The Linux Foundation Member Summit 2022

Is it possible to make cloud compliance fun and less stressful? The main reason why cloud adoptions stall is due to lack of unified view on cloud controls and risks. A lot of enterprises today experience control sprawl because they operate in a mix of public and private cloud. The old way of doing compliance audits is to manually gather evidence once or twice a year and hope nothing bad is found during your audit. In this talk, we’ll go over the concepts of control harmonization and controls automation, and how to apply this to your current DevSecOps program. Zeal will talk about how the control harmonization efforts around Open Security Controls Assessment Language (OSCAL) that can be used to create automated control based assessments. Lastly, Ann will walk through how Shopify uses OSS tools to achieve continuous compliance at scale. You will walk away from this session with information on how you can make compliance fun or at least less painful.