Cloud 101CircleEventsBlog
Join top cybersecurity experts at the Raleigh, NC LevelBlue's cyber networking event June 20th!

CSA Official Press Release

Published 05/15/2024

Cloud Security Alliance and SAFECode Release Sixth and Final White Paper in Its Six Pillars of DevSecOps Series

Cloud Security Alliance and SAFECode Release Sixth and Final White Paper in Its Six Pillars of DevSecOps Series

Document promotes and demonstrates the importance of clear measurements for security performance in DevSecOps

SEATTLEMay 15, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, and today released The Six Pillars of DevSecOps: Measure, Monitor, Report, and Action, which emphasizes the importance of continuous measurement and observability in DevSecOps. Written by CSA’s DevSecOps Working Group in collaboration with SAFECode, the report — the sixth and final in the Six Pillars of DevSecOps series — provides a detailed exploration of making security data observable, applying these principles to various team performance levels, and improving security observability through effective reporting.

“The idea that you can’t manage what you can’t measure is never more true than in the realm of cybersecurity. The ability to not only measure but continuously monitor, report, and act on real data are hallmarks of a successful program,” said Josh Buker, Research Analyst, Cloud Security Alliance. “This paper will enable security and digital leaders to determine the effectiveness of their security practices and how well security has been interwoven into the software development lifecycle.”

The paper’s key recommendations include adopting specific principles for enhancing reporting and using these to drive continuous improvement in security. This approach aims to balance compliance and performance in DevSecOps, advocating for a culture where security is integrated into all stages of software development. Other topics explored in the paper include:

  • Making data observable, specifically turning security data and metrics into observable data
  • Scenario-based review and how the concept of security observability can be applied to high- and low-performing teams
  • Improvement through reporting and where companies should start on their security-observability reporting journey

Download The Six Pillars of DevSecOps: Measure, Monitor, Report and Action today. Learn more about the series, which provides a high-level set of methods and successfully implemented solutions to build software at speed and with minimal security-related bugs, here.

The CSA DevSecOps Working Group works to create a transparent and full-circle management lifecycle that leverages all the components of DevSecOps to ensure timely and full-functioning application deployment with proper security steps through every process. The working group maintains an active partnership with SAFECode whose members contribute their expertise in designing and managing software security programs. Individuals interested in becoming involved in the future research and initiatives of this group are invited to do so by visiting the Join page.

About SAFECode
SAFECode is a non-profit global industry forum where business leaders and technical experts come together to exchange insights and ideas on creating, improving, and promoting scalable and effective software security programs. We believe that secure software development can only be achieved with an organizational commitment to the execution of a holistic assurance process, and that sharing information on that process and the practices it encompasses is the most effective way for software providers to help customers and other stakeholders manage software security risk. For more information, visit

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at, and follow us on Twitter @cloudsa.

Media Contacts
Kristina Rundquist
ZAG Communications for the CSA
[email protected]

Carol Fusaro, Sr. Marketing Communications Manager
[email protected]

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.