In the rush to deliver new cloud applications, developers need to be careful not to overlook compliance.
In this episode of EMA Cloud Rants -- a video series hosted by analyst firm EMA -- we discuss 10 ways to ensure a compliant cloud app development and DevOps practice. The first, and perhaps most significant, rule to remember is to prioritize compliance in the earliest stages of development.
Development teams, for example, should apply the shift left paradigm to compliance and emphasize things such as monitoring early on in the build process. What's more, organizations should implement a policy where there are no code completes without compliance checks. The idea is to make it clear that compliance is mandatory -- not optional.
Another rule to ensure a compliant cloud app development and DevOps practice is to tightly, and centrally, control artifact repositories. Teams should implement security scans and version control, as well as make sure all artifacts are signed.
This process becomes increasingly complex for development teams that support a multi-cloud model. In this case, use automation tools to automate the enforcement of these artifact rules across cloud platforms.
In addition, organizations should support a standard path to production, along with a standard compliance platform, such as Chef InSpec or Virtustream Viewtrust. These tools equip compliance officers and IT security staff with centralized access to the controls they need to monitor.
"It makes a lot of sense to improve transparency in our systems, especially when it gets complex and we have a lot of developers coding for us," said Jens Söldner, independent IT consultant and vExpert.
Other best practices for compliance in cloud app development focus more on culture. The push for compliance, for example, needs to be a top-down approach and one that rewards and incentivizes developers who identify parts of code that might not be compliant or pose other potential risks.
To learn more about how to implement this culture in your organization and receive other tips for a compliant development practice, check out the video above.