• Policy as Code: An Audit-Tech Peacekeeper with Mike Leuzinger and Andy Kolenko

  • Apr 20 2024
  • Length: 41 mins
  • Podcast

Policy as Code: An Audit-Tech Peacekeeper with Mike Leuzinger and Andy Kolenko

  • Summary

  • Summary

    In this episode, Mike Leuzinger and Andy Kolenko discuss policy as code from a technology and audit perspective. Policy as code extends infrastructure as code, allowing organizations to automate and manage policies across multiple technology stacks. It can enable continuous compliance, self-service for auditors, and more robust controls through automation. However, challenges include dealing with heterogeneity and the complexity of new technologies. Bridging the gap between technologists and auditors is crucial for successful implementation. The conversation explores the challenges and benefits of implementing policy as code in an organization. Mike, Andy, Clariss, and Bill discuss the complexity of keeping up with proprietary schemas and controls and the importance of relying on vendors and industry standards. They also touch on the responsibility of setting and managing Policy as Code, highlighting the industry's lack of established processes and ownership. The conversation emphasizes the need for collaboration between auditors and technology partners and the importance of staying updated on compliance guidance and leveraging tools like Open Policy Agent and the AWS Well-Architected Framework.

    Takeaways


    • Policy as code extends infrastructure as code, enabling organizations to automate and manage policies across multiple technology stacks.
    • Policy as code enables continuous auditing and monitoring, providing more continuous assurance to stakeholders.
    • Self-service for auditors reduces miscommunication and allows them to obtain the necessary evidence without relying on clients.
    • Policy as code strengthens controls through automation, preventing security vulnerabilities from going into production.
    • Challenges of policy as code include dealing with heterogeneity and the complexity of new technologies.
    • Bridging the gap between technologists and auditors is crucial for successfully implementing policy as code. Keeping up with proprietary schemas and controls remains challenging, and organizations should rely on vendors and industry standards to stay ahead.
    • The responsibility for setting and managing Policy as Code is still unclear, and there is a need for more established processes and ownership.
    • Collaboration between auditors and technology partners is crucial for the successful implementation of Policy as Code.

    Show More Show Less

What listeners say about Policy as Code: An Audit-Tech Peacekeeper with Mike Leuzinger and Andy Kolenko

Average Customer Ratings

Reviews - Please select the tabs below to change the source of reviews.

In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.