Survey: a SANS Survey

Rethinking the Sec in DevSecOps: Security as Code

As IT workloads move to the cloud, organizations face a fundamental shift in how to develop and deliver systems— and in their security practices. Deploying and running production systems has become abstracted from the underlying hardware and network. Infrastructure is defined through code, and operations work through cloud service APIs.

Why read this survey?

Security as Code represents the future of security. What does this mean to security professionals, to their priorities, to their training, and to the investments that they make in technology and tooling?

This survey, the eighth in an annual series that focuses on application security and DevOps, examines the following with regard to DevSecOps in the cloud:

• What do security teams need to understand about software development to meet the demand of high-velocity delivery?

• What skills enable security teams to architect secure cloud services and ensure that they catch and fix vulnerabilities as early as possible?

• What impact do the different cloud architectures and platforms have on this effort, including risks, strengths, and weaknesses?

SANS surveyed 281 organizations across the world. This figure provides a snapshot of the demographics of the survey respondents.

Screenshot 2022-06-08 at 15.49.04

Download your copy now

* Required field