Posts Tagged ‘compliance’
Dealing with Policy Debt
TL;DR Start writing down why decisions are made. Future you may thank you. Future other person who’s wondering what you were thinking may also thank you. Then keep a dependency graph of the things impacted by the decision. It will help unravel what gets woven around it. Background I was at an excellent AFCEA event […]
Filed under: security, strategy, technology | 1 Comment
Tags: ADRs, AFCEA, Agile, architecture, change, compliance, culture, debt, decisions, innovation, policy
Policy debt
Background When we talk about technical debt that conversation is usually about old code, or the legacy systems that run it. I’ve observed another type of debt, which comes from policies, and seems to be most harmful in the area of security policies. Firewalls or encryption? A primary purpose for this post is to put […]
Filed under: security | 4 Comments
Tags: change, compliance, culture, debt, encryption, firewalls, passwords, policy
My friend Randy Bias very kindly came in and did a web conference presentation at work this week on his views of cloud computing (which are well summarised in a post he did at the end of last year). Inevitably the topic of security came up, and Randy, drawing on his past experience in the […]
Filed under: architecture, cloud, security, software | 6 Comments
Tags: audit, bolt on, build in, cloud, compliance, firewall, gateway, iaas, paas, schema, security, validation, xml
Chris Swan's Weblog 