A SANS Survey: Rethinking the Sec in DevSecOps: Security as Code

As IT workloads move to the cloud, organizations face a fundamental shift in how to develop and deliver systems and in their security practices. Deploying and running production systems has become abstracted from the underlying hardware and network. Infrastructure is defined through code, and operations work through cloud service APIs.

Security has moved away from selecting and implementing network appliances and writing checklists to Security as Code: reviewing infrastructure and service configuration templates, understanding how to correctly use cloud security services and APIs, and writing automated tests and continuous compliance policies.

Security as Code represents the future of security. What does this mean to security professionals, to their priorities, to their training, and to the investments that they make in technology and tooling?

This survey, the eighth in an annual series that focuses on application security and DevOps, examines the following with regard to DevSecOps in the cloud:

  • What do security teams need to understand about software development to meet the demand of high-velocity delivery?
  • What skills enable security teams to architect secure cloud services and ensure that they catch and fix vulnerabilities as early as possible?
  • What impact do the different cloud architectures and platforms have on this effort, including risks, strengths, and weaknesses?
  • Discover now what is new in application security and DevOps.

    Resource Details

    Micro Focus logo
    Provided by:
    Micro Focus