Understanding the need for DevSecOps
Before we dive into the layers of DevSecOps, it’s good to understand why DevSecOps is important in multi-cloud. First, we must understand the layers in securing the cloud. There are four layers to be considered:
- Organizational level or the overarching governance
- Enterprise level, ensuring the security across accounts, auditing centralized compliancy through monitoring and logging, and promoting automation
- Subscription level, using Role Based Access Control (RBAC), threat detection and in-depth defence
- Solution level, using CI/CD with validated templates, blueprints and images
We must define security on all levels. The following diagram shows all levels of defence in cloud.
![Figure 13.1 – Levels of security in application stacks](https://static.packt-cdn.com/products/9781804616734/graphics/media/file84.png)
The top of the stack is formed by the application payloads. In multi-cloud, enterprises will likely use containers and CI/CD (Continuous Integration/Continuous Deployment) pipelines in multi-cloud. With multi...