DevSec

The cloud and digital transformation have radically changed the IT landscape and introduced new types of threats and security requirements. The cloud’s shared security model has relieved organizations of the burden of securing physical IT infrastructure, which is now the responsibility of cloud service providers (CSPs) such as Amazon Web Services, Microsoft Azure, and Google Cloud.

But cloud customers are still responsible for the secure use of virtual cloud resources, which require different approaches and tools to perform than in the data center. Attackers operate differently in the cloud than in data centers, and the way organizations work to keep your data safe in the cloud needs to be different today. According to Gartner, by 2023, at least 99% of cloud security failures will be the customer’s fault, mostly in the form of misconfiguration of cloud resources.

Cloud and DevOps engineers focus on the configuration of cloud resources, including security-sensitive resources such as: networks, security groups, and access policies for databases and storage objects, but find themselves unaware of the vulnerabilities of the beams within the code itself.

DevSec or DevSecOps requires processes and tools that enable tailoring security solutions through DevOps processes. It is common to think that the division of ownership and responsibility of the developers for the security, and the products are organized and clear, this is not so.

Most developers find themselves compromising on the implementation of information security elements in the code to meet the development schedule. There are large gaps in knowledge in the field of secure development (i.e., AppSec) which are growing considering the lack of investment by organizations in these skills. The need while ignoring the needs of the developers and the professional processes.