A new survey by Cisco and Enterprise Strategy Group reveals the true contours of cloud native application development and security
The pressure to drive revenue, increase growth, and boost productivity is pushing organizations to embrace cloud native applications. In many organizations, security is an afterthought in the development process, which can lead to vulnerabilities and increased risk. This is especially true with the rapid adoption of cloud technologies, which can introduce new types of threats and obstacles. It’s a complex issue that often requires a cultural shift and the adoption of new tools and practices, which can be a challenge.
Cisco recently partnered with TechTarget’s Enterprise Strategy Group (ESG) on a survey of IT, cybersecurity, and application development professionals, The State of Cloud Security Platforms and DevSecOps (April 2024), to better understand the scope of cloud native application development environments and how organizations are protecting cloud infrastructure and applications.
Let’s dig into the results.
Key Findings
- Multicloud is the new norm, not the exception
- Misconfigurations remain a monster problem that needs attention
- Security needs to scale to support both cloud native application development and runtime protection
Multicloud – the new normal
One cloud. Two clouds. Three clouds, more! Organizations are increasingly moving their production applications and workloads to public clouds to leverage state-of-the-art cloud infrastructure. In fact, according to ESG, most organizations utilize more than three cloud service providers (CSPs). This trend is likely to continue as more organizations look to public, private, and hybrid clouds to meet their unique application requirements, support business preferences, or meet industry-specific needs.
Top issues with cloud applications
Misconfiguration is not a four-letter word. Yet, the top issues plaguing cloud applications or services in the last year stem from misconfigurations. From misconfigured security groups, to lack of multifactor authentication (MFA) for access to cloud management consoles, default, or no-password access to consoles, and externally facing sever workloads, misconfigurations are a menace for organizations. The failure to detect these mistakes results in exposures that could lead to unauthorized access, lost data, and malware infections.
Secure from the start
Organizations late to embrace DevSecOps, the process of incorporating security into the software development lifecycle, are paying the price. A whopping majority (79%) are employing DevOps practices, but the inclusion of critical security lags. ESG says only 26% of surveyed organizations secure more than half of their cloud native applications. This lack of security at the start has led to an uptick in security incidents, application downtime, unauthorized access to applications, and – not shockingly – data loss.
DevSecOps to the rescue
The good news is that organizations are planning to increase the adoption of DevSecOps over the next 24 months. Close to half of all organizations plan to deploy DevSecOps to mitigate security issues and runtime misconfigurations found in cloud applications. DevOps tools are incorporating security practices to apply controls for incident response, forensics, and threat hunting for identifying and remediating malware or vulnerabilities from deployment through to production.
Better tools for faster remediation
Organizations report experiencing business-impacting consequences tied to attacks that occurred between initial detection and remediation time. As a result, they are looking for better tools that speed remediation to mitigate data loss, application downtime, business disruption, or customer data loss. Keep in mind, organizations are looking for these compatibilities as part of a suite or platform, not as another disparate tool in their already complex, distributed environments. We’ll look a bit deeper into this.
Security efficiency supports scale
To drive business growth, organizations need to be cost-conscious and efficient. Almost 100% of organizations agree that consolidation of tools is a priority to gain better context for faster and efficient remediation and response. Security programs must evolve to secure both cloud native application, and use of, public infrastructure to keep pace with development speed. This all comes as a broader effort to reduce complexity and take a unified cybersecurity posture.
Investing in the future
Organizations overwhelmingly agree that purchase of cloud security platforms and DevSecOps over the next year is required, not optional. This investment extends across a wide variety of areas, including cloud workload protection platforms, application programming interface (API) security, application security testing tools, endpoint detection tools, posture management tools, and entitlement management solutions. Organizations selected a wide variety of features needed for a comprehensive cloud native application security program. These range from preventative controls to risk prioritization, ease and flexibility of deployment, and capabilities driving faster responses to threats and attacks.
Taking the next step
The time to leverage suites and platforms procured from a smaller set of vendors to reduce complexity and improve security posture is now. To learn more about the security solutions in place to protect cloud infrastructure and applications today, along with the top challenges organizations face to defend against attack, read the full eBook from TechTarget’s Enterprise Strategy Group.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
