Applying DevSecOps to Address Cloud Security Challenges - Trignon

1
Applying DevSecOps to Address Cloud Security
Challenges
2
Driven by the encouragement from 2018 progress,
cloud technology is poised to be even bigger in
2019. However, one major hurdle continues to
haunt the cloud trend security.
An overwhelming number of firms in the IT
industry are preparing for cloud adoption, yet
security continues to be a big question for many
of them. Early DevOps adopters faced a similar
challenge in their early stages of DevOps
implementation. They relied on a wide variety of
DevOps tools to address their issue completely.
3
Today, however, DevSecOps is making a big
difference in the IT industry, including security
and ensuring a seamless software development life
cycle (SDLC). Breaking the regular trend of
having security as a separate process, DevSecOps
calls for security integration across all stages
of the software process chain, addressing
security concerns at the very first instance of
every stage. The same DevSecOps now comes as a
savior for cloud, too.
4
Applying DevSecOps to Cloud
Last year saw the cloud market taking a new
position in the IT industry, driven by the wide
penetration of leading cloud computing service
providers Amazon Web Services (AWS), Microsoft
Azure, Google Cloud Platform (GCP), Oracle Cloud
and IBM Cloud, among others. To stay relevant
in todays market, many IT firms have begun their
efforts to achieve high and highly scalable
performance with all-round digital
transformation. Yet, security limitations
associated with cloud continues to be a concern
many of these organizations. DevSecOps principles
can help. Many research reports show that the
majority of firms working on the cloud have high
reliability on DevSecOps tools and principles for
improved agility and high reliability.
DevSecOps approach to cloud security requires
detailed planning that might even demand cultural
change in an IT environment, especially for
security automation and configuration of cloud
assets.
5
The planning requires security teams to

• Collaborate with development teams as they move
  code to cloud alongside close monitoring of
  quality in the production cycle.
• Work with the quality analysis and development
  teams in deciding qualifier and parameter aspects
  required for code promotion.

Overall, DevSecOps principles offer security
advantage along with software agility and high
reliability across the life cycle.
6
Implementing DevSecOps in Cloud
Following six factors decide the success of
DevSecOps implementation in a cloud environment
7
1. Code Analysis Continuous improvements to
software mean revisiting code, which also
reflects in code analysis, quality assurance and
delivery cycles. 2. Automated Testing
Automated testing minimizes efforts and also
saves time. As a key aspect of DevSecOps process,
automated testing makes the testing process
easier through easy execution of repeatable
cases. 3. Change Management Linking teams and
making them aware of each others operations,
wherever required, is an important aspect of
change management. Keeping developers informed
about security-related activities helps in timely
address of existing and possible
vulnerabilities. 4. Compliance Monitoring
Compliance continues to play a key role in an
organizations growth path as part of corporate
governance. Regulations help in the creation of
code and also in modifying the source code. This
helps in real time at times of audit.
8
5. Threat Investigation Threat investigation
is important to defining the security readiness
of any organization. Its important for
organizations to have a close and continuous
watch on discovering possible threats, regular
security scans and code reviews to address
security challenges. 6. Personnel Training
Holding hands-on training sessions and
certification courses build the companys
strength, equipping teams with appropriate domain
knowledge.
This Article Source is From https//devops.com/ap
plying-devsecops-to-address-cloud-security-challen
ges/
9
THANK YOU
Follow Us _at_
www.trignon.com