With more technology leaders moving their companies to the cloud and adopting new security tools, keeping up with changing compliance standards has become a more urgent requirement for IT teams everywhere \u2014 especially as new security tools are rolled out. Specifically with containers, the nature of these environments require IT and legal managers to view compliance standards in a new way. A decade ago, compliance was an activity that a team of people conduct annually against a fairly static environment. However, with today\u2019s threats and risks, compliance needs to transition into an ongoing activity that can be done continuously through software and deliver both visibility and policy enforcement.Here are three points to consider when navigating compliance for containers:1. The environment changes more frequentlyAs software becomes core to almost every organization's mission, that software has to improve and adapt more quickly than in the past. That means continuous change as new features and capabilities are added. Processes that are built around rigid, manually performed annual audits aren\u2019t responsive or efficient enough to protect these software supply chains. That doesn\u2019t mean that traditional audit goes away, but it does mean that it\u2019s no longer enough.\u00a0To ensure you have the right defense and mitigations against today\u2019s threats, you need compliance tools that easily integrate into your workflows and can provide quality gates along the way. For example, it\u2019s much safer and more efficient to make sure new apps are compliant before they\u2019re allowed to be deployed, rather than reactively having to evaluate and mitigate them after they\u2019ve already been deployed. Ensuring compliance is part of the workflows that lead to change is critical to manage that increased rate of change.2. Developers are in the driver\u2019s seatInstead of going to an operations team to get an app up and running, developers often build and deploy it themselves This means that many of the traditional workflows that organizations used to check for compliance before deploying new systems may no longer be in the loop. For example, in the past your operations team may have been responsible for ensuring PCI compliance before your retail app was updated. In a model in which the dev team can push that upgrade directly to production themselves, that manual check adds friction and delays to the process, if it happens at all.\u00a0Rather than relying on manual interaction, organizations can benefit from tools that integrate directly with the workflow and stress efficiency and prevention, rather than manual tasks and reaction. For example, a tool that can integrate with the build process itself, assess compliance automatically as part of each build, and fail builds that don\u2019t meet that threshold, is both more efficient and safer than relying on manual processes. Increasingly, this automated approach will not just be desirable but virtually mandatory to keep up with the rate of change in typical environments.3. Compliance for containers is still evolvingThe compliance standards rolled out for organizations today weren\u2019t written with containers in mind. While many of the same best practices around configuration management, documentation, and consistency are equally applicable to containers, container specific compliance guidance isn\u2019t as prevalent as guidance for more established technologies like virtual machines.Thus, organizations may need to do some additional work to understand how to map existing requirements to these new technologies.The often missed fact is that the very nature of containers can actual make compliance much easier and more effective over time. The fact that containers technologies typically rely on declarative, self documenting deployment approaches and that they\u2019re usually run in an immutable fashion means that it\u2019s easier for organizations to know what they\u2019re deploying and whether it\u2019s changed.I\u2019ve worked on a few guides to help those who work with containers manage compliance, including Twistlock\u2019s PCI and HIPAA for Containers guides and the NIST Container Security Guide (SP 800-190) \u2014 and while they\u2019re valuable aids, effective compliance is more about your own people and processes than the words printed in a guide. Helping those people operate more efficiently by using tools that integrate with your build and deployment processes is critical to successfully managing compliance in today\u2019s rapidly changing software world.