O'Reilly logo

Compliance at Speed by Mark Lustig

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required


In many industries today, adhering to regulations is not optional; it is mandatory. As information technology professionals, we are constantly challenged with tight timelines for building and enhancing information systems, not just to provide new functionality, but also to ensure our systems meet the guidelines and standards for each industry.

Compliance Affects Everyone, Not Just the Big Banks

Compliance impacts all industries, and is becoming more important every day. Highly regulated industries including financial services and health care must meet strict standards for compliance. For online retailers, privacy and security standards must also be met. The social networking industry is facing regulations specific to consumer protection and the use of customer information.

No industry is immune to meeting compliance requirements, and emerging regulations create more challenges to achieving performance objectives each year, both domestically and internationally. Any website that uses, stores, or processes personal or payment information must address these challenges, notably for security and the payment card industry (PCI), but also for accessibility,access controls, confidentiality, and audit purposes.

Staying abreast of techniques to meet performance goals and compliance regulations is an emerging trend within both performance engineering (PE) and DevOps. Conferences such as Velocity are addressing these topics both tactically and strategically. Tactical, cutting-edge techniques are taking into account the needs of high-tech and web-facing companies as well as large Fortune® 500 enterprises. Strategically, the emerging cultural paradigm of DevOps is becoming more prominent at larger companies, across complex architectures that include legacy systems.

Performance Is Mandatory for Competitiveness and Business Success

Today’s complex system architectures include rich user interfaces, the ability to execute complex business transactions quickly, and the need to provide critical information to users in a variety of formats, both desktop and mobile. How do you ensure you can meet business goals when the system is made up of a combination of web servers, application servers, and multiple middleware layers, including interfaces to web services, databases, and legacy systems? How do you achieve performance goals while meeting regulatory requirements such as multifactor authentication, encryption, and storing years’ worth of online transactional data? System designers and architects must understand and manage the performance impacts of mandated features to ensure that service levels can be maintained.

In an effort to accelerate the timelines in providing new systems and enhancing functionality, we’re moving from the classic software development methodologies of the past to methodologies based on continuous deployment. Adoption of agile and continuous integration and deployment models enables system functionality to be released more quickly, without sacrificing quality. Regulated industries are struggling to adopt these methodologies, as long-standing release management and testing processes are slow to adapt to accelerated delivery models.

The trend of ubiquitous access is putting more pressure on system performance. Access patterns and user behavior are changing. The mix of concurrent types of users and concurrent access is also forcing a change in how systems are designed to support these emerging trends. We must build systems to achieve performance for all users executing business-critical transactions, regardless of whether a particular user is coming from a desktop PC, a mobile device, or a kiosk. When designing and building the system, we must test to ensure good performance for all users, at the same time.

To Minimize Reputational Risk, Performance and Compliance Objectives Must Both Be Met

Solving these challenges is not trivial. Business users demand systems that perform well and meet regulatory compliance requirements. Often the consequence of complying with mandatory regulations is a reduction of system performance.

Key tenets of performance engineering—workload characterization (e.g., types of transactions, users, volumetrics), disciplined PE processes applied across the software development life cycle, and architectural considerations of performance (load time, throughput/bandwidth)—are required for success.

Through a combination of system optimization techniques at every tier and integration point and the cooperation and commitment of the business to support performance improvement as a critical success factor, performance goals can and will be achieved.

This report outlines a disciplined process that can be followed to achieve your performance goals, while meeting compliance objectives.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required