The final phase is team and operational activities. Being distributed in nature, every team works independently. In this case, it becomes an essential prerequisite that each team has enough security training. The following questions help us to evaluate security at the operational level:
- How are security activities baked in to every development team?
- How do you ensure that everyone is aware of common security principles?
- What security training do you give to the team and do you update them regarding any vulnerabilities?
- What automation level do you use to ensure security controls are always in place?
In the next section, we will look at how we can harden the application and container, and go through various ...