Cloud 101CircleEventsBlog
Submit a Peer Review for the AI Controls Matrix—a groundbreaking framework to address AI risks and strengthen security.

Download Publication

Six Pillars of DevSecOps
Six Pillars of DevSecOps

Six Pillars of DevSecOps

Release Date: 08/07/2019

Working Group: DevSecOps

In our current state of cyber security, there has been a large growth of application flaws that bypass the continuing addition of security frameworks to ensure overall health of a project life cycle. Reducing the complexity during development cycles as well as being given the resources to build a trusted environment are key to future success. This is where DevSecOps takes shape. DevSecOps is the integration of continuous security principles, processes, and technology into DevOps culture, practices, and workflows. The Six Pillars of DevSecOps sets forth to introduce concepts that can be utilized and help companies grow with. With use cases to follow by, this paper allows industry professionals to take the concepts and apply them to their own environments.

This publication is part of an entire series on the Six Pillars of DevSecOps. You can find all the papers in the series that have been released so far here.


Related Research | Working Group 
Download this Resource

Bookmark
Share
Related resources
Cloud Security for Startups 2024
Cloud Security for Startups 2024
Key Management for Public Cloud Migration
Key Management for Public Cloud Migration
Top Threats to Cloud Computing 2024 - Japanese Translation
Top Threats to Cloud Computing 2024 - Japanese ...
Next-Gen Cybersecurity with AI: Reshaping Digital Defense
Next-Gen Cybersecurity with AI: Reshaping Digital Defense
Published: 01/10/2025
How to Secure Cloud Environments and Minimize Data Breach Risks
How to Secure Cloud Environments and Minimize Data Breach Risks
Published: 01/10/2025
Let’s Go Back to the Basics: How ISO 27001 Certification Works
Let’s Go Back to the Basics: How ISO 27001 Certification Works
Published: 01/09/2025
What is Protocol Break? A Deep Defense to Isolate Attackers in the Cloud
What is Protocol Break? A Deep Defense to Isolate Attackers in the ...
Published: 01/09/2025

Acknowledgements

Alexandria Leary
Alexandria Leary
Principal Cloud Security Consultant at ScaleSec

Alexandria Leary

Principal Cloud Security Consultant at ScaleSec

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.

Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His lea...

Read more

Sean Heide
Sean Heide
Technical Research Director, CSA

Sean Heide

Technical Research Director, CSA

Ronald Tse
Ronald Tse
CEO, Ribose

Ronald Tse

CEO, Ribose

Ronald has served CSA in numerous capacities, including as a member of CSA's APAC Research Advisory and International Standardization Council. Additionally, he co-chairs the Open Certification Framework (OCF), SaaS Governance, and DevSecOps working groups. He is the founder and CEO of Ribose, where under his leadership the company has been consistently awarded the industry's highest cloud security ratings, including being the on...

Read more

John Martin Headshot Missing
John Martin

John Martin

Setumadhav Kulkarni Headshot Missing
Setumadhav Kulkarni

Setumadhav Kulkarni

David Lewis Headshot Missing
David Lewis

David Lewis

Eric Gauthier Headshot Missing
Eric Gauthier

Eric Gauthier

Lee Szilagyi Headshot Missing
Lee Szilagyi

Lee Szilagyi

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training