage without hamstringing your organization’s ability to innovate by burying your software ecozystem in red tape chasing down compliance remediation.
The answer lies in a new DevOps-led process of specifically identifying the surface area of a change and engaging in targeted micro-recompliance efforts which are formulated into a CICD-automated delivery pipeline. Agile, high-speed, continuous compliance is the nirvana of these delivery streams, underpinned by automation to produce change at high velocity, without sacrificing compliance – whether we’re talking about security, privacy or industry-specific regulatory requirements.
Unfortunately – with the advent of cloud, bring-your-own-device ecozystems, remote-worker scenarios and ever-more distributed organizational environments…the methodologies for implementing these types of continuous compliance practices are becoming the dividing factor between Modern, Digitally-Led Businesses – and those waiting for the inevitable.
About Mint Group
Mint Group a global IT consultancy recognized as a top 1% global systems integrator. The organisation is also a member of the prestigious Inner Circle for Microsoft Dynamics and recruits best-of-breed global IT skills and capabilities with two of only 144 ALM Rangers and 1 of only 160 PCSA’s globally employed as part of the Mint Group of companies. As the dominant solutions provider to Africa’s financial services conglomerates, the company enables better business by digitally leading its clients through Customer Centricity with Dynamics 365, Employee Engagement with Office 365, Intelligent Insights with AI and Cognitive Computing, and Smarter Systems with Azure in the digital space.
Mint. Create Tomorrow.