segregation of duties and continuous delivery

Today, I presented on “Segregation of Duties and Continuous Delivery” at the DevSecCon Singapore 2017.

here

The talk was well received.

As per the wikipedia article on [https://en.wikipedia.org/wiki/Separation_of_duties], “ In business the separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and error.”

In the I.T. space, the approaches for implementing Segregation of Duties are very defensive in nature. While the objectives of SoD are arguably achieved, the present enforcement approaches slow down the overall time from code commit to production deployment. This prevent effective Continuous Delivery.

In my talk, I present the intent, the current approaches, and my recommended alternative approaches.

This talk with be one of the chapters of my upcoming book on Security and Continuous Delivery.

Share Comments
comments powered by Disqus