DevSecOps: Making cloud security a team sport


DevSecOps: Making cloud security a team sport

Cloud Risk & Security

There's often tension between security and DevOps. That tension is magnified in a cloud environment. To relieve that tension and implement effective security in cloud, it's essential to foster understanding and cooperation. How? With DevSecOps.

What's DevSecOps? It's a team approach to cloud security

There’s always been a healthy tension between security, development, and operations teams. With cloud, that tension is often heightened significantly as threat vectors multiply and release cycles get shorter. In this episode of the podcast, Mike Kavis and guest, Julien Vehent, author of the book, “Securing DevOps,” discuss how to implement more effective cloud security by encouraging cooperation between security and DevOps—DevSecOps. According to Julien, security must undergo a cultural shift to understand security risks from a business perspective, and focus on those first. It’s also essential for security engineers to understand how cloud software delivery pipelines work and adapt security processes accordingly. In other words, to be effective, cloud security needs to be a team sport.

You can never secure everything. You have to secure what is mission critical to the business. And in order to do that, you need to understand what it is critical to the business.

Julien Vehent is a DevSecOps leader at Google. He's also the author of the book, "Securing DevOps." Prior to Google, Julien worked at Mozilla, where he was responsible for the security of Firefox's backend infrastructure.

PDF - 206 KB

Please visit our cloud services webpage and discover a full suite of service offerings and capabilities available to accompany you throughout your Cloud journey.

Did you find this useful?