DevOps teams push software changes directly to production multiple times each day. Agile teams deliver working software every week. This continuous change means that the targets and risks for security and compliance are constantly changing.
Security must become agile and iterative.
Compliance needs to be done continuously, on every change.
In order to reach this, security teams need to collaborate with developers and operations engineers, share their tools and practices. Security engineers need to learn to think and work like developers, and apply the same agile, incremental methods to continuously improve the security program.
This SANS survey focuses on application security and DevOps in the cloud to understand the keys to DevSecOps success.
Written by Jim Bird and Eric Johnson
Advisor: Frank Kim
June 2021 SANS Survey