Policy Design in the Age of Digital Adoption

By : Ricardo Ferreira

Policy Design in the Age of Digital Adoption

By: Ricardo Ferreira

Overview of this book

Policy as Code (PaC) is a powerful paradigm that enables organizations to implement, validate, and measure policies at scale. Policy Design in the Age of Digital Adoption is a comprehensive guide to understanding policies, their design, and implementation for cloud environments using a DevOps-based framework. You'll discover how to create the necessary automation, its integration, and which stakeholders to involve. Complete with essential concepts, practical examples, and self-assessment questions, this book will help you understand policies and how new technologies such as cloud, microservices, and serverless leverage Policy as Code. You'll work with a custom framework to implement PaC in the organization, and advance to integrating policies, guidelines, and regulations into code to enhance the security and resilience posture of the organization. You'll also examine existing tools, evaluate them, and learn a framework to implement PaC so that technical and business teams can collaborate more effectively. By the end of this book, you'll have gained the confidence to design digital policies across your organizational environment.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Share your thoughts

Section 1: Foundation

Free Chapter

Chapter 1: Introduction to Policy Design

The why, what, and how of policies

From design theory to policy implementation

Policy design – key issues, tools, designs over time, and effectiveness

The business value of digital policies

Summary

Chapter 2: Operationalizing Policy for Highly Regulated Industries

Highly regulated industries and their policy needs

Policy through catalog controls

Access controls for enforcing policies

Summary

Chapter 3: Policy as Code a Business Enabler

Policies at speed – Policy as Code

Governance agility – automating policies

Business benefits of PaC

Summary

Section 2: Framework

Chapter 4: Framework for Digital Policies

Framework components

Exploring the framework stages

Summary

Chapter 5: Policy for Cloud-Native Environments

Technical requirements

Cloud-native environments

Native policy constructs for FaaS

Native policy constructs for CaaS

Examples of cloud-native policies

Summary

Further reading

Chapter 6: Policy Design for Hybrid Environments

Technical requirements

The challenges of hybrid environments

Policy as Code in hybrid environments

Automation, segregation, and enforcement

An example of a policy spanning hybrid environments

Summary

Chapter 7: Building a Culture of PolicyOps

Technical requirements

PolicyOps – designing, embedding, and managing policies

Policy DLC – coherence, congruence, and consistency

Agile policy design

Summary

Section 3: Tooling

Chapter 8: Policy Engines

Technical requirements

Policy engines

Pod Security Policies

Kyverno

Sentinel

Open Security Controls Assessment Language

K-Rail

jsPolicy

Summary

Chapter 9: A Primer on Open Policy Agent

Technical requirements

Open Policy Agent

Rego

Open Policy Agent extension and integration

Summary

Chapter 10: Policy as Code Tool Evaluation

Technical requirements

Cloud-native open source ecosystems

Vendor ecosystems

CSP-native capabilities

The evaluation framework

Summary

Chapter 11: Cloud Providers Policy Constructs

Technical requirements

Types of CSP policies

AWS native policy offerings

Azure native policy offerings

Google Cloud native policy offerings

Summary

Chapter 12: Integrating Policy as Code with Enterprise Workflows

Technical requirements

Integration with existing enterprise workflow software

Policy as Code automated life cycle

Designing for automated policy enforcement across the enterprise

Summary

Chapter 13: Real-World Scenarios and Architectures

Technical requirements

A cost policy scenario

An authorization policy scenario

A service migration policy scenario

A compliance enforcement scenario

Summary

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share your thoughts

Customer Reviews

5 star

4 star

3 star

2 star

1 star

PolicyOps – designing, embedding, and managing policies

PolicyOps is a framework that brings public policy methods into organizations' digital adoption. In the previous years, there has been a change in the way organizations release software, through new paradigms such as agile and DevOps.

PolicyOps as an augmentation to DevOps

PolicyOps introduces a change in how organizations establish their digital enablement by introducing policies and instruments to achieve digital adoption and integrating policies in a modern software development life cycle.

PolicyOps uses concepts from DevSecOps and can be integrated with it, such as using security best practices as part of coercive instruments to enforce policies. Still, it exceeds it, as it also uses other instruments, such as suasive instruments to drive adoption through behavioral changes.

PolicyOps, in simple terms, does the following:

Introduces public policy design into digital transformation
Uses...

Policy Design in the Age of Digital Adoption

By : Ricardo Ferreira

Policy Design in the Age of Digital Adoption

By: Ricardo Ferreira

Overview of this book

Related Content you might be interested in

Current Title:

Policy Design in the Age of Digital Adoption

Cybersecurity and Privacy Law Handbook.

Cloud Auditing Best Practices

Mastering Cloud Security Posture Management (CSPM)

PolicyOps – designing, embedding, and managing policies

PolicyOps as an augmentation to DevOps