How to tackle hybrid cloud security and DevSecOps