sb-au logo
Story image

Exclusive: GitHub's seamless approach to helping businesses stay agile and compliant

16 Jul 2018

Europe’s GDPR and Australia’s Notifiable Data Breaches regulations are presenting new security and compliance challenges for businesses today.

Regulations like those may signal warning bells for risk-averse organisations that are putting off the adoption of cloud-based technologies because of potential vulnerabilities.  But they’re also sacrificing rapid collaboration that’s essential to remaining competitive.

Matthew J. McCullough, GitHub’s VP of Field Services, explains that enterprises are facing a few key compliance issues at the moment – one of which is the pressure of digitisation.

Those in software are facing the challenge of being fast from idea to market.

“The difference between the winners and losers in this space is usually how quickly they can take that idea and then bring it to their customers,” he says.

GitHub APAC director Sam Hunt provides the example of the financial services industry, which is propped up by banks that are competing based on how customers access their services.

“Businesses now need to take new considerations about how they handle people’s data because it’s now digital and tied into applications. They’re asking, what are the auditability processes and what overheads do we put on our developers so we adhere to the national and global regulations,” Hunt says.

McCullough adds that traditionally productivity and compliance would be at odds with each other because more layers and complexity slow down the time-to-market.

Moving fast by leveraging existing resources

With GitHub, the old way of thinking has been turned on its head with the help of its 28 million developers - and their creations. There is also a dedicated space for enterprises that wish to leverage open source to tailor specific projects to their own needs.

GitHub Enterprise can operate on an existing enterprise infrastructure, which means it is governed by existing information security controls: from firewalls and VPNs, to IAM and monitoring systems.

This on-premise solution can help enterprises avoid the regulatory compliance issues such as data sovereignty and location when you using cloud-based solutions.

Some of Australia’s largest organisations like National Australia Bank, Xero, and REA Group are taking advantage of GitHub Enterprise.  

They are all adopting agile practices as to how they build code and taking things to market quicker than other legacy businesses.

Using automation in the auditing process can ensure higher levels of compliance

Automation is also a key part of speeding up time-to-market and reducing administration costs, even with auditability requirements.

“That’s something you can’t really do in silos or an unmanaged environment, but with GitHub Enterprise you can build automation around what you need as an audit to comply,” says Hunt.

GitHub Enterprise also offers a number of key security features and services as part of its commitment to one of the few developer-oriented companies that takes a strong stance on privacy. 

Its security component is also human-centric because it keeps all components separate.

“Users have a single identity that allows you to participate in open source and multiple employment opportunities at the same time. We use partitioning so users can have their hobbies space, first employer space, and some side work if they want to do contracting on the side,” McCullough explains.

GitHub Enterprise also improves auditability by capturing decision-making processes, which ties the project management process to the code that is being developed.

“Audit trails give businesses the ability to look up what happened without pre-empting it with massive brick walls that stop people collaborating with one another. Further, we have two-factor authentication. They provide confidence that the people working on that piece are who they say they are,” McCullough says.

“Auditability and traceability have replaced the practice of locking a project down and excluding people, which was the traditional way of doing things,” he continues.

 “That ties into things like who is allowed to take code from the development space to where it goes into production. That’s a must for any agile organisation,” Hunt adds.

“Even building automated compliance checks on top of that can also make sure the code meets a number of checks that you’ve pre-defined.”

Ensuring collaboration and transparency with contractors

Hunt says that many organisations across Asia-Pacific struggle with the lack of in-house resources, particularly in an era when the technology skills shortage is a major roadblock to agility.

Subcontracting is one way to address the issue, and this can allow enterprises to seamlessly collaborate with skilled developers on the same project.

GitHub’s distributed platform means organisations can introduce their contractors to the platform and maintain control, transparency and collaboration around what the contractors are doing.

Better communication means better code while allowing collaboration, especially when there’s a global shortage of skilled developers, Hunt says.

What’s ahead for the future of your business with GitHub? Helping businesses develop faster while maintaining compliance will remain one of the company’s core missions, while automated security checks and the infinite power of collaboration will no doubt lead the most agile businesses into another digital revolution.

Don’t let compliance issues strangle your developers’ true potential:

Learn more about GitHub Enterprise today.

Story image
Hybrid IAM solutions are the way of the future, study states
“As this first-of-its-kind research shows, while IT leaders are faced with unique criteria and conditions that shape their IT strategy, hybrid IAM has emerged as a necessity."More
Story image
Dell Technologies unveils new data protection innovations for hybrid cloud workloads
The Dell EMC PowerProtect Backup Service, powered by Druva, is designed to deliver SaaS app protection without increasing IT complexity.More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More
Story image
FortiGuard appoints former cyber warfare officer
Former RAAF cyber warfare officer Mark Robson has been appointed as senior tactical threat analyst in FortiGuard’s managed detection and response team, FortiResponder.More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More