Fun with Continuous Compliance

The presentation discusses the concept of continuous compliance and how it can be applied to DevSecOps programs. The Open Security Controls Assessment Language (OSCAL) and OSS like Falco and Voucher are presented as tools to achieve continuous compliance at scale.

• Traditional compliance is manual and stressful
• Continuous compliance can be achieved through automated control-based assessments
• OSCAL can be used to create these assessments
• OSS like Falco and Voucher can be used to achieve continuous compliance at scale
• Real-time communication and feedback loops are important for successful implementation of continuous compliance

The speaker highlights the burden that is put on developers when it comes to security and emphasizes the importance of keeping security measures as native and intuitive as possible to ensure success in overall security posture for organizations.

Is it possible to make compliance fun and less stressful? The old way of doing things is to manually gather evidence once or twice a year and hope nothing bad is found during your audit. This is not fun. In this talk, we’ll go over the concepts of continuous compliance and how to apply this to your current DevSecOps program. Zeal will talk about how the Open Security Controls Assessment Language (OSCAL) can be used to create automated control based assessments. Lastly, Ann will walk through how Shopify uses OSS like Falco and Voucher to achieve continuous compliance at scale. You will walk away from this session with information on how you can make compliance fun or at least less painful.Click here to view captioning/translation in the MeetingPlay platform!