Due to the rapid release of cloud services, law enforcement, security incidents, and tenants' data protection, the security is indispensable to cloud/internet services. Moving security activities from right to left during the development lifecycle and having built-in security practices in the continuous integration pipeline are the goals of DevSecOps.
The business environment, culture, law compliance, and external market drive relate to how the DevSecOps security assurance program rolls out in an organization. The DevSecOps or security assurance program management involved with the whole organization across all business units and the key success to DevSecOps will require all stakeholders to agree with the goal and approaches.
We will cover the following topics in this chapter:
- Security compliance (ISO 2700x, FIPS, CSA-CCM)
- Legal/law compliance—General Data Protection Regulation (GDPR)
- New technology (third-party, cloud, containers, and virtualization)
- Cloud service hacks/abuse
- Rapid release
As shown in the following diagram, this is how external drivers and challenges impact on a team when delivering secure cloud services:
