By moving work to the cloud, organizations can take advantage of the massive investments in infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) engineering that cloud providers have made. Working in the cloud also creates new challenges and opportunities when it comes to managing security and compliance risks.

DevOps—extending Agile development values, techniques and tools from development to operations—has become the de facto model for IT in the cloud. DevOps consists of cross-functional teams of developers and operations engineers sharing responsibilities for building, deploying and running applications; leaning heavily on automated testing and build tooling; and letting the cloud provider do the undifferentiated heavy lifting of running the data center, provisioning infrastructure and operating generic platform services.

This survey, the seventh in an annual series that focuses on application security and DevOps, examines DevSecOps in the cloud