The Role of DevOps in Cloud Security Management>
Info Q – Dotan Nahum
General development and integration create vulnerabilities because they allow more opportunities for errors. This includes using non-secure open-source code and hardcoding secrets to simplify testing, among others. ShadowIT is a breach waiting to happen as the security team doesnât always know what external systems now have access to internal systems. Donât forget security on the cloud versus security of the cloud. The cloud provider only needs to do so much and the rest is up to you. Make sure you read the fine print. Security must be both proactive and reactive, so it needs to be considered with every step of development. DevSecOps wonât be able to prevent everything, so policies and procedures need to be in place when a threat does hit. Security needs to be top of mind when creating new code. Old code may not be secure, so that also needs to be reviewed when building new features on it.
Link: https://www.infoq.com/articles/devops-cloud-security/