Digitally enabled security means security and compliance do not depend on specialized resources and security governance board review meetings, manual documentation and long cycle times for approvals to attest that requirements have been followed.
Security design is a given, and testing is automatable so that compliance pass/no pass is instantly available and/or actionable by a development team in a sprint. Security experts focus on strategies and enabling federated processes that support streamlining adherence rather than inspection.
100 - 80 PTS
Digital product engineers can automate and otherwise act on or show that security and compliance requirements are met as part of a sprint rather than security being an inspection action after development. Compliance data gathering and auditable reporting are automated and done in real time.
Digital Execution Ready
100 - 80 PTS
There’s a strategic need to enable security and compliance automation and self-service so digital products can be launched at speed and with appropriate governance understood. Efforts to digitize a traditional security operating model expose resistance or the need for adjusting investment in security building blocks (i.e., skills, process, tools) to support the direction.
Improve this Next
Security and compliance is largely a manual process that kicks off after development is complete.
Improve this Now
Questions & Answers
The question-and-answer section outlines why the questions are important, how they are weighted, and what best practice looks like.
Do your existing security and compliance workflows enable and federate compliance over optimizing for audit and inspection?
Why we ask this:
Digital product lifecycles and Agile work management strain traditional security operating models that drive approval processes. Security compliance and the need for digital product delivery velocity cannot operate effectively if they work at cross purposes.
How we weighed this question:
Security and compliance is binary for financial institutions, so an approach that federates and automates requirements will make digital strategy and product safety part of the core.
What best looks like:
The security operating model has shifted so that digital product development teams easily translate security by design, automate compliance testing for a real-time look at issues and often can remediate issues found in a sprint. Security is engaged in digital initiative discussions. Security and other teams have transparency to compliance testing and remediation for audit and can quickly intercede to help product teams with any high-risk impediments.
Work with your CISO on the highest priority changes that help make security and compliance easy to follow, automatable and auditable. You may need to start with articulating guardrails and accountability between CISO and CIO organizations.
For a deeper understanding of Product Management mastery, read these articles. They explain how to take on Product Management, the BreakFree way