[{"data":1,"prerenderedAt":465},["ShallowReactive",2],{"/en-us/the-source/authors/jason-morgan/":3,"footer-en-us":31,"the-source-banner-en-us":338,"the-source-navigation-en-us":350,"the-source-newsletter-en-us":378,"authors-en-us":389,"categories-en-us":421,"jason-morgan-articles-list-en-us":422},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"type":8,"slug":9,"config":10,"seo":12,"content":15,"_id":25,"_type":26,"title":14,"_source":27,"_file":28,"_stem":29,"_extension":30},"/en-us/the-source/authors/jason-morgan","authors",false,"","author","jason-morgan",{"layout":11},"the-source",{"config":13,"title":14},{"noIndex":6},"Jason Morgan",[16,23],{"type":17,"componentName":17,"componentContent":18},"TheSourceAuthorHero",{"name":14,"role":19,"headshot":20},"Staff Solutions Architect",{"altText":14,"config":21},{"src":22},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758808571/n1inburdbemlmpcg9atj.jpg",{"type":24,"componentName":24},"TheSourceArticlesList","content:en-us:the-source:authors:jason-morgan.yml","yaml","content","en-us/the-source/authors/jason-morgan.yml","en-us/the-source/authors/jason-morgan","yml",{"_path":32,"_dir":33,"_draft":6,"_partial":6,"_locale":7,"data":34,"_id":334,"_type":26,"title":335,"_source":27,"_file":336,"_stem":337,"_extension":30},"/shared/en-us/main-footer","en-us",{"text":35,"source":36,"edit":42,"contribute":47,"config":52,"items":57,"minimal":326},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":37,"config":38},"View page source",{"href":39,"dataGaName":40,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":43,"config":44},"Edit this page",{"href":45,"dataGaName":46,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":48,"config":49},"Please contribute",{"href":50,"dataGaName":51,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":53,"facebook":54,"youtube":55,"linkedin":56},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[58,85,157,225,287],{"title":59,"links":60,"subMenu":66},"Platform",[61],{"text":62,"config":63},"DevSecOps platform",{"href":64,"dataGaName":65,"dataGaLocation":41},"/platform/","devsecops platform",[67],{"title":68,"links":69},"Pricing",[70,75,80],{"text":71,"config":72},"View plans",{"href":73,"dataGaName":74,"dataGaLocation":41},"/pricing/","view plans",{"text":76,"config":77},"Why Premium?",{"href":78,"dataGaName":79,"dataGaLocation":41},"/pricing/premium/","why premium",{"text":81,"config":82},"Why Ultimate?",{"href":83,"dataGaName":84,"dataGaLocation":41},"/pricing/ultimate/","why ultimate",{"title":86,"links":87},"Solutions",[88,93,97,102,107,112,117,122,127,132,137,142,147,152],{"text":89,"config":90},"Digital transformation",{"href":91,"dataGaName":92,"dataGaLocation":41},"/topics/digital-transformation/","digital transformation",{"text":94,"config":95},"Application Security Testing",{"href":96,"dataGaName":94,"dataGaLocation":41},"/solutions/application-security-testing/",{"text":98,"config":99},"Automated software delivery",{"href":100,"dataGaName":101,"dataGaLocation":41},"/solutions/delivery-automation/","automated software delivery",{"text":103,"config":104},"Agile development",{"href":105,"dataGaName":106,"dataGaLocation":41},"/solutions/agile-delivery/","agile delivery",{"text":108,"config":109},"Cloud transformation",{"href":110,"dataGaName":111,"dataGaLocation":41},"/topics/cloud-native/","cloud transformation",{"text":113,"config":114},"SCM",{"href":115,"dataGaName":116,"dataGaLocation":41},"/solutions/source-code-management/","source code management",{"text":118,"config":119},"CI/CD",{"href":120,"dataGaName":121,"dataGaLocation":41},"/solutions/continuous-integration/","continuous integration & delivery",{"text":123,"config":124},"Value stream management",{"href":125,"dataGaName":126,"dataGaLocation":41},"/solutions/value-stream-management/","value stream management",{"text":128,"config":129},"GitOps",{"href":130,"dataGaName":131,"dataGaLocation":41},"/solutions/gitops/","gitops",{"text":133,"config":134},"Enterprise",{"href":135,"dataGaName":136,"dataGaLocation":41},"/enterprise/","enterprise",{"text":138,"config":139},"Small business",{"href":140,"dataGaName":141,"dataGaLocation":41},"/small-business/","small business",{"text":143,"config":144},"Public sector",{"href":145,"dataGaName":146,"dataGaLocation":41},"/solutions/public-sector/","public sector",{"text":148,"config":149},"Education",{"href":150,"dataGaName":151,"dataGaLocation":41},"/solutions/education/","education",{"text":153,"config":154},"Financial services",{"href":155,"dataGaName":156,"dataGaLocation":41},"/solutions/finance/","financial