Extending DevSecOps Security Controls into the Cloud: A SANS Survey
In previous years, SANS research has examined how security and risk management leaders are leveraging modern technologies, such as infrastructure as code, containerization and security automation, to manage security in fast-paced Agile and DevOps environments.
In this years survey, authors Jim Bird and Eric Johnson will continue to explore how organizations are extending their DevSecOps security controls beyond their on-premises environments into the public cloud to secure their cloud networks, services and applications. Some highlights from the survey investigations include:
- How the cloud helps organizations move faster
- Whether organizations are putting their emphasis more on the left (Dev) or the right (Ops) of DevSecOps as implemented in the cloud
- How InfoSec can take advantage of DevOps feedback loops and experiments to continuously assess, learn and improve the security of systems
- How cloud continuous integration, continuous delivery and configuration management tools are being used compared with on-premises options
Learn how to leverage best practices in DevSecOps in todays cloud-based environment and how to use the most effective tools and technologies. Register now and be the first to receive the associated report, written by SANS analyst Jim Bird and SANS Application Security Curriculum product manager Eric Johnson.
Jim Bird, SANS analyst and co-author of SEC540 Cloud Security & DevOps Automation, is an active contributor to the Open Web Application Security Project (OWASP), and an author of books on Agile Security and DevSecOps. He has worked at major technology organizations and financial institutions around the world in software development, operations and IT security.
Eric Johnson, Principal Security Engineer at Puma Security and Principal SANS Instructor, focuses on cloud security, DevSecOps automation, and building static analysis tools. His experience includes application security automation, cloud security reviews, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments.