Today, I presented on “Segregation of Duties and Continuous Delivery” at the DevSecCon Singapore 2017.
The talk was well received.
As per the wikipedia article on [https://en.wikipedia.org/wiki/Separation_of_duties], “ In business the separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and error.”
In the I.T. space, the approaches for implementing Segregation of Duties are very defensive in nature. While the objectives of SoD are arguably achieved, the present enforcement approaches slow down the overall time from code commit to production deployment. This prevent effective Continuous Delivery.
In my talk, I present the intent, the current approaches, and my recommended alternative approaches.
This talk with be one of the chapters of my upcoming book on Security and Continuous Delivery.