services",{"title":158,"links":159},"Resources",[160,165,170,175,180,185,190,195,200,205,210,215,220],{"text":161,"config":162},"Install",{"href":163,"dataGaName":164,"dataGaLocation":41},"/install/","install",{"text":166,"config":167},"Quick start guides",{"href":168,"dataGaName":169,"dataGaLocation":41},"/get-started/","quick setup checklists",{"text":171,"config":172},"Learn",{"href":173,"dataGaName":174,"dataGaLocation":41},"https://university.gitlab.com/","learn",{"text":176,"config":177},"Product documentation",{"href":178,"dataGaName":179,"dataGaLocation":41},"https://docs.gitlab.com/","docs",{"text":181,"config":182},"Blog",{"href":183,"dataGaName":184,"dataGaLocation":41},"/blog/","blog",{"text":186,"config":187},"Customer success stories",{"href":188,"dataGaName":189,"dataGaLocation":41},"/customers/","customer success stories",{"text":191,"config":192},"Remote",{"href":193,"dataGaName":194,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":196,"config":197},"GitLab Services",{"href":198,"dataGaName":199,"dataGaLocation":41},"/services/","services",{"text":201,"config":202},"TeamOps",{"href":203,"dataGaName":204,"dataGaLocation":41},"/teamops/","teamops",{"text":206,"config":207},"Community",{"href":208,"dataGaName":209,"dataGaLocation":41},"/community/","community",{"text":211,"config":212},"Forum",{"href":213,"dataGaName":214,"dataGaLocation":41},"https://forum.gitlab.com/","forum",{"text":216,"config":217},"Events",{"href":218,"dataGaName":219,"dataGaLocation":41},"/events/","events",{"text":221,"config":222},"Partners",{"href":223,"dataGaName":224,"dataGaLocation":41},"/partners/","partners",{"title":226,"links":227},"Company",[228,233,238,243,248,253,258,262,267,272,277,282],{"text":229,"config":230},"About",{"href":231,"dataGaName":232,"dataGaLocation":41},"/company/","company",{"text":234,"config":235},"Jobs",{"href":236,"dataGaName":237,"dataGaLocation":41},"/jobs/","jobs",{"text":239,"config":240},"Leadership",{"href":241,"dataGaName":242,"dataGaLocation":41},"/company/team/e-group/","leadership",{"text":244,"config":245},"Team",{"href":246,"dataGaName":247,"dataGaLocation":41},"/company/team/","team",{"text":249,"config":250},"Handbook",{"href":251,"dataGaName":252,"dataGaLocation":41},"https://handbook.gitlab.com/","handbook",{"text":254,"config":255},"Investor relations",{"href":256,"dataGaName":257,"dataGaLocation":41},"https://ir.gitlab.com/","investor relations",{"text":259,"config":260},"Sustainability",{"href":261,"dataGaName":259,"dataGaLocation":41},"/sustainability/",{"text":263,"config":264},"Diversity, inclusion and belonging (DIB)",{"href":265,"dataGaName":266,"dataGaLocation":41},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":268,"config":269},"Trust Center",{"href":270,"dataGaName":271,"dataGaLocation":41},"/security/","trust center",{"text":273,"config":274},"Newsletter",{"href":275,"dataGaName":276,"dataGaLocation":41},"/company/contact/","newsletter",{"text":278,"config":279},"Press",{"href":280,"dataGaName":281,"dataGaLocation":41},"/press/","press",{"text":283,"config":284},"Modern Slavery Transparency Statement",{"href":285,"dataGaName":286,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":288,"links":289},"Contact Us",[290,295,300,305,310,315,320],{"text":291,"config":292},"Contact an expert",{"href":293,"dataGaName":294,"dataGaLocation":41},"/sales/","sales",{"text":296,"config":297},"Get help",{"href":298,"dataGaName":299,"dataGaLocation":41},"/support/","get help",{"text":301,"config":302},"Customer portal",{"href":303,"dataGaName":304,"dataGaLocation":41},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":306,"config":307},"Status",{"href":308,"dataGaName":309,"dataGaLocation":41},"https://status.gitlab.com/","status",{"text":311,"config":312},"Terms of use",{"href":313,"dataGaName":314,"dataGaLocation":41},"/terms/","terms of use",{"text":316,"config":317},"Privacy statement",{"href":318,"dataGaName":319,"dataGaLocation":41},"/privacy/","privacy statement",{"text":321,"config":322},"Cookie preferences",{"dataGaName":323,"dataGaLocation":41,"id":324,"isOneTrustButton":325},"cookie preferences","ot-sdk-btn",true,{"items":327},[328,330,332],{"text":311,"config":329},{"href":313,"dataGaName":314,"dataGaLocation":41},{"text":316,"config":331},{"href":318,"dataGaName":319,"dataGaLocation":41},{"text":321,"config":333},{"dataGaName":323,"dataGaLocation":41,"id":324,"isOneTrustButton":325},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":339,"_dir":340,"_draft":6,"_partial":6,"_locale":7,"visibility":325,"id":341,"title":342,"button":343,"_id":347,"_type":26,"_source":27,"_file":348,"_stem":349,"_extension":30},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":344,"text":346},{"href":345},"/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":351,"_dir":11,"_draft":6,"_partial":6,"_locale":7,"logo":352,"subscribeLink":357,"navItems":361,"_id":374,"_type":26,"title":375,"_source":27,"_file":376,"_stem":377,"_extension":30},"/shared/en-us/the-source/navigation",{"altText":353,"config":354},"the