What this book covers
Chapter 1, Introduction to Policy Design, the introductory chapter, presents you with an overview of policies, the different types of instruments, and the most common frameworks used in policy design.
Chapter 2, Operationalizing Policy for Highly Regulated Industries, dives deep into highly regulated industries, talking about regulatory frameworks and controls and different access control mechanisms.
Chapter 3, Policy as Code as a Business Enabler, introduces Policy as Code and how it can benefit an organization, especially to bring automation and agility to traditional risk and compliance teams that haven't fully embraced the digital organization.
Chapter 4, Framework for Digital Policies, introduces a framework that can be used to design policies. The framework is based on Observe, Orient, Decide, Act (OODA) loops and discusses how challenges can be identified and policies designed, implemented, and measured.
Chapter 5, Policy for Cloud-Native Environments, covers cloud-native environments, discussing the paradigms found in these platforms, such as containers, serverless, and policies associated with these environments.
Chapter 6, Policy Design for Hybrid Environments, goes beyond cloud-native to talk about the challenges of hybrid environments, how you must consider the challenges of having heterogeneous systems, and how to establish a policy overlay across them.
Chapter 7, Building a Culture of PolicyOps, establishes the main purpose of PolicyOps, including how organizations can use this function to build digital goals and policies.
Chapter 8, Policy Engines, focuses on PEs. We cover engines such as Sentinel, K-Rail, and jsPolicy. This chapter covers small examples of each of those engines and how and when to use them.
Chapter 9, A Primer on Open Policy Agent, covers the most popular PE, Open Policy Agent. In this chapter, we discuss the engine, its language, Rego, and how to make the best use of Policy as Code, highlighting different use cases.
Chapter 10, Policy as Code Tool Evaluation, is one of the most important chapters of the book as it uses radar charts to help you evaluate PE capabilities or any other aspect the organization digital maturity. The concepts here can be applied way beyond measuring toolset capabilities.
Chapter 11, Cloud Providers Policy Constructs, focuses on the major public cloud providers' native policy capabilities and how to use them to build Policy as Code constructs.
Chapter 12, Integrating Policy as Code with Enterprise Workflows, provides an approximation of the real world as we discuss major ITSM frameworks, such as ITIL and COBIT, and how they need to be integrated with an automated policy enforcement posture across the organization.
Chapter 13, Real-World Scenarios and Architectures, discusses different scenarios using the framework from Chapter 4, Framework for Digital Policies, based on the OODA loop to identify the organizational challenge to design and implement policies.