![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms){kind=small}
Chris Nesbitt-Smith
Policy as [versioned] code - you're doing it wrong
#1about 7 minutes
Introducing the key personas in policy management
An allegorical story illustrates the conflicting perspectives of a CIO, product manager, developer, and operations staff on policy.
#2about 4 minutes
Why simply codifying policy is not enough
Codified policies often fail due to being kept secret, causing breaking changes during deployment, and generating warnings that are ignored in CI/CD pipelines.
#3about 5 minutes
Applying software patterns to policy management
The solution is to treat policy like a software dependency by making it visible, applying semantic versioning, and including tests.
#4about 4 minutes
Implementing versioned policy with modern tooling
A demonstration shows how to manage versioned policies for Terraform and Kubernetes using tools like Checkov, Kyverno, and Renovate for automated updates.
#5about 3 minutes
The cultural importance of purpose-driven policy
Effective policy requires a clear narrative explaining the risk it mitigates, which encourages collaboration and allows the policy to evolve with the business.
#6about 22 minutes
Q&A on policy culture, tooling, and security
The speaker answers audience questions about cultural challenges, tooling like OPA, supply chain attacks, and the role of risk management.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
04:33 MIN
Demo of enforcing compliance with policy as code
Unleashing Potential Across Teams: The Power of Infrastructure as Code
03:42 MIN
The challenges of managing policies as code in Git
What we Learned from Reading 100+ Kubernetes Post-Mortems
02:24 MIN
Implementing automated guardrails instead of manual gates
Great DevEx and Regulatory Compliance - Possible?
02:49 MIN
Shifting security left to prevent incidents before deployment
OPA for the cloud natives
01:22 MIN
Key principles for balancing developer speed and safety
Great DevEx and Regulatory Compliance - Possible?
06:29 MIN
Introducing Policy as Code and Open Policy Agent
Decoupled Authorization using Policy as Code
02:25 MIN
Implementing and enforcing supply chain policies
Securing your application software supply-chain
07:10 MIN
Q&A: Implementing DevOps and advocating for change
Shifting Stress to Progress— Understanding DevOps to do DevOps Better
Featured Partners
Related Videos
26:23OPA for the cloud natives
Philipp Krenn
32:16Decoupled Authorization using Policy as Code
Anderson Dadario & Denys Vitali
1:00:00Un-complicate authorization maintenance
Alex Olivier
23:26Great DevEx and Regulatory Compliance - Possible?
Martin Reynolds
46:37What Developers Get Wrong About Application Quality
Chris Riley
43:00Shipping Quality Software In Hostile Environments
Luka Kladaric
33:20DevSecOps: Security in DevOps
Aarno Aukia
56:19Plan CI/CD on the Enterprise level!
Pawel Piwosz
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Peter Park System GmbH
München, Germany
Senior
Python
Docker
Node.js
JavaScript
