Is Security Key To Your Cloud-Native Strategy?


Cloud-native adoption transforms the way organisations defend against security threats. A new report finds 99 per cent of companies recognised security as important to their cloud-native strategy

As IT operations continue drifting into the cloud, it’s vital to ensure that organisation personnel keep pace with the latest skills and practices. Success in the cloud-native era is defined by an organisation’s ability to deliver new software versions faster and more efficiently. Or being able to deploy code to production faster and more easily manage those applications were the primary reasons for moving towards containerised infrastructure. 

What is Cloud-native?

More than just registering it with a cloud provider and managing it to run existing applications, cloud-native affects the deployment, implementation, layout and operation of the application. 

Features of Cloud-Native 

Containerised: Just like a normal container, which holds a pile of things, containerised also plays the same part. All parts such as process, applications are packaged in their respective containers. This promotes reproducibility, clarity and resource isolation.

Well Organised: Containers remain intently managed and scheduled to boost resource utilisation. 

Adapted to Microservices: Applications are sectioned into microservices, which improves coordination and maintenance of applications. 

However, as companies embrace cloud-native technologies as part of their digital transformation, security is a key factor in building successful platforms.

A snyk survey, State of Cloud-Native Application Security Report, found that while only 36 per cent of respondents stated that security was one of the main reasons for moving their production applications into containers, 99 per cent of respondents recognised security as an important element in their cloud-native strategy.
The report revealed that cloud-native adoption has modified the way companies develop modern applications and resulted in increased security threats and concerns.

  • Over half of respondents suffered from a misconfiguration or known vulnerabilities incident.
  • Respondents in security roles are almost three times more likely to attribute security ownership to the IT security team than respondents in development teams are.
  • Deploying automation makes it 17 times more likely that security tests run daily or more frequently.

The report further states that over half of the respondents experienced misconfiguration or known vulnerability incidents. Cloud-native completely changes the way companies guard themselves against cloud threats. 

  • Nearly 60 per cent have increased security concerns since adopting cloud-native.
  • Misconfigurations were seen as the most important area of increased concern (over half of respondents stated it’s now a bigger problem since moving to a cloud-native platform).
  • Known unpatched vulnerabilities (38 per cent) are responsible for the greatest number of security incidents in their cloud-native environments. 

Also Read: Digital Transformation’s Impact on Industries: Microsoft Report

Developers Play the Pivotal Role 

Developers now need solutions that allow them to build security into an entire application, such as from code and open source to containers and cloud infrastructure. The developers have the opportunity to take a central security leadership position in the companies as their role evolves to take on greater authority and autonomy.

Important findings from the report show that security ownership is now being adopted by development teams faster than security teams. 

  • Respondents in security roles are almost three times more likely to attribute security ownership to the IT security team than respondents in development teams are.
  • Over 36 per cent of developers stated that they were responsible for the security of their cloud-native environments.
  • Less than 10 per cent of respondents in security roles believed developers were responsible for the security of their cloud-native environment and applications.

Also Read: Who’s Buying Who: Big Deals In Cybersecurity

Continuous Deployment Empowers Continuous Testing

Choosing a broader and deeper way to cybersecurity by installing security tools in the software development life cycle is the all-or-nothing factor in obtaining cloud-native application security success. 

Key report findings show that businesses with high levels of cloud-native automation also have more prominent adoption of security testing. Companies who automate were also twice as likely to execute security testing and twice as likely to adopt static application security testing (SAST) and Software Composition Analysis (SCA) tooling into their development lifecycles.  

Automation has also made it easier to manage more regular testing, allowing for vulnerabilities to be identified and fixed quicker:

  • Nearly 70 per cent of respondents with high levels of deployment automation were able to test their security daily or more frequently and 60 per cent of those only tested their security monthly or less frequently. 
  • Over 72 per cent of respondents with high levels of automation had an average time to fix vulnerabilities of less than one week, with 36 per cent having an average of one day or less.
  • Automated testing is additionally a key enabler of visibility, as you can’t fix what you can’t see. This was reinforced by the 28 per cent of organisations with low levels of automation who responded that they didn’t know how long it takes them to fix issues.