Extending DevSecOps Security Controls in the Cloud: A SANS Survey



DevOps: Shifting Left and Shifting Right

By moving work to the cloud, organizations can take advantage of the massive investments in infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) engineering that cloud providers have made. Working in the cloud also creates new challenges and opportunities when it comes to managing security and compliance risks.

This survey, the seventh in an annual series that focuses on application security and DevOps, examines DevSecOps in the cloud to understand:

  • How organizations are using the cloud in platforms
  • How organizations are building and deploying applications in the cloud
  • Whether or not security teams are able to keep up with fastmoving DevOps teams
  • What security tools and practices give DevSecOps teams the most value