|
Work item:
|
X.gdso-cs
|
|
Subject/title:
|
Guidelines of development, security and operations (DevSecOps) for cloud service
|
|
Status:
|
Under study
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2027-09 (Medium priority)
|
|
Liaison:
|
-
|
|
Supporting members:
|
-
|
|
Summary:
|
Cloud services deliver on-demand computing resources, and which are designed for scalability, flexibility, and automation. They offer features such as auto-scaling, high availability, and multi-tenancy for efficient use and smooth user experiences. However, the complex, multi-tenant, and dynamically allocated cloud environment creates challenges for cloud-native applications, especially given the diverse technology stacks, cross-team collaboration needs, and multi-cloud deployments.
DevOps connects development and operations, fostering collaboration, automation, and continuous improvement across the whole software lifecycle. In cloud services, it accelerates development, deployment, and operations by automating tasks like resource provisioning, configuration management, testing workflows, and scaling, etc. DevSecOps goes a step further by embedding security into every phase of the lifecycle, with a focus on automation, continuous testing, and proactive risk management. In dynamic cloud environments, this approach ensures compliance, data protection, and system integrity across coding, integration, deployment, and operations, reducing vulnerabilities and enhancing defenses without sacrificing agility.
Establishing a DevSecOps standard specifically for cloud services is essential, as it offers clear, actionable measures that address unique security risks such as cloud API misuse, credential exposure in automated CI/CD pipelines, misconfigurations in cloud-native deployments, unverified cloud service dependencies, and the lack of real-time visibility across ephemeral, distributed environments. These challenges demand a DevSecOps approach that embeds security into every phase of the cloud service DevOps lifecycle.
This draft recommendation provides guidelines of DevSecOps for cloud service, helping organizations mitigate vulnerabilities, streamline secure development, and continuously improve security, ultimately enhancing trust and reliability in cloud service delivery.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2025-04-16 16:20:40
|
|
Last update:
2025-07-14 10:32:29
|
|
