In previous years, SANS research has examined how security and risk management leaders are leveraging modern technologies, such as infrastructure as code, containerization and security automation, to manage security in fast-paced Agile and DevOps environments.
In this years survey, authors Jim Bird and Eric Johnson will continue to explore how organizations are extending their DevSecOps security controls beyond their on-premises environments into the public cloud to secure their cloud networks, services and applications. Some highlights from the survey investigations include:
- How the cloud helps organizations move faster
Whether organizations are putting their emphasis more on the left (Dev) or the right (Ops) of DevSecOps as implemented in the cloud
- How InfoSec can take advantage of DevOps feedback loops and experiments to continuously assess, learn and improve the security of systems
- How cloud continuous integration, continuous delivery and configuration management tools are being used compared with on-premises options