A proven methodology to build a PolicyOps function and public policy design frameworks for digital adoption, supporting your organization's journey into new paradigms and service models such as Cloud, SaaS, CaaS, FaaS, and DevOps

What’s inside

• Insights into understanding and defining policies that can be consumed across the business
• Ways to leverage a framework to embed Policy as Code into the organization
• Comprehensive guidelines on how to use Open Policy Agent and its powerful policy language, Rego

You’ll get the most out of this book if

• You’re a decision-maker, such as chief information officers (CIOs) or a chief information security officer (CISO) responsible for affecting change horizontally in an organization
• You’re a cloud or DevOps architect, engineer, or simply involved in designing, implementing, and measuring policies in your organization
• You have a basic understanding of concepts such as cloud-native technologies, Infrastructure as Code, DevOps, and automation

What your journey will look like

Your journey to understanding policies, their design, and implementation for cloud environments using a DevOps-based framework will include a variety of detailed explanations and examples. As you progress, you'll discover how to create the necessary automation, its integration, and which stakeholders to involve.

After learning how to work with a custom framework to implement PaC in the organization, you’ll move on to integrating policies, guidelines, and regulations into code to enhance the security and resilience posture of the organization. You'll also examine existing tools, evaluate them, and learn a framework to implement PaC.

Some of the things you’ll learn from this book

• Key policies, guidelines, regulations and how they fit together in an organization
• Policy-related current challenges brought by digital transformation regarding policies
• Open Policy Engine (OPA) and other policy engines for different environments
• The latest developments in PaC through a review of the literature, toolset, and usage
• How the PaC framework can develop trust at scale, leveraging patterns and best practices
• Tool evaluation and selection using real-world examples

Table of Contents

1. Introduction to the Policy Design Theory
2. Operationalizing Policy for Highly Regulated Industries
3. Policy as Code as a Business Enabler
4. Framework for Digital Policies
5. Policy for Cloud-Native Environments
6. Policy Design for Hybrid Environments
7. Building a Culture of PolicyOps
8. Policy Engines
9. A Primer on Open Policy Agent
10. Policy as Code Tool Evaluation
11. Cloud Providers Policy Constructs
12. Integration with Existing Enterprise Workflows
13. Real-World Scenarios and Architecture

About the Author

Ricardo Ferreira MSc is a technologist that loves to democratize technology. His career has been diverse, ranging from technical contributor to senior management in a Big Four where he advised some of the largest financial organizations how to adopt Cloud securely. This variety of experiences gave him a holistic understanding of organizations' challenges when adopting new emerging technologies, and how to drive policies for digital enablement.

Currently, Ricardo is an EMEA CISO for Fortinet, aligned with sales and marketing, engaging with CxOs to drive cybersecurity awareness where he helps customers adopt information security strategies. He is an active member of the cyber security industry, contributing to CNCF and CSA computing standards.