![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms){kind=small}
Chris Nesbitt-Smith
Policy as [versioned] code - you're doing it wrong
#1about 7 minutes
Introducing the key personas in policy management
An allegorical story illustrates the conflicting perspectives of a CIO, product manager, developer, and operations staff on policy.
#2about 4 minutes
Why simply codifying policy is not enough
Codified policies often fail due to being kept secret, causing breaking changes during deployment, and generating warnings that are ignored in CI/CD pipelines.
#3about 5 minutes
Applying software patterns to policy management
The solution is to treat policy like a software dependency by making it visible, applying semantic versioning, and including tests.
#4about 4 minutes
Implementing versioned policy with modern tooling
A demonstration shows how to manage versioned policies for Terraform and Kubernetes using tools like Checkov, Kyverno, and Renovate for automated updates.
#5about 3 minutes
The cultural importance of purpose-driven policy
Effective policy requires a clear narrative explaining the risk it mitigates, which encourages collaboration and allows the policy to evolve with the business.
#6about 22 minutes
Q&A on policy culture, tooling, and security
The speaker answers audience questions about cultural challenges, tooling like OPA, supply chain attacks, and the role of risk management.
Related jobs
Jobs that call for the skills explored in this talk.
Team Lead DevOps (m/w/d)
Rhein-Main-Verkehrsverbund Servicegesellschaft mbH
Frankfurt am Main, Germany
Senior
Matching moments
20:42 MIN
The challenges of managing policies as code in Git
What we Learned from Reading 100+ Kubernetes Post-Mortems
02:55 MIN
Shifting security left to prevent incidents before deployment
OPA for the cloud natives
17:34 MIN
Q&A: Implementing DevOps and advocating for change
Shifting Stress to Progress— Understanding DevOps to do DevOps Better
04:57 MIN
Introducing Policy as Code and Open Policy Agent
Decoupled Authorization using Policy as Code
23:29 MIN
Implementing and enforcing supply chain policies
Securing your application software supply-chain
13:07 MIN
How to introduce policy enforcement gradually
What we Learned from Reading 100+ Kubernetes Post-Mortems
06:10 MIN
Exploring the core principles of DevSecOps
DevSecOps: Security in DevOps
30:46 MIN
Introducing Open Policy Agent for custom policies
A practical guide to writing secure Dockerfiles
Featured Partners
Related Videos
58:40Platform Engineering vs. DevOps Why not both?
Christian Strack
46:37What Developers Get Wrong About Application Quality
Chris Riley
43:00Shipping Quality Software In Hostile Environments
Luka Kladaric
56:19Plan CI/CD on the Enterprise level!
Pawel Piwosz
32:55Open Source Secure Software Supply Chain in action
Natale Vinto
37:46Shifting Stress to Progress— Understanding DevOps to do DevOps Better
Sonal Patil
50:23Retooling and refactoring - an investment in people.
Andrew Holway
30:46Charting the Journey to Continuous Deployment with a Value Stream Map
Josh Armitage
From learning to earning
Jobs that call for the skills explored in this talk.
DevOps Engineer - Azure - Kubernetes - Terraform
Opus Recruitment Solutions
Reading, United Kingdom
€64K
Java
Azure
DevOps
Terraform
+2
DevOps Engineer
Socium - Teams Done Differently
Barcelona, Spain
Remote
DevOps
Kubernetes
Continuous Integration
