A SANS Survey: Rethinking the Sec in DevSecOps: Security as Code
As IT workloads move to the cloud, organizations face a fundamental shift in how to develop and deliver systems and in their security practices. Deploying and running production systems has become abstracted from the underlying hardware and network. Infrastructure is defined through code, and operations work through cloud service APIs.
Security has moved away from selecting and implementing network appliances and writing checklists to Security as Code: reviewing infrastructure and service configuration templates, understanding how to correctly use cloud security services and APIs, and writing automated tests and continuous compliance policies.
Security as Code represents the future of security. What does this mean to security professionals, to their priorities, to their training, and to the investments that they make in technology and tooling?
This survey, the eighth in an annual series that focuses on application security and DevOps, examines the following with regard to DevSecOps in the cloud:
Discover now what is new in application security and DevOps.