Request a Demo


Secure DevOps: Fact or Fiction?

SANS Explores How Security Fits Into DevOps

This study by SANS on security practices in software development focuses on DevOps. This report explores how security fits into DevOps, where security risks are, and how they are being managed by corporations.

In this report:

  • Key success factors in implementing a secure DevOps program
  • Balancing the compelling advantages and security risks that DevOps technology introduces
  • Application security tools, practices, and techniques—ranked
  • The benefits of “shifting left” (i.e. embedding security in all stages of the software development lifecycle)

Can security keep up with rapid iteration in continuous deployment? This study explores the way that forward-thinking organizations keep up with rapid change through DevOps, plus the challenges along the way.


"Shifting left is about including quality and security practices earlier, into requirements, design and coding, instead of relying on acceptance testing and stage-gate reviews to catch mistakes. This comes from the Lean Engineering basis of DevOps: The earlier that you catch and correct mistakes, the more you reduce delivery cycle time and cost. Organizations that leave security to “the right” of the delivery chain force security teams into a corner, without enough time to fix problems before code is delivered."

excerpt image