In 2020, no one disputes two key trends: Cloud is the default solution for almost every new, critical IT project and DevOps software development practices are needed to remain competitive in the marketplace.
Cloud has acted as a powerful enabler for agile philosophies in DevOps, untethering them from legacy IT environments and bridging the gap between agile theory and practice. Most large organizations still have a way to go on their cloud and DevOps journey, and among the challenges they face is understanding what it means to manage cybersecurity risks when building software at DevOps speed and cloud scale.
We have all heard the conventional wisdom about the security team and the DevOps team. The pace of DevOps and occasional lack of discipline makes the security team worried, while the DevOps team perceives the security team as slow, inflexible and outdated. And yet, the business desperately needs to rapidly develop new services without exposing themselves to cyber attacks, and the consequences for business reputation and customers trust which follow.
We know the challenges with cloud, DevOps and security. We know what we want to avoid and how we want them to interact in the future. What we need is a set of guidelines for achieving the vision.
Throughout this website, “we”, “KPMG”, “us” and “our” refers to the global organization or to one or more of the member firms of KPMG International Limited (“KPMG International”), each of which is a separate legal entity.