Compliance has traditionally been perceived as a ‘cost’; something that slows things down rather than something that can enable a business.
Agile organizations do things faster. Today agile development has become ubiquitous both for startups and for large established companies. Over the last few years, agile concepts have moved from software development to business processes in the ‘Lean Startup’ model – which was about ruthless prioritization, external focus, and continuous improvement.
Fast growing companies fear they won’t be able to stay agile with all the regulations they are being subjected to. Much of that fear comes from their perspective that things like compliance will slow them down. But, what if your company looked at compliance differently by taking an agile process approach?
The following points outline an agile compliance approach:
- All identified compliance control objectives become part of the product backlog as user story acceptance criteria
- Control activities, which are derived from control objectives, are automated in testing when possible (such as automated logging)
- Automated test suites are run continuously, providing a compliance health check, thus reducing risk
- Compliance is built up iteratively rather than in a big bang fashion, thus reducing cost and time
- Compliance becomes part of the agile delivery culture
Symantec Control Compliance Suite (CCS) in its latest release v11.5, enables customers to adopt more of agile compliance and provide a continuous improvement experience. CCS 11.5 provides two key capabilities that help organizations achieve this.
Driving micro compliance assessment jobs
The first capability is about doing things right the first time, and testing things before going live. To this, CCS provides users with a new Command Line (CLI) option to drive micro compliance assessment jobs. This helps customers solve two of the major challenges they face today in agile adoption. For example:
- When admins provision a new server/application, they need to be sure things are setup as per internal standards and best practices. The new CLI enables users to call the assessment micro job using the CLI in an automated way at the end of the provisioning cycle. This triggers an assessment on the server, and returns the results to the user to validate the security settings.
- When customers find issues or misconfigurations, they need to fix them. Once done, they can use this same CLI to quickly run an assessment and return the results to ensure that the fix they performed is indeed the right one.
The second capability CCS 11.5 provides to help achieve agile compliance is around scripting. Many customers start their compliance lifecycle with a lot of manual activities. As they mature, they move to a more repetitive and automated world to measure compliance. Along this journey they build a lot of scripts that enable them to gather compliance specific data. With custom scripting, CCS allows users to use scripts to collect data required to report on compliance.
This could be useful for many reasons including the ability to create new complex checks, quickly deploy vulnerability checks for bugs like Shellshock, and adding compliance checks for platforms that CCS does not currently support - like containers or in house applications. Additional use for scripting include things like configuration remediation, running custom actions, running tools for incidence response, running custom applications, and so on.
With these two new capabilities along with many others, CCS 11.5 is taking the right steps to enable customers to adopt agile compliance so it becomes a competitive advantage, instead of a bottleneck.
Test Drive Control Compliance Suite
Control Compliance Suite is now available on the Amazon Web Services (AWS) Test Drive platform making it easy to see what CCS can do without the need for extra hardware or time spent on product setup and configuration. The test drive environment has all the CCS modules installed and preconfigured and can be up and running in just a few minutes. Take a test drive today or learn more about CCS here.
Buy Control Compliance Suite
Control Compliance Suite is now available in the AWS marketplace. Get more details here.