With DevSecOps, part of the architecture can be captured as a code. Centralized configuration management and infrastructure are widely used as a code. Even the compliance and audit can and must be standardised in structured language.
Structured languages that are used to configure databases, firewalls, servers, applications, or containers, must be readable. Architectural standards are defined only once and evolving based on the need of internal or external customers, and the code is automatically distributed and configured on all architectural components of specific type. A high degree of automation is critical parameter to security in agile environments. The DevSecOps toolkit provides a complete process of deploying and installing IT systems in a controlled manner.
- Interaction between people is a must.
- Security must work as a Business enabler
- The priority is to provide secure and funcional software with added value for the customer.
- IT and cyber security security must work with development, risk and business people on a daily basis.
- Changes are welcome because they allow them to respond to new threats, risks and vulnerabilities.
- Security is a priority for delivering high-quality software and architecture as a code.
- Security is functional requirement.
- Teams must share knowledge in information and cyber security for growth
- Overall maturity of community resulting into guild.
- Automation and security coding is a long-term goal for architecture as a code.
- Security artefacts must be self-documented.