A COMPREHENSIVE MODEL OF SECURITY INTEGRATION INTO THE DEVELOPMENT LIFE CYCLE FOR CLOUD ENVIRONMENTS
DOI: 10.31673/2409-7292.2025.024887
DOI:
https://doi.org/10.31673/2409-7292.2025.024887Abstract
This study proposes a comprehensive model specifically designed to address the security challenges associated with
modern cloud infrastructures. The proposed model ensures the implementation of security measures from initial planning to the
end of the application lifecycle, prioritizing continuous security implementation at all stages. The model focuses on integrating
security as an integral part of the development process. It involves ongoing risk management, regular audits, and driving
continuous innovation throughout the SDLC. Other key components of the extended model include security governance, safe
component decommissioning, monitoring, response, learning, and scaling.
The extended model encompasses 20 key components that form a complete set of actions required to securely develop,
deploy, and maintain modern software systems. It considers not only technical aspects, but also cultural and procedural factors,
which are the basis for sustainable security management.
Comparison with existing models demonstrates that the extended model not only addresses gaps in current practices, but
also offers a scalable solution that meets the dynamic nature of today's IT environments. The model's emphasis on continuous
innovation and adaptation helps organizations stay one step ahead of new threats and changing security requirements.
Keywords: software development lifecycle, SDLC, DevSecOps, cloud security, security management, continuous
integration.
References
1. DATA BREACH MANAGEMENT: AN INTEGRATED RISK MODEL / F. Khan та ін. Information &
Management. 2021. Т. 58, № 1. С. 103392. URL: https: // doi.org / 10.1016 / j.im.2020.103392 (дата звернення:
25.05.2025).
2. Rajapakse R., Zahedi M., Babar M. Challenges and solutions when adopting DevSecOps: A systematic
review. Journal of Information and Software Technology. 2021.
3. Ruparelia N. B. Software development lifecycle models. ACM SIGSOFT Software Engineering Notes.
2010. Т. 35, № 3. С. 8–13. URL: https://doi.org/10.1145/1764810.1764814 (дата звернення: 25.05.2025).
4. Jain R., Suman U. A Systematic Literature Review on Global Software Development Life Cycle. ACM
SIGSOFT Software Engineering Notes. 2015. Т. 40, № 2. С. 1–14. URL: https://doi.org/10.1145/2735399.2735408
(дата звернення: 25.05.2025).
5. Acharya B., Sahu P. Software Development Life Cycle Models: A Review Paper. International Journal of
Advanced Research in Engineering and Technology. 2020. Т. 11. С. 169–176. URL: https://doi.org/ 10.34218/
IJARET.11.12.2020.019.
6. Amazon Web Services I. What is SDLC? - Software Development Lifecycle Explained. URL: https: // aws.
amazon. com / what-is / sdlc / #:~:text=The % 20software %2 0development % 20lifecycle%20 (SDLC, expectations%
20during%20production%20and%20beyond(дата звернення: 25.05.2025).
7. Olorunshola O., Ogwueleka F. Review of System Development Life Cycle (SDLC) Models for Effective
Application Delivery. Lecture Notes in Networks and Systems. 2021.
8. Systematic Literature Review on Security Risks and its Practices in Secure Software Development /
R. A. Khan та ін. IEEE Access. 2022. Т. 10. С. 5456–5481. URL: https://doi.org/10.1109/access.2022.3140181(дата
звернення: 25.05.2025).
9. Solutions - DevSecOps - Addressing Security Challenges in a Fast-Evolving Landscape White Paper. Cisco.
URL: https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/devsecops-addressing-securitychallenges.html(дата звернення: 25.05.2025).
10. Kumar R., Goyal R. Modeling continuous security: A conceptual model for automated DevSecOps using
open-source software over cloud (ADOC). Computers & Security. 2020. Т. 97. С. 101967.
URL: https://doi.org/10.1016/j.cose.2020.101967(дата звернення: 25.05.2025).
11. Zhao X., Clear T., Lal R. Identifying the primary dimensions of DevSecOps: A multi-vocal literature
review. Journal of Systems and Software. 2024. С. 112063. URL: https://doi.org/10.1016/j.jss.2024.112063(дата
звернення: 25.05.2025).
12. GitHub - sottlmarek/DevSecOps: Ultimate DevSecOps library. GitHub. URL: https://github.com/sottlmarek/
DevSecOps(дата звернення: 25.05.2025).
13. OWASP Devsecops Maturity Model | OWASP Foundation. OWASP Foundation, the Open Source
Foundation for Application Security | OWASP Foundation. URL: https://owasp.org/www-project-devsecops-maturitymodel/(дата звернення: 25.05.2025).
