![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms){kind=small}
Chris Nesbitt-Smith
Policy as [versioned] code - you're doing it wrong
#1about 7 minutes
Introducing the key personas in policy management
An allegorical story illustrates the conflicting perspectives of a CIO, product manager, developer, and operations staff on policy.
#2about 4 minutes
Why simply codifying policy is not enough
Codified policies often fail due to being kept secret, causing breaking changes during deployment, and generating warnings that are ignored in CI/CD pipelines.
#3about 5 minutes
Applying software patterns to policy management
The solution is to treat policy like a software dependency by making it visible, applying semantic versioning, and including tests.
#4about 4 minutes
Implementing versioned policy with modern tooling
A demonstration shows how to manage versioned policies for Terraform and Kubernetes using tools like Checkov, Kyverno, and Renovate for automated updates.
#5about 3 minutes
The cultural importance of purpose-driven policy
Effective policy requires a clear narrative explaining the risk it mitigates, which encourages collaboration and allows the policy to evolve with the business.
#6about 22 minutes
Q&A on policy culture, tooling, and security
The speaker answers audience questions about cultural challenges, tooling like OPA, supply chain attacks, and the role of risk management.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
23:52 MIN
Demo of enforcing compliance with policy as code
Unleashing Potential Across Teams: The Power of Infrastructure as Code
20:42 MIN
The challenges of managing policies as code in Git
What we Learned from Reading 100+ Kubernetes Post-Mortems
10:30 MIN
Implementing automated guardrails instead of manual gates
Great DevEx and Regulatory Compliance - Possible?
02:55 MIN
Shifting security left to prevent incidents before deployment
OPA for the cloud natives
22:04 MIN
Key principles for balancing developer speed and safety
Great DevEx and Regulatory Compliance - Possible?
04:57 MIN
Introducing Policy as Code and Open Policy Agent
Decoupled Authorization using Policy as Code
23:29 MIN
Implementing and enforcing supply chain policies
Securing your application software supply-chain
17:34 MIN
Q&A: Implementing DevOps and advocating for change
Shifting Stress to Progress— Understanding DevOps to do DevOps Better
Featured Partners
Related Videos
1:00:00Un-complicate authorization maintenance
Alex Olivier
26:23OPA for the cloud natives
Philipp Krenn
32:16Decoupled Authorization using Policy as Code
Anderson Dadario & Denys Vitali
23:26Great DevEx and Regulatory Compliance - Possible?
Martin Reynolds
58:40Platform Engineering vs. DevOps Why not both?
Christian Strack
41:06From Monolith Tinkering to Modern Software Development
Lars Gentsch
30:01From boy scouting to redrawing the landscape
Tim te Beek
24:313 Key Steps for Optimizing DevOps Workflows
Daniel Tao
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Technical Product Owner
CodeMinded
Code Engineer - Security, GCP, Rego Policies - London, UK
Photon Group
€42K
DevOps
Jenkins
Terraform
Microservices
+1
Rust Developer (Compliance Software)
Bitonic
Amsterdam, Netherlands
Remote
MariaDB
Bitcoin
PostgreSQL
Blockchain