Fully leveraging the agility of public cloud infrastructure as-a-service (IaaS) platforms requires embracing DevOps processes that enable businesses to bring applications to market quickly and efficiently. Many companies are now realizing these benefits by automating the continuous integration and continuous delivery (CI/CD) of their applications. Cybersecurity, however, is too often not part of the shift to DevOps, a missed opportunity to efficiently improve an organization’s cybersecurity posture by building security into the CI/CD pipeline. While organizations are interested in integrating security with DevOps processes (i.e.,“DevSecOps”), they find it difficult to find specifics for how to get started.
Following are a set of best practices that will help cross-functional scrum teams at organizations of any size, inclusive of application owners, developers, operations teams, and cybersecurity champions, to leverage automation to assure the right cybersecurity measures are applied at each step of the CI CD pipeline.