green globe


DevSecOps: Making cloud security a team sport

Part of the Architecting the Cloud podcast series

There's often tension between security and DevOps. That tension is magnified in a cloud environment. To relieve that tension and implement effective security in cloud, it's essential to foster understanding and cooperation. How? With DevSecOps.

Listen and subscribe to Deloitte On Cloud podcast:

Listen on Apple Podcast Listen on Google Podcast Listen on Spotify Listen on Souncloud Listen on Pandora

What's DevSecOps? It's a team approach to cloud security

There’s always been a healthy tension between security, development, and operations teams. With cloud, that tension is often heightened significantly as threat vectors multiply and release cycles get shorter. In this episode of the podcast, Mike Kavis and guest, Julien Vehent, author of the book, “Securing DevOps,” discuss how to implement more effective cloud security by encouraging cooperation between security and DevOps—DevSecOps. According to Julien, security must undergo a cultural shift to understand security risks from a business perspective, and focus on those first. It’s also essential for security engineers to understand how cloud software delivery pipelines work and adapt security processes accordingly. In other words, to be effective, cloud security needs to be a team sport.

You can never secure everything. You have to secure what is mission critical to the business. And in order to do that, you need to understand what it is critical to the business.

Julien Vehent is a DevSecOps leader at Google. He's also the author of the book, "Securing DevOps." Prior to Google, Julien worked at Mozilla, where he was responsible for the security of Firefox's backend infrastructure.

Debunking cloud security myths

Cloud security myths are often based more in anxiety than fact. In reality, companies that address security risks head on often find a great deal of success.

Back to top

sound wave

DevSecOps and the cyber imperative

To enhance their approaches to cyber and other risks, organizations are embedding security, privacy, policy, and controls into their DevOps culture and processes, enabling the entire IT organization to share responsibility for security.

Back to top


DevOps and Cloud, no longer optional

It’s not enough to build both a DevOps organization transformation and public cloud solution. You need to do the harder work of making them work and play well together.

Back to top


Put Cloud in context with the future of business and technology

Because cloud is never just about cloud, a podcast about cloud isn’t either. Our two hosts deliver two unique perspectives to help bring you closer to achieving what matters most—your possible.

For Cloud Professionals, hosted by David Linthicum, provides an enterprise-level, strategic look at key issues impacting clients’ businesses. David, ranked as the #1 cloud influencer in a recent Apollo Research report, has published 13 books on computing, written over 5,000 published articles and performed over 500 conference presentations, making his specialization in the power of cloud simply undeniable.

As a pioneer in cloud computing, Mike Kavis leads Architecting the Cloud, which offers insights from the POV of those who’ve had hands-on experience with cloud technology. Mike’s personal cloud journey includes leading the team that built the world's first high-speed transaction network in Amazon's public cloud—a project that ultimately won the 2010 AWS Global Startup Challenge.

With two leaders in your ear, you’ll have the content you need to drive the next conversation around cloud. Check out both talk tracks within the Deloitte On Cloud podcast to get the compelling stories on your schedule to help you understand the topics that are reshaping today’s market.

Contact us at for information on this or any other On Cloud podcasts.

Or visit the On Cloud library for the full collection of episodes.

Subscribe now on: iTunes | SoundCloud | Stitcher | Google Play | Spotify

Previous episode