source logo",{"src":355,"href":356},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":358,"config":359},"Subscribe",{"href":360},"#subscribe",[362,366,370],{"text":363,"config":364},"Artificial Intelligence",{"href":365},"/the-source/ai/",{"text":367,"config":368},"Security & Compliance",{"href":369},"/the-source/security/",{"text":371,"config":372},"Platform & Infrastructure",{"href":373},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":379,"_dir":11,"_draft":6,"_partial":6,"_locale":7,"title":380,"description":381,"submitMessage":382,"formData":383,"_id":386,"_type":26,"_source":27,"_file":387,"_stem":388,"_extension":30},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":384},{"formId":385,"formName":276,"hideRequiredLabel":325},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"amanda-rueda":390,"andre-michael-braun":391,"andrew-haschka":392,"ayoub-fandi":393,"bob-stevens":394,"brian-wald":395,"bryan-ross":396,"chandler-gibbons":397,"dave-steer":398,"ddesanto":399,"derek-debellis":400,"emilio-salvador":401,"erika-feldman":402,"george-kichukov":403,"gitlab":404,"grant-hickman":405,"haim-snir":406,"iganbaruch":407,"jason-morgan":14,"jlongo":408,"joel-krooswyk":409,"josh-lemos":410,"julie-griffin":411,"kristina-weis":412,"lee-faus":413,"ncregan":414,"rschulman":415,"sabrina-farmer":416,"sandra-gittlen":417,"sharon-gaudin":418,"stephen-walters":419,"taylor-mccaslin":420},"Amanda Rueda","Andre Michael Braun","Andrew Haschka","Ayoub Fandi","Bob Stevens","Brian Wald","Bryan Ross","Chandler Gibbons","Dave Steer","David DeSanto","Derek DeBellis","Emilio Salvador","Erika Feldman","George Kichukov","GitLab","Grant Hickman","Haim Snir","Itzik Gan Baruch","Joseph Longo","Joel Krooswyk","Josh Lemos","Julie Griffin","Kristina Weis","Lee Faus","Niall Cregan","Robin Schulman","Sabrina Farmer","Sandra Gittlen","Sharon Gaudin","Stephen Walters","Taylor McCaslin",{"ai":363,"platform":371,"security":367},{"allArticles":423,"visibleArticles":464,"showAllBtn":325},[424],{"_path":425,"_dir":426,"_draft":6,"_partial":6,"_locale":7,"slug":427,"type":428,"category":426,"config":429,"seo":432,"content":436,"_id":461,"_type":26,"title":434,"_source":27,"_file":462,"_stem":463,"_extension":30,"description":435,"date":437,"timeToRead":438,"heroImage":439,"keyTakeaways":440,"articleBody":444,"faq":445},"/en-us/the-source/security/speed-and-control-gitops-for-insurance-leaders","security","speed-and-control-gitops-for-insurance-leaders","article",{"layout":11,"template":430,"featured":6,"author":9,"sourceCTA":431,"isHighlighted":6,"authorName":14},"TheSourceArticle","beginners-guide-to-gitops",{"config":433,"title":434,"description":435},{"noIndex":6},"Speed and control: GitOps for insurance leaders","Discover how GitOps and enterprise CI/CD enable insurance companies to deploy fast while meeting strict regulatory compliance and audit requirements.",{"title":434,"description":435,"date":437,"timeToRead":438,"heroImage":439,"keyTakeaways":440,"articleBody":444,"faq":445},"2025-09-25","5 min read","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758827423/hpvkk3b8mozeqhed6daf.png",[441,442,443],"Insurance companies can achieve fast development cycles while maintaining regulatory compliance by combining GitOps tools like FluxCD with enterprise CI/CD platforms like GitLab.","Storing all deployment configs in Git creates automatic audit trails, version control, and enforced approval workflows that satisfy regulators and eliminate manual documentation.","Modern pipelines can automatically enforce separation of duties, require approvals, and block deployments that don't meet compliance rules—making governance systematic, not optional.","In conversations with insurance technology leaders, one challenge consistently emerges: How do you enable development teams to move at the speed modern customers expect while satisfying regulators who demand every change be tracked, approved, and reversible?\n\nThe answer isn't choosing between speed and control; it's combining the right tools to get both. That's where pairing GitOps tools like FluxCD with enterprise CI/CD platforms like GitLab creates something special: a deployment pipeline that's both developer-friendly and maintains the audit trails regulators require.