Story image

Exclusive: GitHub's seamless approach to helping businesses stay agile and compliant

16 Jul 2018

Europe’s GDPR and Australia’s Notifiable Data Breaches regulations are presenting new security and compliance challenges for businesses today.

Regulations like those may signal warning bells for risk-averse organisations that are putting off the adoption of cloud-based technologies because of potential vulnerabilities.  But they’re also sacrificing rapid collaboration that’s essential to remaining competitive.

Matthew J. McCullough, GitHub’s VP of Field Services, explains that enterprises are facing a few key compliance issues at the moment – one of which is the pressure of digitisation.

Those in software are facing the challenge of being fast from idea to market.

“The difference between the winners and losers in this space is usually how quickly they can take that idea and then bring it to their customers,” he says.

GitHub APAC director Sam Hunt provides the example of the financial services industry, which is propped up by banks that are competing based on how customers access their services.

“Businesses now need to take new considerations about how they handle people’s data because it’s now digital and tied into applications. They’re asking, what are the auditability processes and what overheads do we put on our developers so we adhere to the national and global regulations,” Hunt says.

McCullough adds that traditionally productivity and compliance would be at odds with each other because more layers and complexity slow down the time-to-market.

Moving fast by leveraging existing resources

With GitHub, the old way of thinking has been turned on its head with the help of its 28 million developers - and their creations. There is also a dedicated space for enterprises that wish to leverage open source to tailor specific projects to their own needs.

GitHub Enterprise can operate on an existing enterprise infrastructure, which means it is governed by existing information security controls: from firewalls and VPNs, to IAM and monitoring systems.

This on-premise solution can help enterprises avoid the regulatory compliance issues such as data sovereignty and location when you using cloud-based solutions.

Some of Australia’s largest organisations like National Australia Bank, Xero, and REA Group are taking advantage of GitHub Enterprise.  

They are all adopting agile practices as to how they build code and taking things to market quicker than other legacy businesses.

Using automation in the auditing process can ensure higher levels of compliance

Automation is also a key part of speeding up time-to-market and reducing administration costs, even with auditability requirements.

“That’s something you can’t really do in silos or an unmanaged environment, but with GitHub Enterprise you can build automation around what you need as an audit to comply,” says Hunt.

GitHub Enterprise also offers a number of key security features and services as part of its commitment to one of the few developer-oriented companies that takes a strong stance on privacy. 

Its security component is also human-centric because it keeps all components separate.

“Users have a single identity that allows you to participate in open source and multiple employment opportunities at the same time. We use partitioning so users can have their hobbies space, first employer space, and some side work if they want to do contracting on the side,” McCullough explains.

GitHub Enterprise also improves auditability by capturing decision-making processes, which ties the project management process to the code that is being developed.

“Audit trails give businesses the ability to look up what happened without pre-empting it with massive brick walls that stop people collaborating with one another. Further, we have two-factor authentication. They provide confidence that the people working on that piece are who they say they are,” McCullough says.

“Auditability and traceability have replaced the practice of locking a project down and excluding people, which was the traditional way of doing things,” he continues.

 “That ties into things like who is allowed to take code from the development space to where it goes into production. That’s a must for any agile organisation,” Hunt adds.

“Even building automated compliance checks on top of that can also make sure the code meets a number of checks that you’ve pre-defined.”

Ensuring collaboration and transparency with contractors

Hunt says that many organisations across Asia-Pacific struggle with the lack of in-house resources, particularly in an era when the technology skills shortage is a major roadblock to agility.

Subcontracting is one way to address the issue, and this can allow enterprises to seamlessly collaborate with skilled developers on the same project.

GitHub’s distributed platform means organisations can introduce their contractors to the platform and maintain control, transparency and collaboration around what the contractors are doing.

Better communication means better code while allowing collaboration, especially when there’s a global shortage of skilled developers, Hunt says.

What’s ahead for the future of your business with GitHub? Helping businesses develop faster while maintaining compliance will remain one of the company’s core missions, while automated security checks and the infinite power of collaboration will no doubt lead the most agile businesses into another digital revolution.

Don’t let compliance issues strangle your developers’ true potential:

Learn more about GitHub Enterprise today.

Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."