 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
As more organizations leverage modern software development techniques, developers are better equipped to create and deliver cloud apps rapidly. Security teams have difficulty keeping up with the scale, speed and dynamic components of CI/CD cycles. Although the industry has discussed shifting security to the left to help security scale with its rapid development, firms have found that challenging to implement.
Between May 18 and June 10, the Enterprise Strategy Group (ESG) conducted an online survey of IT and cybersecurity specialists, as well as application developers from both private and public sector organizations in North America. More specifically, the ESG polled 350 IT (30%) and cybersecurity (40%) decision-makers, as well as application developers (30%) who are in charge of evaluating, purchasing and deploying developer-focused security products in mid-market (100 to 999 employees) and enterprise-level (1,000 or more employees) organizations in the United States and Canada.
This post discusses the key takeaways from this survey while also explaining how to build secure, scalable and developer-centric supply chain solutions.
Organizations can innovate faster than ever thanks to modern software development methods. However, improved speed comes with an increased security risk. According to the survey results, organizations are searching for ways to invest in cloud native software development processes while preserving secure workflows. The following are some of the top security concerns mentioned in the survey findings:
The shift to cloud native development, according to the respondents, made them more vulnerable to cybersecurity threats. Cloud native applications were mostly to blame for cybersecurity problems, with APIs being the weakest link. Open source software (OSS), data storage repositories, internally developed source code, application container images, CI/CD pipeline tools, serverless functions and third-party libraries were all susceptible to attacks. The threats that were discovered included zero day exploits on well-known and novel cloud vulnerabilities, compromised cloud accounts, stolen source code secrets and cloud misconfigurations.
Respondents said they use open source components in their development processes to speed up release cycles, but said this introduced additional security risks. For instance, even though eight out of 10 businesses used OSS code, hackers managed to compromise 41% of them. Additionally, more than half of the respondents were unable to comprehend the code composition or the software bill of materials for their third-party software. As a result, they were unable to swiftly respond to vulnerabilities that were discovered.
Security has become a major concern with the increasing use of Infrastructure as Code (IaC). Out of the 69% of respondents who said that they use IaC templates to supply their cloud infrastructure, approximately 83% reported an increase in IaC template misconfigurations. The consequences of these misconfigurations ranged from illegal application access to data loss, fines for noncompliance, and the introduction of malware, ransomware and cryptomining malware.
The majority of security teams expressed discomfort with participating in the “shift left” paradigm, claiming that developers would be overburdened. The most frequent arguments against developers taking on security responsibilities were that security tasks interfere with development processes (44%), developers are not qualified to handle security issues (42%) and the entire process would result in more work for security teams (43%). These arguments suggest that security teams should instead maintain complete autonomy over the security ecosystem.
Given the security challenges of current cloud native development, security teams are collaborating with their developers to integrate security into developer processes to reduce risk. This is because they are aware of the necessity of working with developers and using developer-centric security solutions to effectively address any security vulnerabilities that are discovered.
To adequately secure software without delaying software development, organizations shared the following “shift left” security strategies:
Given the intensifying cybersecurity threat landscape, organizations must not overlook the security risks associated with cloud native development. Organizations that wish to walk the line between rapid development cycles and security must invest in developer-focused security solutions and practices.
Indeed, 68% of survey respondents believed that investing in developer-focused security solutions and giving developers some security responsibilities should be key priorities. If security is included early in CI/CD pipelines in a frictionless, automated manner, developers will be empowered to build secure applications faster.
To learn more about the security challenges that organizations encounter with faster cloud native development lifecycles, as well as how development and security teams can collaborate, you can download the complete “Walking the Line: GitOps and Shift Left Security” eBook or register for the webinar with ESG on Dec. 13.
Discover more articles from Orca Security on managing your cloud security infrastructure and mitigating security threats.
