DevSecOps Drives Better Cloud Security Posture

DevSecOps-Drives-Better-Cloud-Security-Posture

New report finds organisations that integrate DevSecOps principles are over seven times more likely to have strong security posture

The COVID-19 pandemic influenced both cloud expansion and results. While organisations moved quickly during the pandemic to respond to increased cloud demands, many still struggled to automate cloud security and mitigate cloud risks, according to the State of Cloud Native Security Report 2022 by Palo Alto.

Yet, the move to the cloud continues for companies of all stages, from those newly taking advantage of cloud capabilities to the well-established, born- in-the-cloud organisations.

The report found 69 per cent of organisations host more than half of their workloads in the cloud, and organisations that tightly integrate DevSecOps principles are over seven times more likely to have strong or very strong security posture and are nine times more likely to have low levels of security friction.

The report surveyed 3,000 cloud security and DevOps professionals around the world to identify their challenges, understand how they handle them and illustrate what they’ve learned in the process. Topics included details about their cloud adoption and expansion strategies, cloud budgets, organisational experiences and future plans.

The report pays special attention to the latest top-of-mind concerns and narratives in the cloud native security community, including automation, DevSecOps, security posture, the use of open source and more.

Here are some of the findings:

Cloud Expansion and Strategy

  • Organisations rapidly expanded their use of clouds during the pandemic by more than 25 per cent overall but struggled with comprehensive security, compliance, and technical complexity
  • Organisations expanded with less budget, with 39 per cent of organisations spending less than $10 million on their cloud (up 16 per cent from 2020) and only 26 per cent spending more than $50 million (down 17 per cent from 2020)
  • While organisations continue to use diverse compute options,platform as a service (PaaS) and serverless approaches rose 20 per cent, likely supporting the rapid transition to the cloud, while the use of containers and containers as a service (CaaS) saw more moderate growth

Security Posture and Friction

  • Organisations with a strong security posture are more than two times more likely to have low levels of security friction — the degree to which organisations believe cloud security supports or limits their operations. This highlights the need for a two-pronged approach to cloud security, with effective security capabilities that don’t disrupt teams outside of security
  • Organisations with best-in-class security operations see the greatest benefits to their workforce in terms of productivity and satisfaction. Eighty per cent of those with strong security posture and 85 per cent of those with low security friction reported increased workforce productivity
  • A majority of organisations (55 per cent) report a weak security posture and believe they need to improve their underlying activities — such as gaining multi-cloud visibility, applying more consistent governance across accounts, or streamlining incident response and investigation — to achieve a stronger posture
  • Eighty per cent of organisations that primarily use open source security tools have weak or very weak security posture, compared to 26 per cent of those who primarily leverage their cloud services provider and 52 per cent of those who depend on third parties, highlighting that piecing together a platform using disparate tools leaves an organisation less secure

Security Drivers

  • Organisations are consolidating their security approach. Nearly three-quarters use 10 or fewer security tools, and we see a 27 per cent increase from the 2020 data in the number of organisations using just one to five security vendors, suggesting that they are looking to fewer security vendors for more capabilities
  • Organisations that have implemented a high level of security automation are two times more likely to have low friction and strong posture than their counterparts with low levels of security automation
  • How well organisations adopted and implemented DevSecOps methodologies is the primary indicator of best-in-class security. Organisations that tightly integrate DevSecOps principles are over seven times more likely to have strong or very strong security posture and are nine times more likely to have low levels of security friction

If you liked reading this, you might like our other stories

Top Global Women In Data Science
Text Autocompletion Systems: Friend Or Foe