Securing Cloud Native Apps: DevSecOps As a Solution and Use-cases!
Major improvements to application infrastructure and hosting infrastructure setup are challenging the existing cybersecurity technologies and traditional security approach.
This is posing a serious threat to business-critical operations and workloads.
A recent report titled ‘Security for DevOps – Enterprise Survey Report’ shed light on the organizational challenges in securing cloud-native applications.
According to the report, most organizations are looking at ‘automating security through DevSecOps’ as the standard approach for securing cloud-native apps and considering that as a top product requirement.
“More than two-thirds of respondents expect that, within two years, their organization will secure more than half of its production cloud-native applications via DevSecOps practices, up from 42% today. The focus on DevSecOps automation influences product decisions, with DevOps integration being the top business driver influencing product selection,” the survey noted.
DevSecOps for Cloud-Native Security
The survey recommends the organizations should start looking for newer solutions for cloud-native app security.
- API-related vulnerabilities tops the list of organizational security concerns, with around 37% of respondents considering that as the most important one among cloud-native app security controls.
- 39% organizations are considering ‘automation of security controls via integration with existing DevOps tools’ as the top business driver pertaining to investment in cloud-native security controls
- While 82% organizations report having dedicated teams for securing cloud-native apps, 50% of them plan to merge these teams in future and 32% do not think of doing so
- Software vulnerability scanning of registry-resident container images (25%) and API vulnerability management are the top two pre-deployment cloud-native app security controls
- Flexibility in deployment and ability to support all types of servers and compute platforms are considered as most important attributes that products used for securing cloud-native apps possess
According to the survey, only 8% organizations are currently securing 75% or more of their cloud-native apps with DevSecOps practices and the number is expected to grow to 65% organizations in the next two years period.
“Production workloads are shifting to public cloud platforms, and organizations are quickly adopting serverless functions. They need to understand the associated risks and new threat model they are facing, and the means of addressing these cloud native and API risks,” says Doug Dooley of Data Theorem, which conducted the survey.
DevSecOps Use-cases for Securing Cloud-native Apps
While DevSecOps is emerging as the predominant solution for securing cloud-native apps with focus on automation, its use-cases are seen in two different phases, namely ‘Pre-Deployment’ and ‘Runtime’.
Here is what respondents say, as reported by the survey:
Most companies look for merging security teams as a means to enable ‘unified approach’ to securing cloud-native apps. While one in five organizations already have, 50% of organizations are in the process of developing technical competencies around the same and think of merging into one at a later stage.
When it comes to prioritizing the stage for implementing security controls, ‘more than one in five’ consider doing so at pre-deployment and runtime equally, 40% opt for runtime security controls and 37% go for pre-deployment approach.
Malware detection and prevention and vulnerability scanning (32% respondents) are the top two priority security controls, followed by software vulnerability scanning of production containers and server workloads (30%), system activity recording for incident response (26%) and scanning of registry-resident images (26%), among others.
Wait no more! Check your priority and gear up to secure your cloud-native apps!
- DevSecOps: An Ultimate Defense To Organization’s Software Security (Whitepaper)
- DEVOPS – A Successful Path To Continuous Integration And Continuous Delivery (Whitepaper)