DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB

Home » News » DevSecOps Becomes a Higher Cloud-Native Priority

DevSecOps Becomes a Higher Cloud-Native Priority

Avatar photoBy: Mike Vizard on September 24, 2019 Leave a Comment

At the Cloud Native Security Summit, Enterprise Strategy Group (ESG) today revealed the results of a survey of 600 senior IT leaders that finds organizations are looking at DevSecOps as a way to address the complexities of managing and securing cloud-native applications.

Recent Posts By Mike Vizard
  • Atlassian Extends Automation Framework’s Reach
  • GitLab Strengthens Remote DevOps Management
  • Harness Acquires Propelo to Surface Software Engineering Bottlenecks
Avatar photo More from Mike Vizard
Related Posts
  • DevSecOps Becomes a Higher Cloud-Native Priority
  • Trend Micro Survey Finds Lack of IT Security Input In DevOps Introduces Cyber Risk for 72% of Companies
  • Survey Shows Steady DevSecOps Progress
    Related Categories
  • Blogs
  • DevSecOps
  • News
    Related Topics
  • Cloud Native Security Summit
  • cloud-native
  • devsecops
  • ESG
  • survey
Show more
Show less

According to the survey results, 43% of respondents said their biggest challenge with cloud-native applications is maintaining consistency across disparate infrastructures. As a result, the same number of respondents said DevSecOps automation as their highest cloud security priority.

TechStrong Con 2023Sponsorships Available

Commissioned by Capsule8, Obsidian and Signal Sciences, the survey also finds 90% of respondents are concerned about not having visibility into misconfigured cloud services, server workloads, network security or privileged accounts. Another 83% are worried about the misuse of privileged accounts by insiders.

Two-thirds (66%) say IT is more complex than it was two years ago, with more than a third (35%) citing the need to manage multiple cybersecurity controls as a major source of that complexity.

Doug Cahill, a senior analyst and group director at ESG, said it’s clear that as organizations embrace best DevOps practices to build and deploy cloud-native applications, those processes now are being extended to include security controls as part of the quality assurance process. Rather than bolting on security, Cahill said, more organizations are building cybersecurity controls into their software from the ground up.

Capsule8 CEO John Viega noted much of that shift is being driven by necessity. When applications were deployed mainly in on-premises IT environments, it was easier to secure the environment by deploying appliances. Now organizations need to secure applications on infrastructure they don’t control as part of a shared responsibility model that often spans multiple cloud service providers. The cloud may be more agile and less expensive, but Viega noted it’s not uncommon for hundreds of cloud accounts to have been set up by individuals in the same organization, each with very different levels of cybersecurity expertise.

Obsidian Security CTO Ben Johnson added the rate at which cloud-native applications are being deployed and updated is overwhelming the ability of cybersecurity teams to keep pace. In fact, many organizations are still underestimating the scope of the cloud-native cybersecurity challenge they face.

Finally, Hala Al-Adwan, vice president of technology for Signal Sciences, observed as organizations embrace DevSecOps, cybersecurity professionals still will play a key role in terms of their consulting expertise. However, responsibility for implementing cybersecurity will continue to shift left toward DevOps teams. The challenge those teams will face is the need to replace legacy cybersecurity infrastructure designed for cybersecurity administrators with programmable tools that fit neatly within a continuous integration/continuous deployment environment, said Al-Adwan.

It’s not clear precisely when a desire to embrace DevSecOps will result in more secure applications. In theory, cloud-native applications should be a lot more secure than legacy monolithic applications. However, the degree to which higher levels of security will motivate organizations to replace monolithic applications remains to be seen.

In the meantime, cultural issues associated with embracing DevSecOps will abound. There are simply not enough cybersecurity professionals available to participate in every application development scrum session. The real issue now is finding a way to embed that knowledge into an application development process operating at industrial scale.

— Mike Vizard

Filed Under: Blogs, DevSecOps, News Tagged With: Cloud Native Security Summit, cloud-native, devsecops, ESG, survey

« DOES19 London: Effective Team Management Foments New Ways of Working
Family Business »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Evolution of Transactional Databases
Monday, January 30, 2023 - 3:00 pm EST
Moving Beyond SBOMs to Secure the Software Supply Chain
Tuesday, January 31, 2023 - 11:00 am EST
Achieving Complete Visibility in IT Operations, Analytics, and Security
Wednesday, February 1, 2023 - 11:00 am EST

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

Latest from DevOps.com

Stream Big, Think Bigger: Analyze Streaming Data at Scale
January 27, 2023 | Julia Brouillette
What’s Ahead for the Future of Data Streaming?
January 27, 2023 | Danica Fine
The Strategic Product Backlog: Lead, Follow, Watch and Explore
January 26, 2023 | Chad Sands
Atlassian Extends Automation Framework’s Reach
January 26, 2023 | Mike Vizard
Software Supply Chain Security Debt is Increasing: Here’s How To Pay It Off
January 26, 2023 | Bill Doerrfeld

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

Most Read on DevOps.com

What DevOps Needs to Know About ChatGPT
January 24, 2023 | John Willis
Microsoft Outage Outrage: Was it BGP or DNS?
January 25, 2023 | Richi Jennings
Five Great DevOps Job Opportunities
January 23, 2023 | Mike Vizard
Optimizing Cloud Costs for DevOps With AI-Assisted Orchestra...
January 24, 2023 | Marc Hornbeek
A DevSecOps Process for Node.js Projects
January 23, 2023 | Gilad David Maayan
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.