DevSecOps is a shift in methodology where application security is introduced earlier and reinforced throughout each phase of an operation. This whitepaper expands on Foghorn’s approach for building a compliant cloud using these four principles:
- People – establishing a culture of transparency and accountability
- Process – simplified steps for an approved roadmap that normalizes safe practices
- Technology – leveraging layered defenses and utilizing automation
- Governance – supporting people, processes, and technology with policies
It discusses how Foghorn leverages the available tools in Amazon Web Services (AWS) to support DevSecOps, but also the culture changes necessary to avoid the ever-present threat of human error.
It also covers the role of the customer in security for front-facing operations, and how evolving threats must be met with evolving security applications like containers, as well as a checklist for security best practices in AWS.
DevSecOps Enablement on AWSBest Practices and Advantages of AWS Tools in Building
a Compliant Cloud
Foghorn’s AWS DevOps Competency and AWS Security Competency grant supreme insight into DevSecOps systems that use AWS. ‘DevSecOps Enablement on AWS’ provides clarity as to how Foghorn approaches security on the platform, but it should also prove useful for securing a cloud-based operation in general.