In the past, determining security requirements relevant to a particular project or technology was not a simple or speedy task, and required reading though dry policy documentation or engaging a subject matter expert. Now, DevOps teams must contend with new architectural components - like containers - which add new security requirements. Additionally, complex support models in cloud environments - like IaaS vs. SaaS - shift the responsibility for traditional security requirements onto new parties. This challenge lead AT&T to develop a new service which provides a report of only relevant security requirements to a project team, after they answer a few simple questions in an online, self-service format.
This talk will introduce this new service and demonstrate how it is saving DevOps teams time while simultaneously helping them ensure they have addressed all relevant security requirements.