Container Factory for Aerospace & Defense Enterprises

Creating automated workflows for container development to ensure security and compliance in a large organization

• Developers need easy access to compute and standardized containers to reduce cognitive load and prevent Shadow I.T
• Automated workflows must include controls for source code, dependencies, linting, building, scanning, and testing
• Separation of duty is necessary to ensure compliance and security
• Continuous remediation is important for vulnerability management

The speaker discussed the challenges of balancing the needs of developers with the requirements of governance and security in a large organization. They emphasized the importance of creating self-service environments for developers while also ensuring that all tools and processes meet company guidelines and regulations. The speaker also highlighted the need for standardized containers and curated pipelines to streamline development and reduce the risk of vulnerabilities. They stressed the importance of continuous remediation and separation of duty to ensure compliance and security.

Learn how Melissa and Sarah are developing a container factory that helps Collins Aerospace software teams meet the governance and compliance rules and regulations for building safety and security critical software. Melissa and Sarah will go over the challenges they are facing and how they are overcoming some when working with compliance auditors. Sarah will share how Collins is looking to move cybersecurity authorizations from a risk management focus to an active cyber defense focus. Melissa will share how she has integrated auto-document generation for compliance reviews and a vision to transition to virtual dashboards. Their goal is to remove hardships from Collins Aerospace developers created by institutional practices by rethinking how compliance is achieved in cloud native environments.