\n\n## Why GitOps matters for insurance\n\nIf you're managing Kubernetes deployments in a regulated environment, you already know that \"just SSH in and fix it\" isn't an option. FluxCD and similar GitOps tools fundamentally change how we think about configuration management, and honestly, it's about time.\n\n### Everything lives in Git (where it belongs)\n\nWith FluxCD, your entire deployment configuration becomes code. Real, version-controlled, reviewable code. No more mystery configurations that changed three months ago and were never documented. Every YAML file, every Helm chart, every configuration parameter lives in Git repositories where they're subject to the same controls as your application code.\n\nThis isn't just about organization (though your future self will thank you during the next state insurance audit). When you treat configuration as code, you inherit all the battle-tested controls that software teams have refined over decades. Branch protection rules, pull request reviews, and signed commits aren't just for your Java or Python files anymore.\n\n### Your project becomes the single source of truth\n\nHere’s where compliance teams take notice: GitOps continuously monitors declared states and ensures clusters match what’s approved. Any drift between what’s intended and what’s running is automatically detected and reconciled.\n\nThis means your project isn't just documentation of what you think is running, it's the enforced state of your entire system. When an auditor asks, \"What version of this service was running on March 15th at 2 PM?\" you don't scramble through logs. You check the Project history. Simple, verifiable, and impossible to argue with.\n\n## Making GitOps enterprise-ready\n\nNow, having everything in Git is great, but insurers need more than just version control. They need to prove that every change followed proper procedures, met security requirements, and links to an approved business justification. This is where organizations must extend GitOps with a robust CI/CD system.\n\n### Change management that actually works\n\nInsurance CIOs and CTOs consistently cite manual change management processes as a major operational bottleneck. Their teams waste countless hours updating tickets, chasing approvals, and documenting deployments that should be automatic. Modern CI/CD pipelines solve this by integrating directly with change management systems, automatically creating and updating tickets as code moves through the deployment pipeline.\n\nEven better, these pipelines can enforce compliance rules:\n\n* Need actuarial approval for rating algorithm updates? The pipeline won’t proceed without it.\n* Require compliance review for underwriting logic? The deployment halts until sign-off.\n\nThis isn’t security theater — it’s real enforcement, applied consistently and automatically.\n\n### Separation of duties made simple\n\nInsurance regulators, whether state departments or international bodies like EIOPA, emphasize the separation of duties. The person who writes the code for premium calculations shouldn't be the one who approves it for production. Modern CI/CD platforms make this straightforward to implement and, more importantly, impossible to bypass.\n\nDevelopers can push code all day long, but they can't approve their own merge requests. They can't trigger production deployments without passing the necessary control gates. They can't modify audit logs. These aren't suggestions or guidelines; they're system-enforced rules that work across your entire development lifecycle.\n\n### A policy engine that speaks \"compliance\"\n\nThis is where [enterprise CI/CD platforms](https://about.gitlab.com/blog/ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation/) really earn their keep in insurance environments. Based on implementations I've overseen, the most successful platforms include comprehensive policy engines that can enforce virtually any requirement your compliance team requires:\n\n* **Permissions that make sense**: Role-based access control that maps to your actual organizational structure, not some generic \"admin/user\" split\n* **Audit trails that tell the whole story**: Not just who did what, but why they did it, who approved it, and what controls were validated\n* **Artifact management that satisfies regulators**: Automatic retention of build artifacts, deployment manifests, and security scan results for whatever period your regulations require\n* **Change window enforcement**: Block deployments during freeze periods, require additional approvals for emergency changes, or restrict certain types of changes to specific maintenance windows\n\n## GitOps and insurance: Better together\n\nIn my recent engagements with insurers ranging from regional carriers to global reinsurers, I've observed a clear pattern in successful GitOps adoptions. The magic happens when you pair GitOps approaches with enterprise controls, creating a deployment pipeline that developers actually want to use and that satisfies insurance compliance teams.