A term that has increasingly gained traction in the industry is DevSecOps—the convergence of development, security, and operations. As DevOps practices have become more common and accepted throughout technology practices, security was left behind in the agile-driven practices espoused by DevOps.
DevSecOps applies the same agile build it and own it mentality to security, pulling it into the fold of continuous integration deployment. It is ultimately the belief that a specific set of resources or a small team owns security. It is the culmination of tools, platform, and mindset and the idea that everyone is responsible for security and needs to implement good security practices at every stage of the develop/deploy/operate life cycle.
There are principal guidelines for DevSecOps that constitute a cloud native approach, and these are demonstrated perfectly by the DevSecOps manifesto:
Similar to topics covered in Chapter 5, Scalable and Available, security stands to benefit from defining...