Embedded Files
Post date: Jun 11, 2015 6:51:58 PM
DevOps, continuous deployment and on-demand cloud servers are all presenting real challenges to normal business controls for costs, security, compliance and disaster recovery. Getting these controls right is important to protect the business but these controls and the necessary oversight can significant slow the DevOps and cloud processes. If these business controls are not automated the benefits of the cloud automation can create risks for the enterprise or controlling these business risks will slow or stop the automated processes of the cloud.
Cloud and virtualized systems support automation but not necessarily legacy systems and applications. Unfornuately, these unsupported, unautomated and closed systems are exactly the systems that need to be be integrated for the business controlls. The new ERP systems that runs the business is now the legacy systems that are difficult to integrate with the automate provisioning of services in the on-demand cloud environment. This gaps creates a problem for governance, risk and compliance(GRC).
As the IT environment changes in response to new demands it may go out of compliance, or the compliance checks that are part of the final acceptance of manually deployment environment, may need to be re-run. Given the current maturity of the cloud and automation these types of GRC checks are no being build in the automation tools. In fact, relying on the same tools for automation and compliance checks may represent a separation of duties problem.
Page updated
Report abuse