The Nuts and Bolts of achieving security compliance
-
Webteam - Susan Schaeffer|
- 5 maart 2024|
By Erwin Laros, Karthik Rajagopalan & Yuri Bobbert - The information security requirements from the regulatory bodies overseeing the financial industry lack information on how these requirements and guidelines can be implemented in an Agile/DevOps environment and the (cloud) infrastructure supporting it. Working per these requirements is a prerequisite for maintaining a banking and insurance license. Besides the business necessity of maintaining the license, the risks of working in an Agile/DevOps environment are similar to working in a more traditional environment; thus, not mitigating those risks would lead to an unacceptable risk position. Upcoming regulatory requirements in the Financial Industry bring extra complexity. This paper examines the DevOps and Agile dynamics, the regulatory requirements and what is lacking in the current approaches. We finish with some Nuts and Bolts of the current way of working in supervision and achieving real security and compliance for the financial industry.