In the beginning
Separate roles:
- Development teams
- Central IT operations
Responsibility for operating the system is transferred at release time. Dev team is called in to investigate issues
DevOps
- Dev team operates what it builds
Supported by:
- A central SRE team provides common tools and best practices across teams
- A central information security team
- Involved (possibly) in early design phase of a system
- Responsible for verifyng security of the system once deployed
DevSecOps
- Dev team
- Ooperates what it builds
- And sets in place systems to verify “software security” of the system
As many security checks as possible are moved left, within the software delivery pipeline, instead of being performed after delivery