DEVOPSdigest

CloudBees announced CloudBees Compliance, a real-time compliance and risk analysis capability that spans all aspects of software delivery, from commit through production.

CloudBees Compliance, which will be available in the first quarter of 2022, gives enterprises continuous compliance enforcement, providing peace of mind through ‘always-on’ compliance. As organizations accelerate the pace and the volume at which they release business value through software, CloudBees Compliance is able to assert the compliance of code, binary artifacts, data, identity and infrastructure environments in a transparent and continuous fashion. It also provides developers with instant, targeted, actionable feedback so issues can be fixed at the source.

The underlying technology for CloudBees Compliance, which extends the robust compliance and security capabilities of the CloudBees Platform, was acquired from Neuralprints. CloudBees Compliance will be available for both SaaS and self-managed deployments.

“Shifting left is not enough for enterprises that are highly regulated, highly complex and operating at extraordinary scale,” said Stephen DeWitt, CloudBees CEO. “Putting code into production that doesn’t work, whatever the reason, isn’t a viable option – the risks and costs are just too high. What enterprises want and need is immediate and actionable feedback at every point of the software delivery lifecycle so that they have the peace of mind of being compliant at all times, all while enabling developers to focus on creating business value. CloudBees Compliance lets developers focus on writing code, lets security and compliance teams ‘set it and forget it,’ and lets CISOs sleep better at night knowing risk is constantly assessed and issues are identified and routed immediately to be addressed.”

CloudBees Compliance runs as an integral, always-on, part of the software delivery process, continuously verifying code, binary artifacts, data, identity and infrastructure compliance at every stage so developers can address issues in real time. With the launch of this new capability, developers no longer need to be security experts, learn disparate tools or keep up to date on changing regulations. CloudBees Compliance uses a common repository of rules to check compliance, then deduplicates alerts across affected files to eliminate false-positive alert storms. In addition, CloudBees Compliance allows teams to set their own custom thresholds based on their risk tolerance and aggregates data from multiple security tools to provide a clear and reliable risk position for each release. After code is released to production, CloudBees Compliance continues to verify code against the rules and adapts to policy changes.

“Security and compliance must happen continuously behind the scenes so that we can all stop worrying about issues after the train has left the station and just focus on delivering great software right out of the gate,” said Prakash Sethuraman, Chief Information Security Officer, CloudBees. “Until now, teams have waited to see what breaks before they’ve been able to fix it. Now, they can set the policies and controls centrally, find issues along the way and have the information they need at their fingertips to fix the most important problems right away.”

CloudBees plans to establish a program for security vendors, consulting firms and risk management partners to create compliance solutions and services that combine CloudBees Compliance with their knowledge and expertise as value-added offerings for their customers.