Story image

Exclusive: GitHub's seamless approach to helping businesses stay agile and compliant

16 Jul 18

Europe’s GDPR and Australia’s Notifiable Data Breaches regulations are presenting new security and compliance challenges for businesses today.

Regulations like those may signal warning bells for risk-averse organisations that are putting off the adoption of cloud-based technologies because of potential vulnerabilities.  But they’re also sacrificing rapid collaboration that’s essential to remaining competitive.

Matthew J. McCullough, GitHub’s VP of Field Services, explains that enterprises are facing a few key compliance issues at the moment – one of which is the pressure of digitisation.

Those in software are facing the challenge of being fast from idea to market.

“The difference between the winners and losers in this space is usually how quickly they can take that idea and then bring it to their customers,” he says.

GitHub APAC director Sam Hunt provides the example of the financial services industry, which is propped up by banks that are competing based on how customers access their services.

“Businesses now need to take new considerations about how they handle people’s data because it’s now digital and tied into applications. They’re asking, what are the auditability processes and what overheads do we put on our developers so we adhere to the national and global regulations,” Hunt says.

McCullough adds that traditionally productivity and compliance would be at odds with each other because more layers and complexity slow down the time-to-market.

Moving fast by leveraging existing resources

With GitHub, the old way of thinking has been turned on its head with the help of its 28 million developers - and their creations. There is also a dedicated space for enterprises that wish to leverage open source to tailor specific projects to their own needs.

GitHub Enterprise can operate on an existing enterprise infrastructure, which means it is governed by existing information security controls: from firewalls and VPNs, to IAM and monitoring systems.

This on-premise solution can help enterprises avoid the regulatory compliance issues such as data sovereignty and location when you using cloud-based solutions.

Some of Australia’s largest organisations like National Australia Bank, Xero, and REA Group are taking advantage of GitHub Enterprise.  

They are all adopting agile practices as to how they build code and taking things to market quicker than other legacy businesses.

Using automation in the auditing process can ensure higher levels of compliance

Automation is also a key part of speeding up time-to-market and reducing administration costs, even with auditability requirements.

“That’s something you can’t really do in silos or an unmanaged environment, but with GitHub Enterprise you can build automation around what you need as an audit to comply,” says Hunt.

GitHub Enterprise also offers a number of key security features and services as part of its commitment to one of the few developer-oriented companies that takes a strong stance on privacy. 

Its security component is also human-centric because it keeps all components separate.

“Users have a single identity that allows you to participate in open source and multiple employment opportunities at the same time. We use partitioning so users can have their hobbies space, first employer space, and some side work if they want to do contracting on the side,” McCullough explains.

GitHub Enterprise also improves auditability by capturing decision-making processes, which ties the project management process to the code that is being developed.

“Audit trails give businesses the ability to look up what happened without pre-empting it with massive brick walls that stop people collaborating with one another. Further, we have two-factor authentication. They provide confidence that the people working on that piece are who they say they are,” McCullough says.

“Auditability and traceability have replaced the practice of locking a project down and excluding people, which was the traditional way of doing things,” he continues.

 “That ties into things like who is allowed to take code from the development space to where it goes into production. That’s a must for any agile organisation,” Hunt adds.

“Even building automated compliance checks on top of that can also make sure the code meets a number of checks that you’ve pre-defined.”

Ensuring collaboration and transparency with contractors

Hunt says that many organisations across Asia-Pacific struggle with the lack of in-house resources, particularly in an era when the technology skills shortage is a major roadblock to agility.

Subcontracting is one way to address the issue, and this can allow enterprises to seamlessly collaborate with skilled developers on the same project.

GitHub’s distributed platform means organisations can introduce their contractors to the platform and maintain control, transparency and collaboration around what the contractors are doing.

Better communication means better code while allowing collaboration, especially when there’s a global shortage of skilled developers, Hunt says.

What’s ahead for the future of your business with GitHub? Helping businesses develop faster while maintaining compliance will remain one of the company’s core missions, while automated security checks and the infinite power of collaboration will no doubt lead the most agile businesses into another digital revolution.

Don’t let compliance issues strangle your developers’ true potential:

Learn more about GitHub Enterprise today.

A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.