Exclusive: GitHub's seamless approach to helping businesses stay agile and compliant
Europe’s GDPR and Australia’s Notifiable Data Breaches regulations are presenting new security and compliance challenges for businesses today.
Regulations like those may signal warning bells for risk-averse organisations that are putting off the adoption of cloud-based technologies because of potential vulnerabilities. But they’re also sacrificing rapid collaboration that’s essential to remaining competitive.
Matthew J. McCullough, GitHub’s VP of Field Services, explains that enterprises are facing a few key compliance issues at the moment – one of which is the pressure of digitisation.
Those in software are facing the challenge of being fast from idea to market.
“The difference between the winners and losers in this space is usually how quickly they can take that idea and then bring it to their customers,” he says.
GitHub APAC director Sam Hunt provides the example of the financial services industry, which is propped up by banks that are competing based on how customers access their services.
“Businesses now need to take new considerations about how they handle people’s data because it’s now digital and tied into applications. They’re asking, what are the auditability processes and what overheads do we put on our developers so we adhere to the national and global regulations,” Hunt says.
McCullough adds that traditionally productivity and compliance would be at odds with each other because more layers and complexity slow down the time-to-market.
Moving fast by leveraging existing resources
With GitHub, the old way of thinking has been turned on its head with the help of its 28 million developers - and their creations. There is also a dedicated space for enterprises that wish to leverage open source to tailor specific projects to their own needs.
GitHub Enterprise can operate on an existing enterprise infrastructure, which means it is governed by existing information security controls: from firewalls and VPNs, to IAM and monitoring systems.
This on-premise solution can help enterprises avoid the regulatory compliance issues such as data sovereignty and location when you using cloud-based solutions.
Some of Australia’s largest organisations like National Australia Bank, Xero, and REA Group are taking advantage of GitHub Enterprise.
They are all adopting agile practices as to how they build code and taking things to market quicker than other legacy businesses.
Using automation in the auditing process can ensure higher levels of compliance
Automation is also a key part of speeding up time-to-market and reducing administration costs, even with auditability requirements.
“That’s something you can’t really do in silos or an unmanaged environment, but with GitHub Enterprise you can build automation around what you need as an audit to comply,” says Hunt.
GitHub Enterprise also offers a number of key security features and services as part of its commitment to one of the few developer-oriented companies that takes a strong stance on privacy.
Its security component is also human-centric because it keeps all components separate.
“Users have a single identity that allows you to participate in open source and multiple employment opportunities at the same time. We use partitioning so users can have their hobbies space, first employer space, and some side work if they want to do contracting on the side,” McCullough explains.
GitHub Enterprise also improves auditability by capturing decision-making processes, which ties the project management process to the code that is being developed.
“Audit trails give businesses the ability to look up what happened without pre-empting it with massive brick walls that stop people collaborating with one another. Further, we have two-factor authentication. They provide confidence that the people working on that piece are who they say they are,” McCullough says.
“Auditability and traceability have replaced the practice of locking a project down and excluding people, which was the traditional way of doing things,” he continues.
“That ties into things like who is allowed to take code from the development space to where it goes into production. That’s a must for any agile organisation,” Hunt adds.
“Even building automated compliance checks on top of that can also make sure the code meets a number of checks that you’ve pre-defined.”
Ensuring collaboration and transparency with contractors
Hunt says that many organisations across Asia-Pacific struggle with the lack of in-house resources, particularly in an era when the technology skills shortage is a major roadblock to agility.
Subcontracting is one way to address the issue, and this can allow enterprises to seamlessly collaborate with skilled developers on the same project.
GitHub’s distributed platform means organisations can introduce their contractors to the platform and maintain control, transparency and collaboration around what the contractors are doing.
Better communication means better code while allowing collaboration, especially when there’s a global shortage of skilled developers, Hunt says.
What’s ahead for the future of your business with GitHub? Helping businesses develop faster while maintaining compliance will remain one of the company’s core missions, while automated security checks and the infinite power of collaboration will no doubt lead the most agile businesses into another digital revolution.