\n\nDevelopers get to work with familiar Git workflows. They push code for new coverage types, create merge requests for claims automation improvements, and see their changes automatically deployed. No special deployment tools to learn, no manual steps to forget, no \"works in my machine\" mysteries when the new mobile claims app behaves differently in production.\n\nMeanwhile, your governance teams — who in insurance often report directly to the board's risk committee — get comprehensive audit trails, enforced approval workflows, and the ability to prove compliance without manual documentation. Every deployment is traceable from commit to production, with all the required approvals and security scans documented along the way.\n\nThe result? Your most advanced teams can iterate quickly, deploy frequently, and innovate confidently, all while maintaining the iron-clad controls that financial services require. It's not about choosing between moving fast and maintaining control. With the right tooling, you genuinely can have both.\n\n## Ready to see this in action?\n\nIf you're curious about how this approach could work in your organization, we're bringing the [Financial Services Roadshow](https://about.gitlab.com/events/financial-services-roadshow/) to several cities in the coming months. You'll see real-world implementations, hear from organizations that have made this transition, and get hands-on experience with the tools and workflows discussed here.",[446,449,452,455,458],{"header":447,"content":448},"How does GitOps help insurance companies balance speed and regulatory compliance?","GitOps enables insurance companies to deploy fast while meeting strict compliance requirements by combining tools like FluxCD with enterprise CI/CD platforms. All deployment configurations become version-controlled code in Git repositories, creating automatic audit trails and enforced approval workflows. This approach satisfies regulators while enabling developer-friendly deployment pipelines.",{"header":450,"content":451},"What makes GitOps configuration management suitable for regulated insurance environments?","GitOps treats entire deployment configurations as real, version-controlled, reviewable code stored in Git repositories. Every YAML file, Helm chart, and configuration parameter is subject to the same controls as application code, including branch protection rules and pull request reviews. This creates a single source of truth that's continuously monitored and automatically reconciled.",{"header":453,"content":454},"How do modern CI/CD pipelines enforce separation of duties for insurance compliance?","CI/CD platforms make separation of duties system-enforced rules rather than guidelines. Developers can push code but cannot approve their own merge requests or trigger production deployments without passing control gates. The person writing premium calculation code cannot approve it for production, and nobody can modify audit logs or bypass necessary approvals.",{"header":456,"content":457},"What compliance features do enterprise CI/CD platforms provide for insurance companies?","Enterprise platforms include comprehensive policy engines with role-based access control mapping to organizational structures, complete audit trails showing who did what and why with approval documentation, automatic retention of build artifacts and security scan results, and change window enforcement that blocks deployments during freeze periods.",{"header":459,"content":460},"How does storing deployment configurations in Git benefit insurance audits?","When deployment configurations live in Git, every change is tracked with complete version history, making audits straightforward. Instead of scrambling through logs when auditors ask about system states on specific dates, teams can check Git project history for simple, verifiable, and impossible-to-argue-with documentation of exactly what was running when.","content:en-us:the-source:security:speed-and-control-gitops-for-insurance-leaders.yml","en-us/the-source/security/speed-and-control-gitops-for-insurance-leaders.yml","en-us/the-source/security/speed-and-control-gitops-for-insurance-leaders",[424],1759517438685]