DevOps, Automation, Security and Compliance
Andrew Barratt, Managing Principal, Solution Validation, Coalfire
Phew, the title of this post alone sounds like it could be quite a lot to deal with!
So what is DevOps? DevOps is simply the blending of infrastructure operations processes and software development to enable faster changes to business applications/technology. These processes share a lot of ideology with the Agile & Lean camps but are more fundamentally trying to bridge the traditional divide between the development world and the IT operations/Service management teams.
FedRAMP Tailored program for low-risk use cloud service offerings
Abel Sussman, Senior Project Manager, Commercial Services, Coalfire
On February 16, the FedRAMP Project Management Office (PMO) released the new FedRAMP Tailored security controls baseline for public comment (comment period closes March 17, 2017). The new FedRAMP Tailored security controls baseline was created for Cloud Service Providers (CSPs) who have cloud service offerings (CSO) that do not require the more stringent process of FedRAMP Moderate or FedRAMP High security control baselines.
New York State Implements Cybersecurity Regulation 23 NYCRR 500
Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire
On March 1st, 2017, sweeping new cybersecurity requirements were placed on organizations regulated by the New York State Department of Financial Services. The law applies to a broad set of ‘covered entities’ that are supervised by the NYDFS, including banks, trusts, budget planners, check cashers, credit unions, money transmitters, licensed lenders, mortgage brokers or bankers, and insurance companies that do business in New York. While large entities most likely meet these requirements already -- and very small entities are exempted from some of the requirements --, mid-market firms will be challenged to meet aggressive implementation timelines.
Jeremy Gibbons, AWS Channel Lead, Coalfire
The cloud can burst!? This week’s AWS service disruption showed us the importance of architecting a system to account for failure, and how to be successful when deploying your solution in the cloud.