CSA Official Press Release
Published 02/21/2024
Latest DevSecOps Guidance from Cloud Security Alliance and SAFECode Emphasizes Value of Collaboration, Integration in DevSecOps Landscape
Document provides practical insights for seamlessly embedding security in DevOps processes and workflow and examines convergence of DevSecOps with Zero Trust, MLSecOps, and AIOps
SEATTLE – Feb. 21, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released The Six Pillars of DevSecOps - Collaboration and Integration. Written by CSA’s DevSecOps Working Group in collaboration with SAFECode, the paper lays out the importance of integrating DevSecOps into organizational processes and stresses how fostering a sense of collaboration is key to its successful implementation.
Of particular interest, it examines the convergence between DevSecOps and such technology areas as Zero Trust, AIOps, and MLSecOps, providing an overview of how DevSecOps can be leveraged for Zero Trust, various issues in MLSecOps that have some semblance with DevSecOps, and how AIOps can be leveraged by DevSecOps.
“Security is a team sport that requires collaboration between various organizational roles and key stakeholders to ensure that the threat landscape is well understood and that organizational practices for IT activities follow proper security hygiene. In issuing this paper, we wanted to share practical tips for ensuring that security is an integrated part of DevOps operations,” said Abdul Sattar, the paper’s lead author.
The report is the fifth in the Six Pillars of DevSecOps series, which provides a high-level set of methods and successfully implemented solutions to build software at speed and with minimal security-related bugs. Other topics included in the paper include:
- The overarching principles for successful collaboration in DevSecOps
- The why and how of role-based security training programs, offering details on implementing a continuous, role-based security training program at an organization
- How various organizational roles collaborate in an end-to-end DevSecOps delivery pipeline
- Communication requirements—based on various organizational roles—to integrating a new acquisition into an organization’s existing DevSecOps processes
- How to craft a winning DevSecOps culture
Download The Six Pillars of DevSecOps - Collaboration and Integration today.
The CSA DevSecOps Working Group works to create a transparent and full-circle management lifecycle that leverages all the components of DevSecOps to ensure timely and full-functioning application deployment with proper security steps through every process. The working group maintains an active partnership with SAFECode whose members contribute their expertise in designing and managing software security programs. Individuals interested in becoming involved in the future research and initiatives of this group are invited to do so by visiting the Join page.
About SAFECode
SAFECode is a non-profit global industry forum where business leaders and technical experts come together to exchange insights and ideas on creating, improving, and promoting scalable and effective software security programs. We believe that secure software development can only be achieved with an organizational commitment to the execution of a holistic assurance process, and that sharing information on that process and the practices it encompasses is the most effective way for software providers to help customers and other stakeholders manage software security risk. For more information, visit www.safecode.org.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
Media Contacts
Kristina Rundquist
ZAG Communications for the CSA
[email protected]
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.