The DevSecOps Approach to Securing Your Code and Your Cloud
DevSecOps is about collaboration. More specifically, it is continual collaboration between information security, application development and IT operations teams.
Having all three teams immersed in all development and deployment activities makes it easier for information security teams to integrate controls into the deployment pipeline without causing delays or creating issues by implementing security controls after systems are already running.
Despite the potential benefits, getting started with DevSecOps will likely require some cultural changes and considerable planning, especially when automating the configuration and security of assets in the cloud, whether the model is software-asa-service (SaaS), platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS). This paper walks you through those policies and guideline processes.