Senior Support Executive
NNT - New Net Technologies
Oracle and KPMG recently issued their 2020 Cloud Threat Report that identifies the key security risks and challenges organizations are faced with as they implement and manage cloud solutions.
The joint cloud and threat security report revealed a shift in attitudes towards cloud security, with 75% of respondents viewing the public cloud as more secure than their own data centers. This data was developed through an online survey of 750 cybersecurity and IT professionals working across the United States, Europe and Asia.
The report also found that an overwhelming majority of respondents (92%) admit that as companies prioritize speed over security, their immaturity in their cloud security programs is creating a cybersecurity readiness gap, with current cloud usage, planned cloud usage, and cloud security program maturity misalignment.
Many IT professionals feel under pressure to bring cloud-based applications to market as quickly as possible and view security as a hindrance to their go-to-market priorities.
With a major cultural shift needed as businesses new to the cloud move from a perimeter-based approach to security, to the more fluid nature of today’s hybrid/multi-cloud environments, blind spots are being created along the way for most organizations.
One of the biggest challenges organizations are facing is the issue of visibility. Using the cloud for a company’s data storage has brought about configuration management challenges that leave the company with blind spots, further widening the attack surface.
In fact, nearly a third of respondents believe that “identifying workload configurations that are out of compliance, including those that don’t adhere to an industry standard benchmark” is the area that needs the most attention.
The report emphasizes that as cloud adoption continues to expand, it’s critical for companies to adopt a DevSecOps approach to help minimize the cybersecurity readiness gap, defining the approach as “automating cybersecurity processes and controls with the continuous integration and continuous delivery toolchain that orchestrates the application lifecycle.”
The main reason that organizations are adopting or planning to adopt a DevSecOps approach is to improve security posture by baking security into every stage of their continuous delivery tool kit. Other key driving factors include collaboration (40%), efficiency (40%), and compliance (36%).
Employing DevSecOps will enable organizations to foster a higher level of collaboration between teams, gain greater operational efficiency, while also allowing teams to ensure that their businesses meet and maintain compliance with applicable industry regulations.
Organizational culture is a critical success factor and is seen as the starting point for adopting this new methodology. I recently put together a How-To-Guide for organization’s looking to move from a DevOps approach to a DevSecOps approach. You can learn more about the benefits of this approach and how to get started by reading the guide here: How To Move From A DevOps To A DevSecOps Approach.