Few are confident in spotting security risks and vulnerabilities in DevOps operated public cloud environments
A majority of European and Middle East cybersecurity professionals at organisations using DevOps practices in the public cloud believe that their organisations are trading speed for security. In a newly published cloud security study commissioned by global security leader, Palo Alto Networks® (NYSE: PANW), 72 percent of cybersecurity professionals indicated that the speed of public cloud adoption is introducing preventable security risks to software updates.
The DevOps model increases collaboration between development and operations teams, allowing for a fast-paced approach to application creation and enhancement. Organisations have adopted this model to achieve faster application delivery, enhanced innovation, more stable operating environments, and performance-focused employee teams. Yet as the DevOps model is enthusiastically embraced, the survey findings indicate that cybersecurity is being overlooked and organisations may be vulnerable as a result. Most notably:
- There is concern among cybersecurity professionals about whether cybersecurity can match the speed and frequency of how DevOps updates apps and services in the public cloud. Only 47 percent of survey respondents indicated that they are confident that cybersecurity is working well for DevOps teams operating in the public cloud.
- Only 22 percent of cybersecurity professionals said they had a firm grasp on the risks and needs that come with securing DevOps-operated environments in the cloud
- Nearly three quarters (73 percent) report that their organisations have either fully or partly adopted DevOps development in the public cloud. They are regularly deploying and changing software, with 1 in 5 doing many updates on a weekly basis.
As Greg Day, vice president and CSO for EMEA at Palo Alto Networks, explains: “DevOps is proven to deliver strong results. Rapid delivery of code, infrastructure and data enables organisations to meet the needs of their customers faster than ever and stay ahead of their competition. However, too often, the speed and complexity of delivery has resulted in traditional cybersecurity processes failing to complete even rudimentary checks and controls at the same rapid pace, resulting in unnecessary risks. Indeed, we see over half failing to meet basic password management policies. Organisations won’t wait for security teams to catch up, so they must leverage native integration points and automate their cybersecurity capabilities to address the continuous and real-time visibility and governance needed to keep pace with DevOps practices.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.