within, or even at the end, of a DevOps process as op- posed to being embedded in the development process at the beginning. A solution to this issue is a discipline known as DevSecOps. In brief, DevSecOps is the process of integrating security into the software development process. DevSecOps begins with a change in culture founded in ongoing learning (to raise security awareness with developers who may already be entrenched in DevOps processes), the identification of security-savvy people within the organization who can champion the change in the security approach, and the empowerment of those working on security to determine how best to embed robust security into the clouds they support. Tools can then be used to automate security testing, detect vul- nerabilities early, and raise security as a gate to blocking forward progress, and even the deployment of a release, if problems are found. Cloud, containers and microservices The change in how the industry approaches software de- velopment can be attributed to the advent of cloud com- puting and the availability of features and capabilities of- fered by cloud providers and tool vendors. In many cases, developers create applications that functionally span an organization’s data center, one or more public clouds, and a variety of platforms and deployment models. With the advent of containerization, for example, applications can be deployed virtually anywhere. The cloud has therefore given rise to a variety of archi- tectures and technologies developers need to use, and tools that support their use. Microservices, as an exam- ple, can facilitate the development of large, complex ap- plications by breaking them down into a set of loosely 19